Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the syntax of the SMPrivilegedExecutables string in plist files for launchd helpers?

I've looked at the documentation on SMJobBless and looked at the EvenBetterAuthorizationSample and can't find a definition of what this string actually is. That example says replace the developer id with my own which is fine, but there is a lot of other stuff in there that is unexplained. This is the string from the example:

anchor apple generic and identifier "com.example.apple-samplecode.EBAS.HelperTool" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = XXXXXXXXX)

There are "and" and "or" parts, what else is possible, what are the operator precedences etc? What is that stuff inside the [ ] why does the word "certificate" get followed by "leaf" and by "1"? I can infer that it's checking something about the the certificate but what?

Considering the specific nature of what this is doing I'm guessing I've missed some link that details this language.

like image 519
James Avatar asked Oct 22 '25 03:10

James


1 Answers

This is the Code Signing Requirement Language that the SMPrivilegedExecutables string is written in.

like image 136
James Avatar answered Oct 23 '25 19:10

James



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!