MacOS High Sierra KEXT加载-是否有任何方法可以取消用户批准?
某些MacOS开发人员知道,苹果实施了 安全内核扩展加载 .
As some kinds of MacOS developers know, Apple implemented Secure Kernel Extension Loading .
用户可以通过单击Security and Privacy中的Approve按钮来批准第三方KEXT.
但是,一旦KEXT获得批准,是否有任何取消批准的方法?
Users can approve third party KEXT by clicking Approve button in Security and Privacy.
However, once the KEXT is approved, are there any methods for cancelling the approval?
想象一下,用KEXT加载测试应用程序的情况,等等.
Imagine, the case of testing the app with KEXT loading, etc.
如果只能进行全新安装,则很难测试应用程序.
If there are no way but the clean install, it's very difficult to test apps.
有关批准的信息存储在sqlite3数据库中:
The information about approvals is stored in sqlite3 database:
/var/db/SystemPolicyConfiguration/KextPolicy
您感兴趣的表是:kext_policy和kext_load_history_v3.例如.这是您如何查看数据和表模式的方法:
The tables you're interested in are: kext_policy and kext_load_history_v3. E.g. here is how you can view the data and the table schema:
sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy
sqlite> select * from kext_policy;
54GTJ2AU36|com.joshuawise.kexts.HoRNDIS|1|Joshua Wise|1
sqlite> .schema kext_policy
CREATE TABLE kext_policy ( team_id TEXT, bundle_id TEXT, allowed BOOLEAN, developer_name TEXT, flags INTEGER, PRIMARY KEY (team_id, bundle_id) );
取消批准比较麻烦,因为系统完整性保护不允许您修改数据库.因此,您需要重新启动到恢复分区或其他MacOS安装中,然后cd到卷的根目录中,并运行以下命令(用team_id替换,或使用其他条件):
Removing the approval is tricker, since the System Integrity Protection does not allow you to modify the database. So, you'd need to reboot into a recovery partition, or a different MacOS installation, then cd into the root of your volume, and run the commands like these (replace with your team_id, or use other criteria):
usr/bin/sqlite3 var/db/SystemPolicyConfiguration/KextPolicy
delete from kext_load_history_v3 where team_id='54GTJ2AU36';
delete from kext_policy where team_id='54GTJ2AU36';
.quit