macOS handles some security items in a custom database, which may or may not be SQLite. The official way to interact with such database, outside of Objective-C, is the /usr/bin/security
utility, with the parameter authorizationdb
and specifying the required operation on the class of rights, e.g. security authorizationdb read system.login.console
Unfortunately, there is no way (that I could find) to simply list all classes. I was trying to uninstall something that might have had references in that db, but I wasn't sure about the class it might be registered under, so I wanted to dump them all.
Luckily I found what looks looks like a comprehensive list of rights. After a quick scraping job with Python, I had a list that I could use like this:
cat osxrights.txt | xargs -I % sh -c 'sudo security authorizationdb read %' | grep -B 10 myAnnoyingItemToRemove
... and the bundle wasn't anywhere, so I could just chuck it.
(Note: had the item been found, I would have had to dump the whole security class to a .plist file with security authorizationdb read the.class > my.plist
, edited the file to remove it, then write it back to the db with security authorizationdb write the.class < my.plist
)
No comments:
Post a Comment