Menu
I've looked at the documentation on SMJobBless and looked at the EvenBetterAuthorizationSample and can't find a definition of what this string actually is. That example says replace the developer id with my own which is fine, but there is a lot of other stuff in there that is unexplained. This is the string from the example:
anchor apple generic and identifier "com.example.apple-samplecode.EBAS.HelperTool" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = XXXXXXXXX)
There are "and" and "or" parts, what else is possible, what are the operator precedences etc? What is that stuff inside the [ ] why does the word "certificate" get followed by "leaf" and by "1"? I can infer that it's checking something about the the certificate but what?
Considering the specific nature of what this is doing I'm guessing I've missed some link that details this language.
519
asked Oct 22 '25 03:10
This is the Code Signing Requirement Language that the SMPrivilegedExecutables string is written in.
136
answered Oct 23 '25 19:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With