/*
* Copyright (c) 2018 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
import Foundation
struct RawPolicy {
let policyVersion: Int
let policyHash: String
let policyData: String
let plaintextPolicy: TPPolicyDocument
}
let prevailingPolicyVersion: UInt64 = 5
let prevailingPolicyHash: String = "SHA256:O/ECQlWhvNlLmlDNh2+nal/yekUC87bXpV3k+6kznSo="
func builtInPolicyDocuments() -> [TPPolicyDocument] {
// These bytes are generated by tppolicy
let rawPolicies = [
RawPolicy(
policyVersion: 1,
policyHash: "SHA256:TLXrcQmY4ue3oP5pCX1pwsi9BF8cKfohlJBilCroeBs=",
policyData: "CAESDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoGhEKCVBDU0VzY3JvdxIEZnVsbBoXCgRXaUZpEgRmdWxsEgJ0dhIFd2F0Y2gaGQoRU2FmYXJpQ3JlZGl0Q2FyZHMSBGZ1bGwiDAoEZnVsbBIEZnVsbCIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giDgoCdHYSBGZ1bGwSAnR2",
plaintextPolicy: try! TPPolicyDocument(version: 1,
modelToCategory: [
["prefix": "iPhone", "category": "full"],
["prefix": "iPad", "category": "full"],
["prefix": "Mac", "category": "full"],
["prefix": "iMac", "category": "full"],
["prefix": "AppleTV", "category": "tv"],
["prefix": "Watch", "category": "watch"],
],
categoriesByView: [
"PCSEscrow": ["full"],
"WiFi": ["full", "tv", "watch"],
"SafariCreditCards": ["full"],
],
introducersByCategory: [
"full": ["full"],
"watch": ["full", "watch"],
"tv": ["full", "tv"],
],
redactions: [:],
keyViewMapping: [],
hashAlgo: .SHA256)
),
RawPolicy(
policyVersion: 2,
policyHash: "SHA256:ZL1WBUCyO155rHBJQeghomCCKGmfjtS0jvsK+UEvx5o=",
policyData: "CAISDgoGaUN5Y2xlEgRmdWxsEg4KBmlQaG9uZRIEZnVsbBIMCgRpUGFkEgRmdWxsEgsKA01hYxIEZnVsbBIMCgRpTWFjEgRmdWxsEg0KB0FwcGxlVFYSAnR2Eg4KBVdhdGNoEgV3YXRjaBoRCglQQ1NFc2Nyb3cSBGZ1bGwaFwoEV2lGaRIEZnVsbBICdHYSBXdhdGNoGhkKEVNhZmFyaUNyZWRpdENhcmRzEgRmdWxsIgwKBGZ1bGwSBGZ1bGwiFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoIg4KAnR2EgRmdWxsEgJ0dg==",
plaintextPolicy: try! TPPolicyDocument(version: 2,
modelToCategory: [
["prefix": "iCycle", "category": "full"],
["prefix": "iPhone", "category": "full"],
["prefix": "iPad", "category": "full"],
["prefix": "Mac", "category": "full"],
["prefix": "iMac", "category": "full"],
["prefix": "AppleTV", "category": "tv"],
["prefix": "Watch", "category": "watch"],
],
categoriesByView: [
"PCSEscrow": ["full"],
"WiFi": ["full", "tv", "watch"],
"SafariCreditCards": ["full"],
],
introducersByCategory: [
"full": ["full"],
"tv": ["full", "tv"],
"watch": ["full", "watch"],
],
redactions: [:],
keyViewMapping: [],
hashAlgo: .SHA256)
),
RawPolicy(policyVersion: 3,
policyHash: "SHA256:JZzazSuHXrUhiOfSgElsg6vYKpnvvEPVpciR8FewRWg=",
policyData: "CAMSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoEhcKDkF1ZGlvQWNjZXNzb3J5EgVhdWRpbxocCg1EZXZpY2VQYWlyaW5nEgRmdWxsEgV3YXRjaBoXCghBcHBsZVBheRIEZnVsbBIFd2F0Y2gaJAoVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlEgRmdWxsEgV3YXRjaBoXCghCYWNrc3RvcBIEZnVsbBIFd2F0Y2gaGQoKQXV0b1VubG9jaxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaIAoRU2FmYXJpQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhMKBEhvbWUSBGZ1bGwSBXdhdGNoGh4KD1NhZmFyaVBhc3N3b3JkcxIEZnVsbBIFd2F0Y2gaGwoMQXBwbGljYXRpb25zEgRmdWxsEgV3YXRjaBoVCgZFbmdyYW0SBGZ1bGwSBXdhdGNoGi0KE0xpbWl0ZWRQZWVyc0FsbG93ZWQSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaHgoEV2lGaRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxoVCgZIZWFsdGgSBGZ1bGwSBXdhdGNoIhMKBGZ1bGwSBGZ1bGwSBXdhdGNoIhsKBWF1ZGlvEgRmdWxsEgV3YXRjaBIFYXVkaW8iFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoIhUKAnR2EgRmdWxsEgV3YXRjaBICdHYyIgoWAAQiEgIEdndodAoKXkFwcGxlUGF5JBIIQXBwbGVQYXkyJgoYAAQiFAIEdndodAoMXkF1dG9VbmxvY2skEgpBdXRvVW5sb2NrMh4KFAAEIhACBHZ3aHQKCF5FbmdyYW0kEgZFbmdyYW0yHgoUAAQiEAIEdndodAoIXkhlYWx0aCQSBkhlYWx0aDIaChIABCIOAgR2d2h0CgZeSG9tZSQSBEhvbWUyIAoVAAQiEQIEdndodAoJXk1hbmF0ZWUkEgdNYW5hdGVlMjgKIQAEIh0CBHZ3aHQKFV5MaW1pdGVkUGVlcnNBbGxvd2VkJBITTGltaXRlZFBlZXJzQWxsb3dlZDJdClAAAhIeAAQiGgIEdndodAoSXkNvbnRpbnVpdHlVbmxvY2skEhUABCIRAgR2d2h0CgleSG9tZUtpdCQSFQAEIhECBHZ3aHQKCV5BcHBsZVRWJBIJTm90U3luY2VkMisKGwAEIhcCBGFncnAKD15bMC05QS1aXXsxMH1cLhIMQXBwbGljYXRpb25zMsUBCrABAAISNAABChMABCIPAgVjbGFzcwoGXmdlbnAkChsABCIXAgRhZ3JwCg9eY29tLmFwcGxlLnNiZCQSPQABChMABCIPAgVjbGFzcwoGXmtleXMkCiQABCIgAgRhZ3JwChheY29tLmFwcGxlLnNlY3VyaXR5LnNvcyQSGQAEIhUCBHZ3aHQKDV5CYWNrdXBCYWdWMCQSHAAEIhgCBHZ3aHQKEF5pQ2xvdWRJZGVudGl0eSQSEFNlY3VyZU9iamVjdFN5bmMyYwpbAAISEgAEIg4CBHZ3aHQKBl5XaUZpJBJDAAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKEwAEIg8CBGFncnAKB15hcHBsZSQKFQAEIhECBHN2Y2UKCV5BaXJQb3J0JBIEV2lGaTLbAgrBAgACEhkABCIVAgR2d2h0Cg1eUENTQ2xvdWRLaXQkEhcABCITAgR2d2h0CgteUENTRXNjcm93JBIUAAQiEAIEdndodAoIXlBDU0ZERSQSGQAEIhUCBHZ3aHQKDV5QQ1NGZWxkc3BhciQSGQAEIhUCBHZ3aHQKDV5QQ1NNYWlsRHJvcCQSGgAEIhYCBHZ3aHQKDl5QQ1NNYXN0ZXJLZXkkEhYABCISAgR2d2h0CgpeUENTTm90ZXMkEhcABCITAgR2d2h0CgteUENTUGhvdG9zJBIYAAQiFAIEdndodAoMXlBDU1NoYXJpbmckEh0ABCIZAgR2d2h0ChFeUENTaUNsb3VkQmFja3VwJBIcAAQiGAIEdndodAoQXlBDU2lDbG91ZERyaXZlJBIZAAQiFQIEdndodAoNXlBDU2lNZXNzYWdlJBIVUHJvdGVjdGVkQ2xvdWRTdG9yYWdlMkAKKwAEIicCBGFncnAKH15jb20uYXBwbGUuc2FmYXJpLmNyZWRpdC1jYXJkcyQSEVNhZmFyaUNyZWRpdENhcmRzMjQKIQAEIh0CBGFncnAKFV5jb20uYXBwbGUuY2ZuZXR3b3JrJBIPU2FmYXJpUGFzc3dvcmRzMm0KXAACEh4ABCIaAgR2d2h0ChJeQWNjZXNzb3J5UGFpcmluZyQSGgAEIhYCBHZ3aHQKDl5OYW5vUmVnaXN0cnkkEhwABCIYAgR2d2h0ChBeV2F0Y2hNaWdyYXRpb24kEg1EZXZpY2VQYWlyaW5nMi0KIQAEIh0CBGFncnAKFV5jb20uYXBwbGUuY2ZuZXR3b3JrJBIIQmFja3N0b3A=",
plaintextPolicy: try! TPPolicyDocument(version: 3,
modelToCategory: [
["prefix": "iPhone", "category": "full"],
["prefix": "iPad", "category": "full"],
["prefix": "Mac", "category": "full"],
["prefix": "iMac", "category": "full"],
["prefix": "AppleTV", "category": "tv"],
["prefix": "Watch", "category": "watch"],
["prefix": "AudioAccessory", "category": "audio"],
],
categoriesByView: [
"AutoUnlock": ["full", "watch"],
"ApplePay": ["full", "watch"],
"Engram": ["full", "watch"],
"Health": ["full", "watch"],
"Home": ["full", "watch"],
"LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
"Manatee": ["full", "watch"],
"Applications": ["full", "watch"],
"SecureObjectSync": ["full", "watch"],
"WiFi": ["full", "watch", "tv", "audio"],
"ProtectedCloudStorage": ["full", "watch"],
"SafariCreditCards": ["full", "watch"],
"SafariPasswords": ["full", "watch"],
"DevicePairing": ["full", "watch"],
"Backstop": ["full", "watch"],
],
introducersByCategory: [
"full": ["full", "watch"],
"watch": ["full", "watch"],
"tv": ["full", "watch", "tv"],
"audio": ["full", "watch", "audio"],
],
redactions: [:],
keyViewMapping: [
TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
// These items will not be synced by Octagon
TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
])),
TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
]),
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
]),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
])),
TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
]),
])),
TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSCloudKit$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSEscrow$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSFDE$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSFeldspar$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSMailDrop$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSMasterKey$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSNotes$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSPhotos$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSSharing$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiCloudBackup$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiCloudDrive$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCSiMessage$"),
])),
TPPBPolicyKeyViewMapping(view: "SafariCreditCards",
matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
TPPBPolicyKeyViewMapping(view: "SafariPasswords",
matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
])),
TPPBPolicyKeyViewMapping(view: "Backstop",
matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
],
hashAlgo: .SHA256)
),
RawPolicy(policyVersion: 4,
policyHash: "SHA256:Tjdu5QrWGvKWMx7k3VWFrEWSsBDPZAwCql9ybDkvFs8=",
policyData: "CAQSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSCwoDTWFjEgRmdWxsEgwKBGlNYWMSBGZ1bGwSDQoHQXBwbGVUVhICdHYSDgoFV2F0Y2gSBXdhdGNoEhcKDkF1ZGlvQWNjZXNzb3J5EgVhdWRpbxoTCgRIb21lEgRmdWxsEgV3YXRjaBobCgxBcHBsaWNhdGlvbnMSBGZ1bGwSBXdhdGNoGh4KBFdpRmkSBGZ1bGwSBXdhdGNoEgJ0dhIFYXVkaW8aGQoKQXV0b1VubG9jaxIEZnVsbBIFd2F0Y2gaFwoIQXBwbGVQYXkSBGZ1bGwSBXdhdGNoGhUKBkhlYWx0aBIEZnVsbBIFd2F0Y2gaFgoHTWFuYXRlZRIEZnVsbBIFd2F0Y2gaLQoTTGltaXRlZFBlZXJzQWxsb3dlZBIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGhgKCVBhc3N3b3JkcxIEZnVsbBIFd2F0Y2gaHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaFQoGRW5ncmFtEgRmdWxsEgV3YXRjaBoaCgtDcmVkaXRDYXJkcxIEZnVsbBIFd2F0Y2giGwoFYXVkaW8SBGZ1bGwSBXdhdGNoEgVhdWRpbyITCgRmdWxsEgRmdWxsEgV3YXRjaCIUCgV3YXRjaBIEZnVsbBIFd2F0Y2giFQoCdHYSBGZ1bGwSBXdhdGNoEgJ0djIiChYABCISAgR2d2h0CgpeQXBwbGVQYXkkEghBcHBsZVBheTImChgABCIUAgR2d2h0CgxeQXV0b1VubG9jayQSCkF1dG9VbmxvY2syHgoUAAQiEAIEdndodAoIXkVuZ3JhbSQSBkVuZ3JhbTIeChQABCIQAgR2d2h0CgheSGVhbHRoJBIGSGVhbHRoMhoKEgAEIg4CBHZ3aHQKBl5Ib21lJBIESG9tZTIgChUABCIRAgR2d2h0CgleTWFuYXRlZSQSB01hbmF0ZWUyOAohAAQiHQIEdndodAoVXkxpbWl0ZWRQZWVyc0FsbG93ZWQkEhNMaW1pdGVkUGVlcnNBbGxvd2VkMl0KUAACEh4ABCIaAgR2d2h0ChJeQ29udGludWl0eVVubG9jayQSFQAEIhECBHZ3aHQKCV5Ib21lS2l0JBIVAAQiEQIEdndodAoJXkFwcGxlVFYkEglOb3RTeW5jZWQyKwobAAQiFwIEYWdycAoPXlswLTlBLVpdezEwfVwuEgxBcHBsaWNhdGlvbnMyxQEKsAEAAhI0AAEKEwAEIg8CBWNsYXNzCgZeZ2VucCQKGwAEIhcCBGFncnAKD15jb20uYXBwbGUuc2JkJBI9AAEKEwAEIg8CBWNsYXNzCgZea2V5cyQKJAAEIiACBGFncnAKGF5jb20uYXBwbGUuc2VjdXJpdHkuc29zJBIZAAQiFQIEdndodAoNXkJhY2t1cEJhZ1YwJBIcAAQiGAIEdndodAoQXmlDbG91ZElkZW50aXR5JBIQU2VjdXJlT2JqZWN0U3luYzJjClsAAhISAAQiDgIEdndodAoGXldpRmkkEkMAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAoTAAQiDwIEYWdycAoHXmFwcGxlJAoVAAQiEQIEc3ZjZQoJXkFpclBvcnQkEgRXaUZpMucCCs0CAAISGgAEIhYCBHZ3aHQKDl5QQ1MtQ2xvdWRLaXQkEhgABCIUAgR2d2h0CgxeUENTLUVzY3JvdyQSFQAEIhECBHZ3aHQKCV5QQ1MtRkRFJBIaAAQiFgIEdndodAoOXlBDUy1GZWxkc3BhciQSGgAEIhYCBHZ3aHQKDl5QQ1MtTWFpbERyb3AkEhsABCIXAgR2d2h0Cg9eUENTLU1hc3RlcktleSQSFwAEIhMCBHZ3aHQKC15QQ1MtTm90ZXMkEhgABCIUAgR2d2h0CgxeUENTLVBob3RvcyQSGQAEIhUCBHZ3aHQKDV5QQ1MtU2hhcmluZyQSHgAEIhoCBHZ3aHQKEl5QQ1MtaUNsb3VkQmFja3VwJBIdAAQiGQIEdndodAoRXlBDUy1pQ2xvdWREcml2ZSQSGgAEIhYCBHZ3aHQKDl5QQ1MtaU1lc3NhZ2UkEhVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2UyOgorAAQiJwIEYWdycAofXmNvbS5hcHBsZS5zYWZhcmkuY3JlZGl0LWNhcmRzJBILQ3JlZGl0Q2FyZHMyLgohAAQiHQIEYWdycAoVXmNvbS5hcHBsZS5jZm5ldHdvcmskEglQYXNzd29yZHMybQpcAAISHgAEIhoCBHZ3aHQKEl5BY2Nlc3NvcnlQYWlyaW5nJBIaAAQiFgIEdndodAoOXk5hbm9SZWdpc3RyeSQSHAAEIhgCBHZ3aHQKEF5XYXRjaE1pZ3JhdGlvbiQSDURldmljZVBhaXJpbmc=",
plaintextPolicy: try! TPPolicyDocument(version: 4,
modelToCategory: [
["prefix": "iPhone", "category": "full"],
["prefix": "iPad", "category": "full"],
["prefix": "Mac", "category": "full"],
["prefix": "iMac", "category": "full"],
["prefix": "AppleTV", "category": "tv"],
["prefix": "Watch", "category": "watch"],
["prefix": "AudioAccessory", "category": "audio"],
],
categoriesByView: [
"AutoUnlock": ["full", "watch"],
"ApplePay": ["full", "watch"],
"Engram": ["full", "watch"],
"Health": ["full", "watch"],
"Home": ["full", "watch"],
"LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
"Manatee": ["full", "watch"],
"Applications": ["full", "watch"],
"SecureObjectSync": ["full", "watch"],
"WiFi": ["full", "watch", "tv", "audio"],
"ProtectedCloudStorage": ["full", "watch"],
"CreditCards": ["full", "watch"],
"Passwords": ["full", "watch"],
"DevicePairing": ["full", "watch"],
],
introducersByCategory: [
"full": ["full", "watch"],
"watch": ["full", "watch"],
"tv": ["full", "watch", "tv"],
"audio": ["full", "watch", "audio"],
],
redactions: [:],
keyViewMapping: [
TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
// These items will not be synced by Octagon
TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
])),
TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
]),
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
]),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
])),
TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
]),
])),
TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
])),
TPPBPolicyKeyViewMapping(view: "CreditCards",
matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
TPPBPolicyKeyViewMapping(view: "Passwords",
matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
])),
],
hashAlgo: .SHA256)
),
RawPolicy(policyVersion: 5,
policyHash: "SHA256:O/ECQlWhvNlLmlDNh2+nal/yekUC87bXpV3k+6kznSo=",
policyData: "CAUSDgoGaVBob25lEgRmdWxsEgwKBGlQYWQSBGZ1bGwSDAoEaVBvZBIEZnVsbBILCgNNYWMSBGZ1bGwSDAoEaU1hYxIEZnVsbBINCgdBcHBsZVRWEgJ0dhIOCgVXYXRjaBIFd2F0Y2gSFwoOQXVkaW9BY2Nlc3NvcnkSBWF1ZGlvGhsKDEFwcGxpY2F0aW9ucxIEZnVsbBIFd2F0Y2gaHwoQU2VjdXJlT2JqZWN0U3luYxIEZnVsbBIFd2F0Y2gaHAoNRGV2aWNlUGFpcmluZxIEZnVsbBIFd2F0Y2gaGgoLQ3JlZGl0Q2FyZHMSBGZ1bGwSBXdhdGNoGhUKBkhlYWx0aBIEZnVsbBIFd2F0Y2gaLQoTTGltaXRlZFBlZXJzQWxsb3dlZBIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxokChVQcm90ZWN0ZWRDbG91ZFN0b3JhZ2USBGZ1bGwSBXdhdGNoGhcKCEFwcGxlUGF5EgRmdWxsEgV3YXRjaBoZCgpBdXRvVW5sb2NrEgRmdWxsEgV3YXRjaBoWCgdNYW5hdGVlEgRmdWxsEgV3YXRjaBoYCglQYXNzd29yZHMSBGZ1bGwSBXdhdGNoGhUKBkVuZ3JhbRIEZnVsbBIFd2F0Y2gaHgoEV2lGaRIEZnVsbBIFd2F0Y2gSAnR2EgVhdWRpbxoTCgRIb21lEgRmdWxsEgV3YXRjaCIbCgVhdWRpbxIEZnVsbBIFd2F0Y2gSBWF1ZGlvIhMKBGZ1bGwSBGZ1bGwSBXdhdGNoIhUKAnR2EgRmdWxsEgV3YXRjaBICdHYiFAoFd2F0Y2gSBGZ1bGwSBXdhdGNoMiIKFgAEIhICBHZ3aHQKCl5BcHBsZVBheSQSCEFwcGxlUGF5MiYKGAAEIhQCBHZ3aHQKDF5BdXRvVW5sb2NrJBIKQXV0b1VubG9jazIeChQABCIQAgR2d2h0CgheRW5ncmFtJBIGRW5ncmFtMh4KFAAEIhACBHZ3aHQKCF5IZWFsdGgkEgZIZWFsdGgyGgoSAAQiDgIEdndodAoGXkhvbWUkEgRIb21lMiAKFQAEIhECBHZ3aHQKCV5NYW5hdGVlJBIHTWFuYXRlZTI4CiEABCIdAgR2d2h0ChVeTGltaXRlZFBlZXJzQWxsb3dlZCQSE0xpbWl0ZWRQZWVyc0FsbG93ZWQyXQpQAAISHgAEIhoCBHZ3aHQKEl5Db250aW51aXR5VW5sb2NrJBIVAAQiEQIEdndodAoJXkhvbWVLaXQkEhUABCIRAgR2d2h0CgleQXBwbGVUViQSCU5vdFN5bmNlZDIrChsABCIXAgRhZ3JwCg9eWzAtOUEtWl17MTB9XC4SDEFwcGxpY2F0aW9uczLFAQqwAQACEjQAAQoTAAQiDwIFY2xhc3MKBl5nZW5wJAobAAQiFwIEYWdycAoPXmNvbS5hcHBsZS5zYmQkEj0AAQoTAAQiDwIFY2xhc3MKBl5rZXlzJAokAAQiIAIEYWdycAoYXmNvbS5hcHBsZS5zZWN1cml0eS5zb3MkEhkABCIVAgR2d2h0Cg1eQmFja3VwQmFnVjAkEhwABCIYAgR2d2h0ChBeaUNsb3VkSWRlbnRpdHkkEhBTZWN1cmVPYmplY3RTeW5jMmMKWwACEhIABCIOAgR2d2h0CgZeV2lGaSQSQwABChMABCIPAgVjbGFzcwoGXmdlbnAkChMABCIPAgRhZ3JwCgdeYXBwbGUkChUABCIRAgRzdmNlCgleQWlyUG9ydCQSBFdpRmkynQMKgwMAAhIYAAQiFAIEdndodAoMXlBDUy1CYWNrdXAkEhoABCIWAgR2d2h0Cg5eUENTLUNsb3VkS2l0JBIYAAQiFAIEdndodAoMXlBDUy1Fc2Nyb3ckEhUABCIRAgR2d2h0CgleUENTLUZERSQSGgAEIhYCBHZ3aHQKDl5QQ1MtRmVsZHNwYXIkEhoABCIWAgR2d2h0Cg5eUENTLU1haWxEcm9wJBIaAAQiFgIEdndodAoOXlBDUy1NYWlsZHJvcCQSGwAEIhcCBHZ3aHQKD15QQ1MtTWFzdGVyS2V5JBIXAAQiEwIEdndodAoLXlBDUy1Ob3RlcyQSGAAEIhQCBHZ3aHQKDF5QQ1MtUGhvdG9zJBIZAAQiFQIEdndodAoNXlBDUy1TaGFyaW5nJBIeAAQiGgIEdndodAoSXlBDUy1pQ2xvdWRCYWNrdXAkEh0ABCIZAgR2d2h0ChFeUENTLWlDbG91ZERyaXZlJBIaAAQiFgIEdndodAoOXlBDUy1pTWVzc2FnZSQSFVByb3RlY3RlZENsb3VkU3RvcmFnZTI6CisABCInAgRhZ3JwCh9eY29tLmFwcGxlLnNhZmFyaS5jcmVkaXQtY2FyZHMkEgtDcmVkaXRDYXJkczIuCiEABCIdAgRhZ3JwChVeY29tLmFwcGxlLmNmbmV0d29yayQSCVBhc3N3b3JkczJtClwAAhIeAAQiGgIEdndodAoSXkFjY2Vzc29yeVBhaXJpbmckEhoABCIWAgR2d2h0Cg5eTmFub1JlZ2lzdHJ5JBIcAAQiGAIEdndodAoQXldhdGNoTWlncmF0aW9uJBINRGV2aWNlUGFpcmluZzIOCgIABhIIQmFja3N0b3A=",
plaintextPolicy: try! TPPolicyDocument(version: 5,
modelToCategory: [
["prefix": "iPhone", "category": "full"],
["prefix": "iPad", "category": "full"],
["prefix": "iPod", "category": "full"],
["prefix": "Mac", "category": "full"],
["prefix": "iMac", "category": "full"],
["prefix": "AppleTV", "category": "tv"],
["prefix": "Watch", "category": "watch"],
["prefix": "AudioAccessory", "category": "audio"],
],
categoriesByView: [
"AutoUnlock": ["full", "watch"],
"ApplePay": ["full", "watch"],
"Engram": ["full", "watch"],
"Health": ["full", "watch"],
"Home": ["full", "watch"],
"LimitedPeersAllowed": ["full", "watch", "tv", "audio"],
"Manatee": ["full", "watch"],
"Applications": ["full", "watch"],
"SecureObjectSync": ["full", "watch"],
"WiFi": ["full", "watch", "tv", "audio"],
"ProtectedCloudStorage": ["full", "watch"],
"CreditCards": ["full", "watch"],
"Passwords": ["full", "watch"],
"DevicePairing": ["full", "watch"],
],
introducersByCategory: [
"full": ["full", "watch"],
"watch": ["full", "watch"],
"tv": ["full", "watch", "tv"],
"audio": ["full", "watch", "audio"],
],
redactions: [:],
keyViewMapping: [
TPPBPolicyKeyViewMapping(view: "ApplePay", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ApplePay$")),
TPPBPolicyKeyViewMapping(view: "AutoUnlock", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AutoUnlock$")),
TPPBPolicyKeyViewMapping(view: "Engram", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Engram$")),
TPPBPolicyKeyViewMapping(view: "Health", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Health$")),
TPPBPolicyKeyViewMapping(view: "Home", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Home$")),
TPPBPolicyKeyViewMapping(view: "Manatee", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^Manatee$")),
TPPBPolicyKeyViewMapping(view: "LimitedPeersAllowed", matchingRule: TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^LimitedPeersAllowed$")),
// These items will not be synced by Octagon
TPPBPolicyKeyViewMapping(view: "NotSynced", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^ContinuityUnlock$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^HomeKit$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AppleTV$"),
])),
TPPBPolicyKeyViewMapping(view: "Applications", matchingRule:
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^[0-9A-Z]{10}\\.")),
TPPBPolicyKeyViewMapping(view: "SecureObjectSync", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.sbd$"),
]),
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^keys$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.security.sos$"),
]),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^BackupBagV0$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^iCloudIdentity$"),
])),
TPPBPolicyKeyViewMapping(view: "WiFi", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WiFi$"),
TPDictionaryMatchingRule.andMatch([
TPDictionaryMatchingRule.fieldMatch("class", fieldRegex: "^genp$"),
TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^apple$"),
TPDictionaryMatchingRule.fieldMatch("svce", fieldRegex: "^AirPort$"),
]),
])),
TPPBPolicyKeyViewMapping(view: "ProtectedCloudStorage", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Backup$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-CloudKit$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Escrow$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-FDE$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Feldspar$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MailDrop$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Maildrop$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-MasterKey$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Notes$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Photos$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-Sharing$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudBackup$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iCloudDrive$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^PCS-iMessage$"),
])),
TPPBPolicyKeyViewMapping(view: "CreditCards",
matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.safari.credit-cards$")),
TPPBPolicyKeyViewMapping(view: "Passwords",
matchingRule: TPDictionaryMatchingRule.fieldMatch("agrp", fieldRegex: "^com.apple.cfnetwork$")),
TPPBPolicyKeyViewMapping(view: "DevicePairing", matchingRule:
TPDictionaryMatchingRule.orMatch([
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^AccessoryPairing$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^NanoRegistry$"),
TPDictionaryMatchingRule.fieldMatch("vwht", fieldRegex: "^WatchMigration$"),
])),
TPPBPolicyKeyViewMapping(view: "Backstop", matchingRule:
TPDictionaryMatchingRule.trueMatch()),
],
hashAlgo: .SHA256)
),
]
assert(rawPolicies.filter { prevailingPolicyVersion == $0.policyVersion }.count == 1)
return rawPolicies.map { raw in
let data = Data(base64Encoded: raw.policyData)!
let doc = TPPolicyDocument.policyDoc(withHash: raw.policyHash, data: data)!
assert(doc.policyVersion == raw.policyVersion)
if raw.policyVersion == prevailingPolicyVersion {
assert(prevailingPolicyHash == raw.policyHash)
}
assert(doc.isEqual(to: raw.plaintextPolicy))
return doc
}
}