Before Mavericks (OSX 10.9), right and rule are separated in authorization database, which is the file /etc/authorization.
The API AuthorizationRightGet/Set/Remove can only operate on rights. If you want to manipulate the rules, you have to modify the file /etc/authorization directly.
On Mavericks, the file is deprecated. Apple’s engineers have chosen to mix rights and rules in this single table. Now the API can operate on the rule as well as on the right. The security binary (the command security authorizationdb read/write ) also succeeds on read/write rules.
It is an improvement, although now I can't easily tell which is right, which is rule.
Read more...
References
Authbuddy
Authorization Rights and Mavericks
Modifying the OS X Mavericks Authorization Database
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment