</dict>
<key>rules</key>
<dict>
+ <key>admin</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>group</key>
+ <string>admin</string>
+ <key>shared</key>
+ <true/>
+ </dict>
+ <key>allow</key>
+ <dict>
+ <key>class</key>
+ <string>allow</string>
+ <key>comment</key>
+ <string>Allow anyone.</string>
+ </dict>
+ <key>appserver-admin</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>group</key>
+ <string>appserveradm</string>
+ </dict>
+ <key>appserver-user</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>group</key>
+ <string>appserverusr</string>
+ </dict>
+ <key>authenticate</key>
+ <dict>
+ <key>class</key>
+ <string>evaluate-mechanisms</string>
+ <key>mechanisms</key>
+ <array>
+ <string>builtin:authenticate</string>
+ <string>builtin:reset-password,privileged</string>
+ <string>builtin:authenticate,privileged</string>
+ <string>PKINITMechanism:auth,privileged</string>
+ </array>
+ </dict>
+ <key>authenticate-admin</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Authenticate as an administrator.</string>
+ <key>group</key>
+ <string>admin</string>
+ <key>shared</key>
+ <true/>
+ <key>timeout</key>
+ <integer>0</integer>
+ </dict>
+ <key>authenticate-admin-30</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Like the default rule, but
+ credentials remain valid for only 30 seconds after they've
+ been obtained. An acquired credential is shared by all clients.
+ </string>
+ <key>group</key>
+ <string>admin</string>
+ <key>shared</key>
+ <true/>
+ <key>timeout</key>
+ <integer>30</integer>
+ </dict>
+ <key>authenticate-appstore-30</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>group</key>
+ <string>_appstore</string>
+ <key>shared</key>
+ <true/>
+ <key>timeout</key>
+ <integer>30</integer>
+ </dict>
+ <key>authenticate-developer</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Authenticate as a developer.</string>
+ <key>group</key>
+ <string>_developer</string>
+ <key>shared</key>
+ <true/>
+ <key>timeout</key>
+ <integer>36000</integer>
+ </dict>
+ <key>authenticate-session-owner</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Authenticate as the session owner.</string>
+ <key>session-owner</key>
+ <true/>
+ </dict>
+ <key>authenticate-session-owner-or-admin</key>
+ <dict>
+ <key>allow-root</key>
+ <false/>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Authenticate either as the owner or as an administrator.</string>
+ <key>group</key>
+ <string>admin</string>
+ <key>session-owner</key>
+ <true/>
+ <key>shared</key>
+ <false/>
+ </dict>
+ <key>authenticate-session-user</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Same as authenticate-session-owner.</string>
+ <key>session-owner</key>
+ <true/>
+ </dict>
+ <key>default</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Default rule.
+ Credentials remain valid for 5 minutes after they've been obtained.
+ An acquired credential is shared by all clients.
+ </string>
+ <key>group</key>
+ <string>admin</string>
+ <key>shared</key>
+ <true/>
+ <key>timeout</key>
+ <integer>300</integer>
+ </dict>
+ <key>entitled</key>
+ <dict>
+ <key>class</key>
+ <string>evaluate-mechanisms</string>
+ <key>mechanisms</key>
+ <array>
+ <string>builtin:entitled,privileged</string>
+ </array>
+ <key>tries</key>
+ <integer>1</integer>
+ </dict>
+ <key>entitled-admin</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>2</integer>
+ <key>rule</key>
+ <array>
+ <string>is-admin</string>
+ <string>entitled</string>
+ </array>
+ </dict>
+ <key>entitled-admin-or-authenticate-admin</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>1</integer>
+ <key>rule</key>
+ <array>
+ <string>entitled-admin</string>
+ <string>authenticate-admin-30</string>
+ </array>
+ </dict>
+ <key>entitled-appstore</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>2</integer>
+ <key>rule</key>
+ <array>
+ <string>is-appstore</string>
+ <string>entitled</string>
+ </array>
+ </dict>
+ <key>entitled-appstore-or-entitled-authenticate-appstore</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>1</integer>
+ <key>rule</key>
+ <array>
+ <string>entitled-appstore</string>
+ <string>entitled-authenticate-appstore</string>
+ </array>
+ </dict>
+ <key>entitled-authenticate-admin</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>2</integer>
+ <key>rule</key>
+ <array>
+ <string>entitled</string>
+ <string>authenticate-admin-30</string>
+ </array>
+ </dict>
+ <key>entitled-authenticate-appstore</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>2</integer>
+ <key>rule</key>
+ <array>
+ <string>entitled</string>
+ <string>authenticate-appstore-30</string>
+ </array>
+ </dict>
+ <key>entitled-session-owner</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>2</integer>
+ <key>rule</key>
+ <array>
+ <string>is-session-owner</string>
+ <string>entitled</string>
+ </array>
+ </dict>
+ <key>entitled-session-owner-or-authenticate-session-owner</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>1</integer>
+ <key>rule</key>
+ <array>
+ <string>entitled-session-owner</string>
+ <string>authenticate-session-owner</string>
+ </array>
+ </dict>
+ <key>is-admin</key>
+ <dict>
+ <key>authenticate-user</key>
+ <false/>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Verify that the user asking for authorization is an administrator.</string>
+ <key>group</key>
+ <string>admin</string>
+ <key>shared</key>
+ <string>true</string>
+ </dict>
+ <key>is-appstore</key>
+ <dict>
+ <key>authenticate-user</key>
+ <false/>
+ <key>class</key>
+ <string>user</string>
+ <key>group</key>
+ <string>_appstore</string>
+ <key>shared</key>
+ <string>true</string>
+ </dict>
+ <key>is-developer</key>
+ <dict>
+ <key>authenticate-user</key>
+ <false/>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Verify that the user asking for authorization is a developer.</string>
+ <key>group</key>
+ <string>_developer</string>
+ </dict>
+ <key>is-lpadmin</key>
+ <dict>
+ <key>authenticate-user</key>
+ <false/>
+ <key>class</key>
+ <string>user</string>
+ <key>group</key>
+ <string>_lpadmin</string>
+ </dict>
+ <key>is-root</key>
+ <dict>
+ <key>allow-root</key>
+ <true/>
+ <key>authenticate-user</key>
+ <false/>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Verify that the process that created this AuthorizationRef is running as root.</string>
+ </dict>
+ <key>is-session-owner</key>
+ <dict>
+ <key>allow-root</key>
+ <false/>
+ <key>authenticate-user</key>
+ <false/>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Verify that the requesting process is running as the session owner.</string>
+ <key>session-owner</key>
+ <true/>
+ </dict>
+ <key>lpadmin</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>group</key>
+ <string>_lpadmin</string>
+ <key>shared</key>
+ <true/>
+ </dict>
+ <key>on-console</key>
+ <dict>
+ <key>class</key>
+ <string>evaluate-mechanisms</string>
+ <key>mechanisms</key>
+ <array>
+ <string>builtin:on-console</string>
+ </array>
+ <key>tries</key>
+ <integer>1</integer>
+ </dict>
+ <key>root-or-admin-or-authenticate-admin</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>1</integer>
+ <key>rule</key>
+ <array>
+ <string>is-root</string>
+ <string>is-admin</string>
+ <string>authenticate-admin-30</string>
+ </array>
+ </dict>
+ <key>root-or-entitled-admin-or-admin</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>1</integer>
+ <key>rule</key>
+ <array>
+ <string>is-root</string>
+ <string>entitled-admin</string>
+ <string>admin</string>
+ </array>
+ </dict>
<key>root-or-entitled-admin-or-authenticate-admin</key>
<dict>
<key>class</key>
<string>entitled-admin-or-authenticate-admin</string>
</array>
</dict>
+ <key>root-or-lpadmin</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>1</integer>
+ <key>rule</key>
+ <array>
+ <string>is-root</string>
+ <string>is-lpadmin</string>
+ <string>lpadmin</string>
+ </array>
+ </dict>
</dict>
</dict>
</plist>
BUILD_VARIANTS = debug;
COPY_PHASE_STRIP = NO;
CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
- CURRENT_PROJECT_VERSION = 55126.2;
+ CURRENT_PROJECT_VERSION = 55126.5;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
/usr/local/SecurityPieces/Components/securityd,
);
COPY_PHASE_STRIP = "(null)";
CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
- CURRENT_PROJECT_VERSION = 55126.2;
+ CURRENT_PROJECT_VERSION = 55126.5;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
BUILD_VARIANTS = normal;
COPY_PHASE_STRIP = NO;
CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
- CURRENT_PROJECT_VERSION = 55126.2;
+ CURRENT_PROJECT_VERSION = 55126.5;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
/usr/local/SecurityPieces/Components/securityd,
);
COPY_PHASE_STRIP = "(null)";
CSSM_HEADERS = "";
- CURRENT_PROJECT_VERSION = 55126.2;
+ CURRENT_PROJECT_VERSION = 55126.5;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
/usr/local/SecurityPieces/Components/securityd,
projects / apple / securityd.git / commitdiff
