├── LICENSE ├── Lockdown.xcodeproj ├── project.pbxproj └── project.xcworkspace │ └── contents.xcworkspacedata └── Lockdown ├── 3rd-Party ├── AMR_ANSIEscapeHelper.h ├── AMR_ANSIEscapeHelper.m ├── SummitRoute │ ├── commands.yaml │ └── osxlockdown └── YAML.framework │ ├── Headers │ ├── Resources │ ├── Versions │ ├── A │ │ ├── Headers │ │ │ └── YAMLSerialization.h │ │ ├── Resources │ │ │ ├── English.lproj │ │ │ │ └── InfoPlist.strings │ │ │ └── Info.plist │ │ └── YAML │ └── Current │ └── YAML ├── AboutWindowController.h ├── AboutWindowController.m ├── AppDelegate.h ├── AppDelegate.m ├── Assets.xcassets └── AppIcon.appiconset │ ├── Contents.json │ ├── icon_128x128.png │ ├── icon_128x128@2x.png │ ├── icon_16x16.png │ ├── icon_256x256.png │ ├── icon_256x256@2x.png │ ├── icon_32x32.png │ ├── icon_32x32@2x.png │ ├── icon_512x512.png │ └── icon_512x512@2x.png ├── Base.lproj └── Main.storyboard ├── CommandsViewController.h ├── CommandsViewController.m ├── Consts.h ├── ErrorWindowController.h ├── ErrorWindowController.m ├── Exception.h ├── Exception.m ├── ExecuteViewController.h ├── ExecuteViewController.m ├── Images ├── icon.png ├── lockDown.png ├── logoApple.png ├── logoAppleBG.png ├── logoAppleOver.png ├── summitRoute.png └── warning.png ├── Info.plist ├── LICENSE ├── NSApplicationKeyEvents.h ├── NSApplicationKeyEvents.m ├── UI ├── AboutWindow.xib ├── ErrorWindowController.xib ├── ExecuteView.xib ├── TestsView.xib └── WarningView.xib ├── Utilities.h ├── Utilities.m ├── ViewController.h ├── ViewController.m ├── WarningViewController.h ├── WarningViewController.m └── main.m /Lockdown.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 46; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | 7D1280AD1C6B96470088155D /* logoAppleOver.png in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280A91C6B96470088155D /* logoAppleOver.png */; }; 11 | 7D1280AE1C6B96470088155D /* logoAppleBG.png in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280AA1C6B96470088155D /* logoAppleBG.png */; }; 12 | 7D1280AF1C6B96470088155D /* logoApple.png in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280AB1C6B96470088155D /* logoApple.png */; }; 13 | 7D1280B01C6B96470088155D /* icon.png in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280AC1C6B96470088155D /* icon.png */; }; 14 | 7D1280B21C6B99560088155D /* summitRoute.png in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280B11C6B99560088155D /* summitRoute.png */; }; 15 | 7D1280B61C6C73FB0088155D /* Exception.m in Sources */ = {isa = PBXBuildFile; fileRef = 7D1280B51C6C73FB0088155D /* Exception.m */; }; 16 | 7D1280B91C6DB0BF0088155D /* ErrorWindowController.m in Sources */ = {isa = PBXBuildFile; fileRef = 7D1280B81C6DB0BF0088155D /* ErrorWindowController.m */; }; 17 | 7D1280BB1C6DB17E0088155D /* ErrorWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280BA1C6DB17E0088155D /* ErrorWindowController.xib */; }; 18 | 7D1280C01C6DB43D0088155D /* WarningView.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280BD1C6DB43D0088155D /* WarningView.xib */; }; 19 | 7D1280C11C6DB43D0088155D /* TestsView.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280BE1C6DB43D0088155D /* TestsView.xib */; }; 20 | 7D1280C21C6DB43D0088155D /* ExecuteView.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280BF1C6DB43D0088155D /* ExecuteView.xib */; }; 21 | 7D1280C81C704AC60088155D /* AboutWindowController.m in Sources */ = {isa = PBXBuildFile; fileRef = 7D1280C71C704AC60088155D /* AboutWindowController.m */; }; 22 | 7D1280CA1C704D5D0088155D /* AboutWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280C91C704D5D0088155D /* AboutWindow.xib */; }; 23 | 7D1280CC1C71276E0088155D /* LICENSE in Resources */ = {isa = PBXBuildFile; fileRef = 7D1280CB1C71276E0088155D /* LICENSE */; }; 24 | 7D7C6ABA1C76EE00005616ED /* AMR_ANSIEscapeHelper.m in Sources */ = {isa = PBXBuildFile; fileRef = 7D7C6AB91C76EE00005616ED /* AMR_ANSIEscapeHelper.m */; }; 25 | 7D7C6ABD1C76EE11005616ED /* commands.yaml in Resources */ = {isa = PBXBuildFile; fileRef = 7D7C6ABB1C76EE11005616ED /* commands.yaml */; }; 26 | 7D7C6ABE1C76EE11005616ED /* osxlockdown in Resources */ = {isa = PBXBuildFile; fileRef = 7D7C6ABC1C76EE11005616ED /* osxlockdown */; }; 27 | 7D7C6AD01C76F717005616ED /* YAML.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7D7C6ACB1C76F610005616ED /* YAML.framework */; }; 28 | 7D7C6AD11C76F717005616ED /* YAML.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 7D7C6ACB1C76F610005616ED /* YAML.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 29 | 7D7C6AD51C7A2E07005616ED /* NSApplicationKeyEvents.m in Sources */ = {isa = PBXBuildFile; fileRef = 7D7C6AD31C7A2E07005616ED /* NSApplicationKeyEvents.m */; }; 30 | 7DB0FCA41C7D6A2400D2CE0D /* Utilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 7DB0FCA31C7D6A2400D2CE0D /* Utilities.m */; }; 31 | CD4EB7F41C563EBF00630462 /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = CD4EB7F31C563EBF00630462 /* AppDelegate.m */; }; 32 | CD4EB7F71C563EBF00630462 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = CD4EB7F61C563EBF00630462 /* main.m */; }; 33 | CD4EB7FA1C563EBF00630462 /* ViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = CD4EB7F91C563EBF00630462 /* ViewController.m */; }; 34 | CD4EB7FC1C563EBF00630462 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = CD4EB7FB1C563EBF00630462 /* Assets.xcassets */; }; 35 | CD4EB7FF1C563EBF00630462 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = CD4EB7FD1C563EBF00630462 /* Main.storyboard */; }; 36 | CD4EB8241C56449900630462 /* lockDown.png in Resources */ = {isa = PBXBuildFile; fileRef = CD4EB8231C56449900630462 /* lockDown.png */; }; 37 | CDEDA1941C628F63006D2CFB /* warning.png in Resources */ = {isa = PBXBuildFile; fileRef = CDEDA1931C628F63006D2CFB /* warning.png */; }; 38 | CDF47D1C1C57AE5600DFFE96 /* CommandsViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = CDF47D1A1C57AE5600DFFE96 /* CommandsViewController.m */; }; 39 | CDF47D211C57B2B800DFFE96 /* WarningViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = CDF47D1F1C57B2B800DFFE96 /* WarningViewController.m */; }; 40 | CDF47D2E1C59AB4E00DFFE96 /* ExecuteViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = CDF47D2C1C59AB4E00DFFE96 /* ExecuteViewController.m */; }; 41 | /* End PBXBuildFile section */ 42 | 43 | /* Begin PBXCopyFilesBuildPhase section */ 44 | 7D7C6AD21C76F717005616ED /* Embed Frameworks */ = { 45 | isa = PBXCopyFilesBuildPhase; 46 | buildActionMask = 2147483647; 47 | dstPath = ""; 48 | dstSubfolderSpec = 10; 49 | files = ( 50 | 7D7C6AD11C76F717005616ED /* YAML.framework in Embed Frameworks */, 51 | ); 52 | name = "Embed Frameworks"; 53 | runOnlyForDeploymentPostprocessing = 0; 54 | }; 55 | /* End PBXCopyFilesBuildPhase section */ 56 | 57 | /* Begin PBXFileReference section */ 58 | 7D10A6371C83D5DC00F6F7CA /* Utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Utilities.h; sourceTree = ""; }; 59 | 7D1280A91C6B96470088155D /* logoAppleOver.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = logoAppleOver.png; path = Images/logoAppleOver.png; sourceTree = ""; }; 60 | 7D1280AA1C6B96470088155D /* logoAppleBG.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = logoAppleBG.png; path = Images/logoAppleBG.png; sourceTree = ""; }; 61 | 7D1280AB1C6B96470088155D /* logoApple.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = logoApple.png; path = Images/logoApple.png; sourceTree = ""; }; 62 | 7D1280AC1C6B96470088155D /* icon.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = icon.png; path = Images/icon.png; sourceTree = ""; }; 63 | 7D1280B11C6B99560088155D /* summitRoute.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = summitRoute.png; path = Images/summitRoute.png; sourceTree = ""; }; 64 | 7D1280B41C6C73FB0088155D /* Exception.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Exception.h; sourceTree = ""; }; 65 | 7D1280B51C6C73FB0088155D /* Exception.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Exception.m; sourceTree = ""; }; 66 | 7D1280B71C6DB0BF0088155D /* ErrorWindowController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ErrorWindowController.h; path = Lockdown/ErrorWindowController.h; sourceTree = ""; }; 67 | 7D1280B81C6DB0BF0088155D /* ErrorWindowController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = ErrorWindowController.m; path = Lockdown/ErrorWindowController.m; sourceTree = ""; }; 68 | 7D1280BA1C6DB17E0088155D /* ErrorWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = ErrorWindowController.xib; path = Lockdown/UI/ErrorWindowController.xib; sourceTree = ""; }; 69 | 7D1280BD1C6DB43D0088155D /* WarningView.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = WarningView.xib; path = Lockdown/UI/WarningView.xib; sourceTree = ""; }; 70 | 7D1280BE1C6DB43D0088155D /* TestsView.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = TestsView.xib; path = Lockdown/UI/TestsView.xib; sourceTree = ""; }; 71 | 7D1280BF1C6DB43D0088155D /* ExecuteView.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = ExecuteView.xib; path = Lockdown/UI/ExecuteView.xib; sourceTree = ""; }; 72 | 7D1280C61C704AC60088155D /* AboutWindowController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AboutWindowController.h; path = Lockdown/AboutWindowController.h; sourceTree = ""; }; 73 | 7D1280C71C704AC60088155D /* AboutWindowController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = AboutWindowController.m; path = Lockdown/AboutWindowController.m; sourceTree = ""; }; 74 | 7D1280C91C704D5D0088155D /* AboutWindow.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = AboutWindow.xib; path = Lockdown/UI/AboutWindow.xib; sourceTree = ""; }; 75 | 7D1280CB1C71276E0088155D /* LICENSE */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = LICENSE; sourceTree = ""; }; 76 | 7D7C6AB81C76EE00005616ED /* AMR_ANSIEscapeHelper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AMR_ANSIEscapeHelper.h; path = "3rd-Party/AMR_ANSIEscapeHelper.h"; sourceTree = ""; }; 77 | 7D7C6AB91C76EE00005616ED /* AMR_ANSIEscapeHelper.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = AMR_ANSIEscapeHelper.m; path = "3rd-Party/AMR_ANSIEscapeHelper.m"; sourceTree = ""; }; 78 | 7D7C6ABB1C76EE11005616ED /* commands.yaml */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = commands.yaml; path = "3rd-Party/SummitRoute/commands.yaml"; sourceTree = ""; }; 79 | 7D7C6ABC1C76EE11005616ED /* osxlockdown */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; name = osxlockdown; path = "3rd-Party/SummitRoute/osxlockdown"; sourceTree = ""; }; 80 | 7D7C6ACB1C76F610005616ED /* YAML.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = YAML.framework; path = "3rd-Party/YAML.framework"; sourceTree = ""; }; 81 | 7D7C6AD31C7A2E07005616ED /* NSApplicationKeyEvents.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = NSApplicationKeyEvents.m; sourceTree = ""; }; 82 | 7D7C6AD41C7A2E07005616ED /* NSApplicationKeyEvents.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NSApplicationKeyEvents.h; sourceTree = ""; }; 83 | 7DB0FCA31C7D6A2400D2CE0D /* Utilities.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Utilities.m; sourceTree = ""; }; 84 | CD4EB7EF1C563EBF00630462 /* Lockdown.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Lockdown.app; sourceTree = BUILT_PRODUCTS_DIR; }; 85 | CD4EB7F21C563EBF00630462 /* AppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppDelegate.h; sourceTree = ""; }; 86 | CD4EB7F31C563EBF00630462 /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = ""; }; 87 | CD4EB7F61C563EBF00630462 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; 88 | CD4EB7F81C563EBF00630462 /* ViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = ViewController.h; path = Lockdown/ViewController.h; sourceTree = ""; }; 89 | CD4EB7F91C563EBF00630462 /* ViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = ViewController.m; path = Lockdown/ViewController.m; sourceTree = ""; }; 90 | CD4EB7FB1C563EBF00630462 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 91 | CD4EB7FE1C563EBF00630462 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; 92 | CD4EB8001C563EBF00630462 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 93 | CD4EB8231C56449900630462 /* lockDown.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = lockDown.png; path = Images/lockDown.png; sourceTree = ""; }; 94 | CD4EB8251C56490700630462 /* Consts.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = Consts.h; sourceTree = ""; }; 95 | CDEDA1931C628F63006D2CFB /* warning.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = warning.png; path = Images/warning.png; sourceTree = ""; }; 96 | CDF47D191C57AE5600DFFE96 /* CommandsViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CommandsViewController.h; path = Lockdown/CommandsViewController.h; sourceTree = ""; }; 97 | CDF47D1A1C57AE5600DFFE96 /* CommandsViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CommandsViewController.m; path = Lockdown/CommandsViewController.m; sourceTree = ""; }; 98 | CDF47D1E1C57B2B800DFFE96 /* WarningViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WarningViewController.h; path = Lockdown/WarningViewController.h; sourceTree = ""; }; 99 | CDF47D1F1C57B2B800DFFE96 /* WarningViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = WarningViewController.m; path = Lockdown/WarningViewController.m; sourceTree = ""; }; 100 | CDF47D2B1C59AB4E00DFFE96 /* ExecuteViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ExecuteViewController.h; path = Lockdown/ExecuteViewController.h; sourceTree = ""; }; 101 | CDF47D2C1C59AB4E00DFFE96 /* ExecuteViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = ExecuteViewController.m; path = Lockdown/ExecuteViewController.m; sourceTree = ""; }; 102 | /* End PBXFileReference section */ 103 | 104 | /* Begin PBXFrameworksBuildPhase section */ 105 | CD4EB7EC1C563EBF00630462 /* Frameworks */ = { 106 | isa = PBXFrameworksBuildPhase; 107 | buildActionMask = 2147483647; 108 | files = ( 109 | 7D7C6AD01C76F717005616ED /* YAML.framework in Frameworks */, 110 | ); 111 | runOnlyForDeploymentPostprocessing = 0; 112 | }; 113 | /* End PBXFrameworksBuildPhase section */ 114 | 115 | /* Begin PBXGroup section */ 116 | 7D1280B31C6C6AF00088155D /* 3rd-Party */ = { 117 | isa = PBXGroup; 118 | children = ( 119 | 7D7C6ACB1C76F610005616ED /* YAML.framework */, 120 | 7D7C6AB81C76EE00005616ED /* AMR_ANSIEscapeHelper.h */, 121 | 7D7C6AB91C76EE00005616ED /* AMR_ANSIEscapeHelper.m */, 122 | CD4EB8261C5649B700630462 /* SummitRoute */, 123 | ); 124 | name = "3rd-Party"; 125 | sourceTree = ""; 126 | }; 127 | 7D1280BC1C6DB41C0088155D /* UI */ = { 128 | isa = PBXGroup; 129 | children = ( 130 | 7D1280C91C704D5D0088155D /* AboutWindow.xib */, 131 | 7D1280BA1C6DB17E0088155D /* ErrorWindowController.xib */, 132 | 7D1280BF1C6DB43D0088155D /* ExecuteView.xib */, 133 | 7D1280BE1C6DB43D0088155D /* TestsView.xib */, 134 | 7D1280BD1C6DB43D0088155D /* WarningView.xib */, 135 | ); 136 | name = UI; 137 | sourceTree = ""; 138 | }; 139 | CD4EB7E61C563EBF00630462 = { 140 | isa = PBXGroup; 141 | children = ( 142 | 7D1280BC1C6DB41C0088155D /* UI */, 143 | CDF47D231C57B2C000DFFE96 /* UIViewControllers */, 144 | CD4EB7F11C563EBF00630462 /* Lockdown */, 145 | CD4EB7F01C563EBF00630462 /* Products */, 146 | ); 147 | sourceTree = ""; 148 | }; 149 | CD4EB7F01C563EBF00630462 /* Products */ = { 150 | isa = PBXGroup; 151 | children = ( 152 | CD4EB7EF1C563EBF00630462 /* Lockdown.app */, 153 | ); 154 | name = Products; 155 | sourceTree = ""; 156 | }; 157 | CD4EB7F11C563EBF00630462 /* Lockdown */ = { 158 | isa = PBXGroup; 159 | children = ( 160 | CD4EB7F21C563EBF00630462 /* AppDelegate.h */, 161 | CD4EB7F31C563EBF00630462 /* AppDelegate.m */, 162 | CD4EB8251C56490700630462 /* Consts.h */, 163 | 7D1280B41C6C73FB0088155D /* Exception.h */, 164 | 7D1280B51C6C73FB0088155D /* Exception.m */, 165 | 7D7C6AD31C7A2E07005616ED /* NSApplicationKeyEvents.m */, 166 | 7D7C6AD41C7A2E07005616ED /* NSApplicationKeyEvents.h */, 167 | 7D10A6371C83D5DC00F6F7CA /* Utilities.h */, 168 | 7DB0FCA31C7D6A2400D2CE0D /* Utilities.m */, 169 | 7D1280B31C6C6AF00088155D /* 3rd-Party */, 170 | CD4EB8221C56448E00630462 /* Images */, 171 | 7D1280CB1C71276E0088155D /* LICENSE */, 172 | CD4EB7FB1C563EBF00630462 /* Assets.xcassets */, 173 | CD4EB7FD1C563EBF00630462 /* Main.storyboard */, 174 | CD4EB8001C563EBF00630462 /* Info.plist */, 175 | CD4EB7F51C563EBF00630462 /* Supporting Files */, 176 | ); 177 | path = Lockdown; 178 | sourceTree = ""; 179 | }; 180 | CD4EB7F51C563EBF00630462 /* Supporting Files */ = { 181 | isa = PBXGroup; 182 | children = ( 183 | CD4EB7F61C563EBF00630462 /* main.m */, 184 | ); 185 | name = "Supporting Files"; 186 | sourceTree = ""; 187 | }; 188 | CD4EB8221C56448E00630462 /* Images */ = { 189 | isa = PBXGroup; 190 | children = ( 191 | 7D1280B11C6B99560088155D /* summitRoute.png */, 192 | 7D1280A91C6B96470088155D /* logoAppleOver.png */, 193 | 7D1280AA1C6B96470088155D /* logoAppleBG.png */, 194 | 7D1280AB1C6B96470088155D /* logoApple.png */, 195 | 7D1280AC1C6B96470088155D /* icon.png */, 196 | CDEDA1931C628F63006D2CFB /* warning.png */, 197 | CD4EB8231C56449900630462 /* lockDown.png */, 198 | ); 199 | name = Images; 200 | sourceTree = ""; 201 | }; 202 | CD4EB8261C5649B700630462 /* SummitRoute */ = { 203 | isa = PBXGroup; 204 | children = ( 205 | 7D7C6ABB1C76EE11005616ED /* commands.yaml */, 206 | 7D7C6ABC1C76EE11005616ED /* osxlockdown */, 207 | ); 208 | name = SummitRoute; 209 | sourceTree = ""; 210 | }; 211 | CDF47D231C57B2C000DFFE96 /* UIViewControllers */ = { 212 | isa = PBXGroup; 213 | children = ( 214 | 7D1280C61C704AC60088155D /* AboutWindowController.h */, 215 | 7D1280C71C704AC60088155D /* AboutWindowController.m */, 216 | 7D1280B71C6DB0BF0088155D /* ErrorWindowController.h */, 217 | 7D1280B81C6DB0BF0088155D /* ErrorWindowController.m */, 218 | CDF47D1E1C57B2B800DFFE96 /* WarningViewController.h */, 219 | CDF47D1F1C57B2B800DFFE96 /* WarningViewController.m */, 220 | CDF47D2B1C59AB4E00DFFE96 /* ExecuteViewController.h */, 221 | CDF47D2C1C59AB4E00DFFE96 /* ExecuteViewController.m */, 222 | CDF47D191C57AE5600DFFE96 /* CommandsViewController.h */, 223 | CDF47D1A1C57AE5600DFFE96 /* CommandsViewController.m */, 224 | CD4EB7F81C563EBF00630462 /* ViewController.h */, 225 | CD4EB7F91C563EBF00630462 /* ViewController.m */, 226 | ); 227 | name = UIViewControllers; 228 | sourceTree = ""; 229 | }; 230 | /* End PBXGroup section */ 231 | 232 | /* Begin PBXNativeTarget section */ 233 | CD4EB7EE1C563EBF00630462 /* Lockdown */ = { 234 | isa = PBXNativeTarget; 235 | buildConfigurationList = CD4EB8191C563EBF00630462 /* Build configuration list for PBXNativeTarget "Lockdown" */; 236 | buildPhases = ( 237 | CD4EB7EB1C563EBF00630462 /* Sources */, 238 | CD4EB7EC1C563EBF00630462 /* Frameworks */, 239 | CD4EB7ED1C563EBF00630462 /* Resources */, 240 | 7D7C6AD21C76F717005616ED /* Embed Frameworks */, 241 | ); 242 | buildRules = ( 243 | ); 244 | dependencies = ( 245 | ); 246 | name = Lockdown; 247 | productName = Lockdown; 248 | productReference = CD4EB7EF1C563EBF00630462 /* Lockdown.app */; 249 | productType = "com.apple.product-type.application"; 250 | }; 251 | /* End PBXNativeTarget section */ 252 | 253 | /* Begin PBXProject section */ 254 | CD4EB7E71C563EBF00630462 /* Project object */ = { 255 | isa = PBXProject; 256 | attributes = { 257 | LastUpgradeCheck = 0730; 258 | ORGANIZATIONNAME = "Patrick Wardle"; 259 | TargetAttributes = { 260 | CD4EB7EE1C563EBF00630462 = { 261 | CreatedOnToolsVersion = 7.2; 262 | DevelopmentTeam = VBG97UB4TA; 263 | }; 264 | }; 265 | }; 266 | buildConfigurationList = CD4EB7EA1C563EBF00630462 /* Build configuration list for PBXProject "Lockdown" */; 267 | compatibilityVersion = "Xcode 3.2"; 268 | developmentRegion = English; 269 | hasScannedForEncodings = 0; 270 | knownRegions = ( 271 | en, 272 | Base, 273 | ); 274 | mainGroup = CD4EB7E61C563EBF00630462; 275 | productRefGroup = CD4EB7F01C563EBF00630462 /* Products */; 276 | projectDirPath = ""; 277 | projectRoot = ""; 278 | targets = ( 279 | CD4EB7EE1C563EBF00630462 /* Lockdown */, 280 | ); 281 | }; 282 | /* End PBXProject section */ 283 | 284 | /* Begin PBXResourcesBuildPhase section */ 285 | CD4EB7ED1C563EBF00630462 /* Resources */ = { 286 | isa = PBXResourcesBuildPhase; 287 | buildActionMask = 2147483647; 288 | files = ( 289 | 7D7C6ABD1C76EE11005616ED /* commands.yaml in Resources */, 290 | 7D1280C11C6DB43D0088155D /* TestsView.xib in Resources */, 291 | 7D1280B01C6B96470088155D /* icon.png in Resources */, 292 | 7D1280AE1C6B96470088155D /* logoAppleBG.png in Resources */, 293 | 7D7C6ABE1C76EE11005616ED /* osxlockdown in Resources */, 294 | 7D1280CA1C704D5D0088155D /* AboutWindow.xib in Resources */, 295 | 7D1280C21C6DB43D0088155D /* ExecuteView.xib in Resources */, 296 | 7D1280AD1C6B96470088155D /* logoAppleOver.png in Resources */, 297 | CD4EB7FC1C563EBF00630462 /* Assets.xcassets in Resources */, 298 | CD4EB8241C56449900630462 /* lockDown.png in Resources */, 299 | 7D1280CC1C71276E0088155D /* LICENSE in Resources */, 300 | 7D1280BB1C6DB17E0088155D /* ErrorWindowController.xib in Resources */, 301 | CD4EB7FF1C563EBF00630462 /* Main.storyboard in Resources */, 302 | 7D1280AF1C6B96470088155D /* logoApple.png in Resources */, 303 | CDEDA1941C628F63006D2CFB /* warning.png in Resources */, 304 | 7D1280C01C6DB43D0088155D /* WarningView.xib in Resources */, 305 | 7D1280B21C6B99560088155D /* summitRoute.png in Resources */, 306 | ); 307 | runOnlyForDeploymentPostprocessing = 0; 308 | }; 309 | /* End PBXResourcesBuildPhase section */ 310 | 311 | /* Begin PBXSourcesBuildPhase section */ 312 | CD4EB7EB1C563EBF00630462 /* Sources */ = { 313 | isa = PBXSourcesBuildPhase; 314 | buildActionMask = 2147483647; 315 | files = ( 316 | 7D7C6ABA1C76EE00005616ED /* AMR_ANSIEscapeHelper.m in Sources */, 317 | CDF47D211C57B2B800DFFE96 /* WarningViewController.m in Sources */, 318 | 7D1280C81C704AC60088155D /* AboutWindowController.m in Sources */, 319 | CD4EB7FA1C563EBF00630462 /* ViewController.m in Sources */, 320 | 7D7C6AD51C7A2E07005616ED /* NSApplicationKeyEvents.m in Sources */, 321 | CD4EB7F71C563EBF00630462 /* main.m in Sources */, 322 | 7DB0FCA41C7D6A2400D2CE0D /* Utilities.m in Sources */, 323 | CDF47D1C1C57AE5600DFFE96 /* CommandsViewController.m in Sources */, 324 | 7D1280B61C6C73FB0088155D /* Exception.m in Sources */, 325 | CDF47D2E1C59AB4E00DFFE96 /* ExecuteViewController.m in Sources */, 326 | 7D1280B91C6DB0BF0088155D /* ErrorWindowController.m in Sources */, 327 | CD4EB7F41C563EBF00630462 /* AppDelegate.m in Sources */, 328 | ); 329 | runOnlyForDeploymentPostprocessing = 0; 330 | }; 331 | /* End PBXSourcesBuildPhase section */ 332 | 333 | /* Begin PBXVariantGroup section */ 334 | CD4EB7FD1C563EBF00630462 /* Main.storyboard */ = { 335 | isa = PBXVariantGroup; 336 | children = ( 337 | CD4EB7FE1C563EBF00630462 /* Base */, 338 | ); 339 | name = Main.storyboard; 340 | sourceTree = ""; 341 | }; 342 | /* End PBXVariantGroup section */ 343 | 344 | /* Begin XCBuildConfiguration section */ 345 | CD4EB8171C563EBF00630462 /* Debug */ = { 346 | isa = XCBuildConfiguration; 347 | buildSettings = { 348 | ALWAYS_SEARCH_USER_PATHS = NO; 349 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 350 | CLANG_CXX_LIBRARY = "libc++"; 351 | CLANG_ENABLE_MODULES = YES; 352 | CLANG_ENABLE_OBJC_ARC = YES; 353 | CLANG_WARN_BOOL_CONVERSION = YES; 354 | CLANG_WARN_CONSTANT_CONVERSION = YES; 355 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 356 | CLANG_WARN_EMPTY_BODY = YES; 357 | CLANG_WARN_ENUM_CONVERSION = YES; 358 | CLANG_WARN_INT_CONVERSION = YES; 359 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 360 | CLANG_WARN_UNREACHABLE_CODE = YES; 361 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 362 | CODE_SIGN_IDENTITY = "-"; 363 | COPY_PHASE_STRIP = NO; 364 | DEBUG_INFORMATION_FORMAT = dwarf; 365 | ENABLE_STRICT_OBJC_MSGSEND = YES; 366 | ENABLE_TESTABILITY = YES; 367 | GCC_C_LANGUAGE_STANDARD = gnu99; 368 | GCC_DYNAMIC_NO_PIC = NO; 369 | GCC_NO_COMMON_BLOCKS = YES; 370 | GCC_OPTIMIZATION_LEVEL = 0; 371 | GCC_PREPROCESSOR_DEFINITIONS = ( 372 | "DEBUG=1", 373 | "$(inherited)", 374 | ); 375 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 376 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 377 | GCC_WARN_UNDECLARED_SELECTOR = YES; 378 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 379 | GCC_WARN_UNUSED_FUNCTION = YES; 380 | GCC_WARN_UNUSED_VARIABLE = YES; 381 | MACOSX_DEPLOYMENT_TARGET = 10.10; 382 | MTL_ENABLE_DEBUG_INFO = YES; 383 | ONLY_ACTIVE_ARCH = YES; 384 | SDKROOT = macosx; 385 | }; 386 | name = Debug; 387 | }; 388 | CD4EB8181C563EBF00630462 /* Release */ = { 389 | isa = XCBuildConfiguration; 390 | buildSettings = { 391 | ALWAYS_SEARCH_USER_PATHS = NO; 392 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; 393 | CLANG_CXX_LIBRARY = "libc++"; 394 | CLANG_ENABLE_MODULES = YES; 395 | CLANG_ENABLE_OBJC_ARC = YES; 396 | CLANG_WARN_BOOL_CONVERSION = YES; 397 | CLANG_WARN_CONSTANT_CONVERSION = YES; 398 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 399 | CLANG_WARN_EMPTY_BODY = YES; 400 | CLANG_WARN_ENUM_CONVERSION = YES; 401 | CLANG_WARN_INT_CONVERSION = YES; 402 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 403 | CLANG_WARN_UNREACHABLE_CODE = YES; 404 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 405 | CODE_SIGN_IDENTITY = "-"; 406 | COPY_PHASE_STRIP = NO; 407 | DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; 408 | ENABLE_NS_ASSERTIONS = NO; 409 | ENABLE_STRICT_OBJC_MSGSEND = YES; 410 | GCC_C_LANGUAGE_STANDARD = gnu99; 411 | GCC_NO_COMMON_BLOCKS = YES; 412 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 413 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 414 | GCC_WARN_UNDECLARED_SELECTOR = YES; 415 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 416 | GCC_WARN_UNUSED_FUNCTION = YES; 417 | GCC_WARN_UNUSED_VARIABLE = YES; 418 | MACOSX_DEPLOYMENT_TARGET = 10.10; 419 | MTL_ENABLE_DEBUG_INFO = NO; 420 | SDKROOT = macosx; 421 | }; 422 | name = Release; 423 | }; 424 | CD4EB81A1C563EBF00630462 /* Debug */ = { 425 | isa = XCBuildConfiguration; 426 | buildSettings = { 427 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 428 | CODE_SIGN_IDENTITY = "Developer ID Application: Objective-See, LLC (VBG97UB4TA)"; 429 | COMBINE_HIDPI_IMAGES = YES; 430 | FRAMEWORK_SEARCH_PATHS = ( 431 | "$(inherited)", 432 | "$(PROJECT_DIR)/Lockdown/3rd-Party", 433 | ); 434 | GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; 435 | INFOPLIST_FILE = Lockdown/Info.plist; 436 | LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; 437 | MACOSX_DEPLOYMENT_TARGET = 10.10; 438 | PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.Lockdown"; 439 | PRODUCT_NAME = "$(TARGET_NAME)"; 440 | SDKROOT = macosx; 441 | }; 442 | name = Debug; 443 | }; 444 | CD4EB81B1C563EBF00630462 /* Release */ = { 445 | isa = XCBuildConfiguration; 446 | buildSettings = { 447 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 448 | CODE_SIGN_IDENTITY = "Developer ID Application: Objective-See, LLC (VBG97UB4TA)"; 449 | COMBINE_HIDPI_IMAGES = YES; 450 | FRAMEWORK_SEARCH_PATHS = ( 451 | "$(inherited)", 452 | "$(PROJECT_DIR)/Lockdown/3rd-Party", 453 | ); 454 | GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; 455 | INFOPLIST_FILE = Lockdown/Info.plist; 456 | LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; 457 | MACOSX_DEPLOYMENT_TARGET = 10.10; 458 | PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.Lockdown"; 459 | PRODUCT_NAME = "$(TARGET_NAME)"; 460 | SDKROOT = macosx; 461 | }; 462 | name = Release; 463 | }; 464 | /* End XCBuildConfiguration section */ 465 | 466 | /* Begin XCConfigurationList section */ 467 | CD4EB7EA1C563EBF00630462 /* Build configuration list for PBXProject "Lockdown" */ = { 468 | isa = XCConfigurationList; 469 | buildConfigurations = ( 470 | CD4EB8171C563EBF00630462 /* Debug */, 471 | CD4EB8181C563EBF00630462 /* Release */, 472 | ); 473 | defaultConfigurationIsVisible = 0; 474 | defaultConfigurationName = Release; 475 | }; 476 | CD4EB8191C563EBF00630462 /* Build configuration list for PBXNativeTarget "Lockdown" */ = { 477 | isa = XCConfigurationList; 478 | buildConfigurations = ( 479 | CD4EB81A1C563EBF00630462 /* Debug */, 480 | CD4EB81B1C563EBF00630462 /* Release */, 481 | ); 482 | defaultConfigurationIsVisible = 0; 483 | defaultConfigurationName = Release; 484 | }; 485 | /* End XCConfigurationList section */ 486 | }; 487 | rootObject = CD4EB7E71C563EBF00630462 /* Project object */; 488 | } 489 | -------------------------------------------------------------------------------- /Lockdown.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /Lockdown/3rd-Party/AMR_ANSIEscapeHelper.h: -------------------------------------------------------------------------------- 1 | // 2 | // ANSIEscapeHelper.h 3 | // AnsiColorsTest 4 | // 5 | // Created by Ali Rantakari on 18.3.09. 6 | // 7 | // Version 0.9.6 8 | // 9 | /* 10 | The MIT License 11 | 12 | Copyright (c) 2008-2009,2013 Ali Rantakari 13 | 14 | Permission is hereby granted, free of charge, to any person obtaining a copy 15 | of this software and associated documentation files (the "Software"), to deal 16 | in the Software without restriction, including without limitation the rights 17 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 18 | copies of the Software, and to permit persons to whom the Software is 19 | furnished to do so, subject to the following conditions: 20 | 21 | The above copyright notice and this permission notice shall be included in 22 | all copies or substantial portions of the Software. 23 | 24 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 25 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 26 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 27 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 28 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 29 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 30 | THE SOFTWARE. 31 | */ 32 | 33 | #import 34 | 35 | 36 | #if !__has_feature(objc_arc) 37 | #warning "This code requires ARC to be enabled." 38 | #endif 39 | 40 | 41 | // dictionary keys for the SGR code dictionaries that the array 42 | // escapeCodesForString:cleanString: returns contains 43 | #define kAMRCodeDictKey_code @"code" 44 | #define kAMRCodeDictKey_location @"location" 45 | 46 | // dictionary keys for the string formatting attribute 47 | // dictionaries that the array attributesForString:cleanString: 48 | // returns contains 49 | #define kAMRAttrDictKey_range @"range" 50 | #define kAMRAttrDictKey_attrName @"attributeName" 51 | #define kAMRAttrDictKey_attrValue @"attributeValue" 52 | 53 | 54 | /*! 55 | @enum AMR_SGRCode 56 | 57 | @abstract SGR (Select Graphic Rendition) ANSI control codes. 58 | */ 59 | typedef enum 60 | { 61 | AMR_SGRCodeNoneOrInvalid = -1, 62 | 63 | AMR_SGRCodeAllReset = 0, 64 | 65 | AMR_SGRCodeIntensityBold = 1, 66 | AMR_SGRCodeIntensityFaint = 2, 67 | AMR_SGRCodeIntensityNormal = 22, 68 | 69 | AMR_SGRCodeItalicOn = 3, 70 | 71 | AMR_SGRCodeUnderlineSingle = 4, 72 | AMR_SGRCodeUnderlineDouble = 21, 73 | AMR_SGRCodeUnderlineNone = 24, 74 | 75 | AMR_SGRCodeFgBlack = 30, 76 | AMR_SGRCodeFgRed = 31, 77 | AMR_SGRCodeFgGreen = 32, 78 | AMR_SGRCodeFgYellow = 33, 79 | AMR_SGRCodeFgBlue = 34, 80 | AMR_SGRCodeFgMagenta = 35, 81 | AMR_SGRCodeFgCyan = 36, 82 | AMR_SGRCodeFgWhite = 37, 83 | AMR_SGRCodeFgReset = 39, 84 | 85 | AMR_SGRCodeBgBlack = 40, 86 | AMR_SGRCodeBgRed = 41, 87 | AMR_SGRCodeBgGreen = 42, 88 | AMR_SGRCodeBgYellow = 43, 89 | AMR_SGRCodeBgBlue = 44, 90 | AMR_SGRCodeBgMagenta = 45, 91 | AMR_SGRCodeBgCyan = 46, 92 | AMR_SGRCodeBgWhite = 47, 93 | AMR_SGRCodeBgReset = 49, 94 | 95 | AMR_SGRCodeFgBrightBlack = 90, 96 | AMR_SGRCodeFgBrightRed = 91, 97 | AMR_SGRCodeFgBrightGreen = 92, 98 | AMR_SGRCodeFgBrightYellow = 93, 99 | AMR_SGRCodeFgBrightBlue = 94, 100 | AMR_SGRCodeFgBrightMagenta = 95, 101 | AMR_SGRCodeFgBrightCyan = 96, 102 | AMR_SGRCodeFgBrightWhite = 97, 103 | 104 | AMR_SGRCodeBgBrightBlack = 100, 105 | AMR_SGRCodeBgBrightRed = 101, 106 | AMR_SGRCodeBgBrightGreen = 102, 107 | AMR_SGRCodeBgBrightYellow = 103, 108 | AMR_SGRCodeBgBrightBlue = 104, 109 | AMR_SGRCodeBgBrightMagenta = 105, 110 | AMR_SGRCodeBgBrightCyan = 106, 111 | AMR_SGRCodeBgBrightWhite = 107 112 | } AMR_SGRCode; 113 | 114 | 115 | 116 | 117 | 118 | 119 | /*! 120 | @class AMR_ANSIEscapeHelper 121 | 122 | @abstract Contains helper methods for dealing with strings 123 | that contain ANSI escape sequences for formatting (colors, 124 | underlining, bold etc.) 125 | */ 126 | @interface AMR_ANSIEscapeHelper : NSObject 127 | 128 | /*! 129 | @property defaultStringColor 130 | 131 | @abstract The default color used when creating an attributed string (default is black). 132 | */ 133 | @property(copy) NSColor *defaultStringColor; 134 | 135 | 136 | /*! 137 | @property font 138 | 139 | @abstract The font to use when creating string formatting attribute values. 140 | */ 141 | @property(copy) NSFont *font; 142 | 143 | /*! 144 | @property ansiColors 145 | 146 | @abstract The colors to use for displaying ANSI colors. 147 | 148 | @discussion Keys in this dictionary should be NSNumber objects containing SGR code 149 | values from the AMR_SGRCode enum. The corresponding values for these keys 150 | should be NSColor objects. If this property is nil or if it doesn't 151 | contain a key for a specific SGR code, the default color will be used 152 | instead. 153 | */ 154 | @property(retain) NSMutableDictionary *ansiColors; 155 | 156 | 157 | /*! 158 | @method attributedStringWithANSIEscapedString: 159 | 160 | @abstract Returns an attributed string that corresponds both in contents 161 | and formatting to a given string that contains ANSI escape 162 | sequences. 163 | 164 | @param aString A String containing ANSI escape sequences 165 | 166 | @result An attributed string that mimics as closely as possible 167 | the formatting of the given ANSI-escaped string. 168 | */ 169 | - (NSAttributedString*) attributedStringWithANSIEscapedString:(NSString*)aString; 170 | 171 | 172 | /*! 173 | @method ansiEscapedStringWithAttributedString: 174 | 175 | @abstract Returns a string containing ANSI escape sequences that corresponds 176 | both in contents and formatting to a given attributed string. 177 | 178 | @param aAttributedString An attributed string 179 | 180 | @result A string that mimics as closely as possible 181 | the formatting of the given attributed string with 182 | ANSI escape sequences. 183 | */ 184 | - (NSString*) ansiEscapedStringWithAttributedString:(NSAttributedString*)aAttributedString; 185 | 186 | 187 | /*! 188 | @method escapeCodesForString:cleanString: 189 | 190 | @abstract Returns an array of SGR codes and their locations from a 191 | string containing ANSI escape sequences as well as a "clean" 192 | version of the string (i.e. one without the ANSI escape 193 | sequences.) 194 | 195 | @param aString A String containing ANSI escape sequences 196 | @param aCleanString Upon return, contains a "clean" version of aString (i.e. aString 197 | without the ANSI escape sequences) 198 | 199 | @result An array of NSDictionary objects, each of which has 200 | an NSNumber value for the key "code" (specifying an SGR code) and 201 | another NSNumber value for the key "location" (specifying the 202 | location of the code within aCleanString.) 203 | */ 204 | - (NSArray*) escapeCodesForString:(NSString*)aString cleanString:(NSString**)aCleanString; 205 | 206 | 207 | /*! 208 | @method ansiEscapedStringWithCodesAndLocations:cleanString: 209 | 210 | @abstract Returns a string containing ANSI escape codes for formatting based 211 | on a string and an array of SGR codes and their locations within 212 | the given string. 213 | 214 | @param aCodesArray An array of NSDictionary objects, each of which should have 215 | an NSNumber value for the key "code" (specifying an SGR 216 | code) and another NSNumber value for the key "location" 217 | (specifying the location of this SGR code in aCleanString.) 218 | @param aCleanString The string to which to insert the ANSI escape codes 219 | described in aCodesArray. 220 | 221 | @result A string containing ANSI escape sequences. 222 | */ 223 | - (NSString*) ansiEscapedStringWithCodesAndLocations:(NSArray*)aCodesArray cleanString:(NSString*)aCleanString; 224 | 225 | 226 | /*! 227 | @method attributesForString:cleanString: 228 | 229 | @abstract Convert ANSI escape sequences in a string to string formatting attributes. 230 | 231 | @discussion Given a string with some ANSI escape sequences in it, this method returns 232 | attributes for formatting the specified string according to those ANSI 233 | escape sequences as well as a "clean" (i.e. free of the escape sequences) 234 | version of this string. 235 | 236 | @param aString A String containing ANSI escape sequences 237 | @param aCleanString Upon return, contains a "clean" version of aString (i.e. aString 238 | without the ANSI escape sequences.) Pass in NULL if you're not 239 | interested in this. 240 | 241 | @result An array containing NSDictionary objects, each of which has keys "range" 242 | (an NSValue containing an NSRange, specifying the range for the 243 | attribute within the "clean" version of aString), "attributeName" (an 244 | NSString) and "attributeValue" (an NSObject). You may use these as 245 | arguments for NSMutableAttributedString's methods for setting the 246 | visual formatting. 247 | */ 248 | - (NSArray*) attributesForString:(NSString*)aString cleanString:(NSString**)aCleanString; 249 | 250 | 251 | /*! 252 | @method AMR_SGRCode:endsFormattingIntroducedByCode: 253 | 254 | @abstract Whether the occurrence of a given SGR code would end the formatting run 255 | introduced by another SGR code. 256 | 257 | @discussion For example, AMR_SGRCodeFgReset, AMR_SGRCodeAllReset or any SGR code 258 | specifying a foreground color would end the formatting run 259 | introduced by a foreground color -specifying SGR code. 260 | 261 | @param endCode The SGR code to test as a candidate for ending the formatting run 262 | introduced by startCode 263 | @param startCode The SGR code that has introduced a formatting run 264 | 265 | @result YES if the occurrence of endCode would end the formatting run 266 | introduced by startCode, NO otherwise. 267 | */ 268 | - (BOOL) AMR_SGRCode:(AMR_SGRCode)endCode endsFormattingIntroducedByCode:(AMR_SGRCode)startCode; 269 | 270 | 271 | /*! 272 | @method colorForSGRCode: 273 | 274 | @abstract Returns the color to use for displaying a specific ANSI color. 275 | 276 | @discussion This method first considers the values set in the ansiColors 277 | property and only then the standard basic colors (NSColor's 278 | redColor, blueColor etc.) 279 | 280 | @param code An SGR code that specifies an ANSI color. 281 | 282 | @result The color to use for displaying the ANSI color specified by code. 283 | */ 284 | - (NSColor*) colorForSGRCode:(AMR_SGRCode)code; 285 | 286 | 287 | /*! 288 | @method AMR_SGRCodeForColor:isForegroundColor: 289 | 290 | @abstract Returns a color SGR code that corresponds to a given color. 291 | 292 | @discussion This method matches colors to their equivalent SGR codes 293 | by going through the colors specified in the ansiColors 294 | dictionary, and if ansiColors is null or if a match is 295 | not found there, by comparing the given color to the 296 | standard basic colors (NSColor's redColor, blueColor 297 | etc.) The comparison is done simply by checking for 298 | equality. 299 | 300 | @param aColor The color to get a corresponding SGR code for 301 | @param aForeground Whether you want a foreground or background color code 302 | 303 | @result SGR code that corresponds with aColor. 304 | */ 305 | - (AMR_SGRCode) AMR_SGRCodeForColor:(NSColor*)aColor isForegroundColor:(BOOL)aForeground; 306 | 307 | 308 | /*! 309 | @method closestSGRCodeForColor:isForegroundColor: 310 | 311 | @abstract Returns a color SGR code that represents the closest ANSI 312 | color to a given color. 313 | 314 | @discussion This method attempts to find the closest ANSI color to 315 | aColor and return its SGR code. 316 | 317 | @param aColor The color to get a closest color SGR code match for 318 | @param aForeground Whether you want a foreground or background color code 319 | 320 | @result SGR code for the ANSI color that is closest to aColor. 321 | */ 322 | - (AMR_SGRCode) closestSGRCodeForColor:(NSColor *)color isForegroundColor:(BOOL)foreground; 323 | 324 | 325 | 326 | @end 327 | -------------------------------------------------------------------------------- /Lockdown/3rd-Party/SummitRoute/commands.yaml: -------------------------------------------------------------------------------- 1 | - title: "Verify all application software is current" 2 | check_command: | 3 | LASTUPDATE=$(sudo defaults read /Library/Preferences/com.apple.SoftwareUpdate | grep LastSuccessfulDate | sed -e 's@^.* "\([0-9\\-]*\) .*$@\1@'); if [ "$LASTUPDATE" = "$(date +%Y-%m-%d)" ];then exit 0; fi; exit 1 4 | fix_command: | 5 | sudo softwareupdate -i -a 6 | enabled: true 7 | 8 | 9 | - title: "Enable Auto Update" 10 | check_command: | 11 | sudo softwareupdate --schedule | grep 'Automatic check is on' 12 | fix_command: | 13 | sudo softwareupdate --schedule on 14 | enabled: true 15 | 16 | 17 | - title: "Disable Bluetooth" 18 | check_command: | 19 | defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState | grep 0 20 | fix_command: | 21 | sudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -int 0 && sudo killall -HUP blued 22 | enabled: true 23 | 24 | 25 | - title: "Disable infrared receiver" 26 | check_command: | 27 | defaults read /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled | grep 0 28 | fix_command: | 29 | defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -int 0 30 | enabled: true 31 | 32 | 33 | - title: "Disable AirDrop" 34 | check_command: | 35 | defaults read com.apple.NetworkBrowser DisableAirDrop | grep 1 36 | fix_command: | 37 | defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES 38 | enabled: true 39 | 40 | 41 | - title: "Set time and date automatically" 42 | check_command: | 43 | sudo systemsetup getusingnetworktime | grep 'Network Time: Off' 44 | fix_command: | 45 | sudo systemsetup setusingnetworktime off 46 | enabled: true 47 | 48 | 49 | - title: "Set an inactivity interval of 10 minutes or less for the screen saver" 50 | check_command: | 51 | UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep "IOPlatformUUID" | sed -e 's/^.*"\(.*\)"$/\1/'`; for i in $(find /Users -type d -maxdepth 1); do PREF=$i/Library/Preferences/ByHost/com.apple.screensaver.$UUID; if [ -e $PREF.plist ]; then TIMEOUT=$(defaults read $PREF.plist idleTime) && if [ $TIMEOUT -eq 0 ] || [ $TIMEOUT -gt 600 ]; then exit 1; fi; fi; done; exit 0 52 | comment: "This checks the screensaver setting for each user" 53 | fix_command: | 54 | UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep "IOPlatformUUID" | sed -e 's/^.*"\(.*\)"$/\1/'`; for i in $(find /Users -type d -maxdepth 1); do PREF=$i/Library/Preferences/ByHost/com.apple.screensaver.$UUID; if [ -e $PREF.plist ]; then defaults -currentHost write $PREF.plist idleTime -int 600; fi; done 55 | enabled: true 56 | 57 | 58 | - title: "Enable secure screen saver corners" 59 | check_command: | 60 | for i in $(find /Users -type d -maxdepth 1); do PREF=$i/Library/Preferences/com.apple.dock.plist; if [ -e $PREF ]; then CORNER=$(defaults read $PREF | grep corner | grep 6) && if [ -n "$CORNER" ]; then exit 1; fi; fi; done; exit 0 61 | fix_command: | 62 | for i in $(find /Users -type d -maxdepth 1); do PREF=$i/Library/Preferences/com.apple.dock.plist; if [ -e $PREF ]; then CORNER=$(defaults read $PREF | grep corner | grep 6) && if [ -n "$CORNER" ]; then defaults write $PREF wvous-tr-corner 5; fi; fi; done; 63 | enabled: true 64 | 65 | 66 | - title: "Require a password to wake the computer from sleep or screen saver" 67 | check_command: | 68 | defaults read com.apple.screensaver askForPassword | grep 1 69 | fix_command: | 70 | defaults write com.apple.screensaver askForPassword -int 1 71 | enabled: true 72 | 73 | 74 | - title: "Ensure screen locks immediately when requested" 75 | check_command: | 76 | defaults read com.apple.screensaver askForPasswordDelay | grep "0" 77 | fix_command: | 78 | defaults write com.apple.screensaver askForPasswordDelay -int 0 79 | enabled: true 80 | 81 | 82 | - title: "Disable Remote Apple Events" 83 | check_command: | 84 | sudo systemsetup -getremoteappleevents | grep "Remote Apple Events: Off" 85 | fix_command: | 86 | sudo systemsetup -setremoteappleevents off 87 | enabled: true 88 | 89 | 90 | - title: "Disable Remote Login" 91 | check_command: | 92 | sudo systemsetup -getremotelogin | grep "Remote Login: Off" 93 | fix_command: | 94 | sudo systemsetup -f -setremotelogin off", 95 | enabled: true 96 | 97 | 98 | - title: "Disable Internet Sharing" 99 | check_command: | 100 | if [ -e /Library/Preferences/SystemConfiguration/com.apple.nat ]; then NAT=$(defaults read /Library/Preferences/SystemConfiguration/com.apple.nat | grep -i "Enabled = 0") && if [ -n "$NAT" ]; then exit 1; fi; fi; exit 0 101 | fix_command: | 102 | defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add Enabled -int 0 103 | comment: "TODO: I'm not sure if this fix actually works since I don't have Internet Sharing enabled anywhere to test" 104 | enabled: true 105 | 106 | 107 | - title: "Disable Screen Sharing" 108 | check_command: | 109 | if [ -e /System/Library/LaunchDaemons/com.apple.screensharing.plist ]; then STATUS=$(launchctl load /System/Library/LaunchDaemons/com.apple.screensharing.plist | grep -v "Service is disabled") && if [ -n "$STATUS" ]; then exit 1; fi; fi; exit 0 110 | fix_command: | 111 | launchctl unload -w /System/Library/LaunchDaemons/com.apple.screensharing.plist 112 | enabled: true 113 | 114 | 115 | - title: "Disable Printer Sharing" 116 | check_command: | 117 | if [ -n "$(system_profiler SPPrintersDataType | grep Shared | grep Yes)" ]; then exit 1; fi; exit 0 118 | fix_command: | 119 | cupsctl --no-share-printers 120 | enabled: true 121 | 122 | 123 | - title: "Disable Wake on Network Access" 124 | check_command: | 125 | sudo systemsetup getwakeonnetworkaccess | grep "Wake On Network Access: Off" 126 | fix_command: | 127 | sudo systemsetup -setwakeonnetworkaccess off 128 | enabled: true 129 | 130 | 131 | - title: "Disable File Sharing" 132 | check_command: | 133 | if [ -n "$(launchctl list | egrep AppleFileServer)" ]; then exit 1; fi; if [ -n "$(grep -i array /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist)" ]; then exit 1; fi; exit 0; 134 | fix_command: | 135 | launchctl unload -w /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist && launchctl unload -w /System/Library/LaunchDaemons/com.apple.smbd.plist 136 | enabled: true 137 | 138 | 139 | - title: "Disable Remote Management" 140 | check_command: | 141 | if [ -n "$(ps -ef | egrep "/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/[A]RDAgent")" ]; then exit 1; fi; exit 0 142 | fix_command: | 143 | /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop 144 | enabled: true 145 | 146 | 147 | - title: "Enable FileVault" 148 | check_command: | 149 | diskutil cs list | grep -i "Encryption Status: Unlocked" 150 | comment: "TODO: FileVault can be enabled with `fdesetup enable`, but you need to enter user creds and write down the recovery key. How to do this programmatically, or at least tell the user the steps? See https://derflounder.wordpress.com/2013/10/22/managing-mavericks-filevault-2-with-fdesetup/" 151 | enabled: true 152 | 153 | 154 | - title: "Destroy File Vault Key when going to standby" 155 | check_command: | 156 | pmset -g | grep DestroyFVKeyOnStandby | grep 1 157 | fix_command: | 158 | sudo pmset -a destroyfvkeyonstandby 1 159 | enabled: true 160 | 161 | 162 | - title: "Enable hibernation mode (no memory power on sleep)" 163 | check_command: | 164 | pmset -g | grep hibernatemode | grep 25 165 | fix_command: | 166 | sudo pmset -a hibernatemode 25 167 | enabled: true 168 | 169 | 170 | - title: "Enable Gatekeeper" 171 | check_command: | 172 | spctl --status | grep "assessments enabled" 173 | fix_command: | 174 | spctl --master-enable 175 | enabled: true 176 | 177 | 178 | - title: "Enable Firewall" 179 | check_command: | 180 | test $(defaults read /Library/Preferences/com.apple.alf globalstate) -ge 1 181 | fix_command: | 182 | defaults write /Library/Preferences/com.apple.alf globalstate -int 1 183 | enabled: true 184 | 185 | 186 | - title: "Enable Firewall Stealth Mode" 187 | check_command: | 188 | /usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode | grep "Stealth mode enabled" 189 | fix_command: | 190 | /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on 191 | enabled: true 192 | 193 | 194 | - title: "Disable signed apps from being auto-permitted to listen through firewall" 195 | check_command: | 196 | defaults read /Library/Preferences/com.apple.alf allowsignedenabled | grep 0 197 | fix_command: | 198 | defaults write /Library/Preferences/com.apple.alf allowsignedenabled -bool false" 199 | enabled: true 200 | 201 | 202 | - title: "Disable iCloud drive" 203 | check_command: | 204 | if [ -n "$(defaults read NSGlobalDomain NSDocumentSaveNewDocumentsToCloud | grep "0")" ]; then exit 0; fi; exit 1; 205 | fix_command: | 206 | defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false 207 | comment: "TODO: Disable icloud entirely. This checks if a value is not set or set to 0" 208 | enabled: true 209 | 210 | 211 | - title: "Require an administrator password to access system-wide preferences" 212 | check_command: | 213 | if [ -n "$(security authorizationdb read system.preferences 2> /dev/null | grep -A1 shared | grep -E '(true|false)' | grep 'false')" ]; then exit 0; fi; exit 1 214 | fix_command: | 215 | security authorizationdb read system.preferences > /tmp/system.preferences.plist &&/usr/libexec/PlistBuddy -c "Set :shared false" /tmp/system.preferences.plist && security authorizationdb write system.preferences < /tmp/system.preferences.plist 216 | enabled: true 217 | 218 | 219 | - title: "Disable IPv6" 220 | check_command: | 221 | networksetup -listallnetworkservices | while read i; do SUPPORT=$(networksetup -getinfo "$i" | grep "IPv6: Automatic") && if [ -n "$SUPPORT" ]; then exit 1; fi; done; exit 0 222 | fix_command: | 223 | networksetup -listallnetworkservices | while read i; do SUPPORT=$(networksetup -getinfo "$i" | grep "IPv6: Automatic") && if [ -n "$SUPPORT" ]; then networksetup -setv6off "$i"; fi; done; 224 | enabled: true 225 | 226 | 227 | - title: "Disable Previews" 228 | check_command: | 229 | defaults read /Library/Preferences/com.apple.finder.plist | grep ShowIconThumbnails | grep 0 230 | fix_command: | 231 | /usr/libexec/PlistBuddy -c "Add StandardViewOptions:ColumnViewOptions:ShowIconThumbnails bool NO" "/Library/Preferences/com.apple.finder.plist" && /usr/libexec/PlistBuddy -c "Add StandardViewSettings:ListViewSettings:showIconPreview bool NO" "/Library/Preferences/com.apple.finder.plist" && /usr/libexec/PlistBuddy -c "Add StandardViewSettings:IconViewSettings:showIconPreview bool NO" "/Library/Preferences/com.apple.finder.plist" && /usr/libexec/PlistBuddy -c "Add StandardViewSettings:ExtendedListViewSettings:showIconPreview bool NO" "/Library/Preferences/com.apple.finder.plist" && /usr/libexec/PlistBuddy -c "Add StandardViewOptions:ColumnViewOptions:ShowPreview bool NO" "/Library/Preferences/com.apple.finder.plist" && /usr/libexec/PlistBuddy -c "Add StandardViewSettings:ListViewSettings:showPreview bool NO" "/Library/Preferences/com.apple.finder.plist" && /usr/libexec/PlistBuddy -c "Add StandardViewSettings:IconViewSettings:showPreview bool NO" "/Library/Preferences/com.apple.finder.plist" && /usr/libexec/PlistBuddy -c "Add StandardViewSettings:ExtendedListViewSettings:showPreview bool NO" "/Library/Preferences/com.apple.finder.plist" 232 | comment: "TODO: I'm only checking one item, check all" 233 | enabled: true 234 | 235 | 236 | - title: "Secure Safari by crippling it" 237 | check_command: | 238 | defaults read com.apple.Safari WebKitOmitPDFSupport | grep 1 239 | fix_command: | 240 | defaults write com.apple.Safari WebKitOmitPDFSupport -bool YES && defaults write com.apple.Safari WebKitJavaScriptEnabled -bool FALSE && defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled -bool FALSE 241 | comment: "I 'secure' safari by removing javascript and PDF support. Advanced users won't use Safari anyway and novices will be persuaded to use Chrome or Firefox. TODO: This needs to be done per user." 242 | enabled: true 243 | 244 | 245 | - title: "Disable automatic loading of remote content by Mail.app" 246 | check_command: | 247 | defaults read com.apple.mail-shared DisableURLLoading | grep 1 248 | fix_command: | 249 | defaults write com.apple.mail-shared DisableURLLoading -bool true 250 | comment: "I improve security of OSX's Mail app by disabling automatic loading of remote content in opened emails. TODO: This needs to be done per user." 251 | enabled: true 252 | 253 | 254 | - title: "Verify no HTTP update URLs for Sparkle Updater" 255 | check_command: | 256 | for i in /Applications/*/Contents/Info.plist; do URL=$(defaults read "$i" SUFeedURL 2>/dev/null | grep "http://"); if [ -n "$URL" ]; then exit 1; fi; done; exit 0 257 | comment: "For more details see https://vulnsec.com/2016/osx-apps-vulnerabilities/" 258 | enabled: true 259 | -------------------------------------------------------------------------------- /Lockdown/3rd-Party/SummitRoute/osxlockdown: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/3rd-Party/SummitRoute/osxlockdown -------------------------------------------------------------------------------- /Lockdown/3rd-Party/YAML.framework/Headers: -------------------------------------------------------------------------------- 1 | Versions/Current/Headers -------------------------------------------------------------------------------- /Lockdown/3rd-Party/YAML.framework/Resources: -------------------------------------------------------------------------------- 1 | Versions/Current/Resources -------------------------------------------------------------------------------- /Lockdown/3rd-Party/YAML.framework/Versions/A/Headers/YAMLSerialization.h: -------------------------------------------------------------------------------- 1 | // 2 | // YAMLSerialization.h 3 | // YAML Serialization support by Mirek Rusin based on C library LibYAML by Kirill Simonov 4 | // Released under MIT License 5 | // 6 | // Copyright 2010 Mirek Rusin 7 | // Copyright 2010 Stanislav Yudin 8 | // 9 | 10 | #import 11 | 12 | // Mimics NSPropertyListMutabilityOptions 13 | typedef enum { 14 | kYAMLReadOptionImmutable = 0x0000000000000001, 15 | kYAMLReadOptionMutableContainers = 0x0000000000000010, 16 | kYAMLReadOptionMutableContainersAndLeaves = 0x0000000000000110, 17 | kYAMLReadOptionStringScalars = 0x0000000000001000 18 | } YAMLReadOptions; 19 | 20 | typedef enum { 21 | kYAMLErrorNoErrors, 22 | kYAMLErrorCodeParserInitializationFailed, 23 | kYAMLErrorCodeParseError, 24 | kYAMLErrorCodeEmitterError, 25 | kYAMLErrorInvalidOptions, 26 | kYAMLErrorCodeOutOfMemory, 27 | kYAMLErrorInvalidYamlObject, 28 | } YAMLErrorCode; 29 | 30 | typedef enum { 31 | kYAMLWriteOptionSingleDocument = 0x0000000000000001, 32 | kYAMLWriteOptionMultipleDocuments = 0x0000000000000010, 33 | } YAMLWriteOptions; 34 | 35 | extern NSString *const YAMLErrorDomain; 36 | 37 | @interface YAMLSerialization : NSObject 38 | 39 | #pragma mark YAML reading 40 | 41 | // Returns all document objects from parsed YAML stream. 42 | + (NSMutableArray *) objectsWithYAMLStream: (NSInputStream *) stream 43 | options: (YAMLReadOptions) opt 44 | error: (NSError **) error; 45 | 46 | // Returns all document objects from parsed YAML data. 47 | + (NSMutableArray *) objectsWithYAMLData: (NSData *) data 48 | options: (YAMLReadOptions) opt 49 | error: (NSError **) error; 50 | 51 | // Returns all document objects from parsed YAML string. 52 | + (NSMutableArray *) objectsWithYAMLString: (NSString *) string 53 | options: (YAMLReadOptions) opt 54 | error: (NSError **) error; 55 | 56 | // Returns first object from parsed YAML stream. 57 | + (id) objectWithYAMLStream: (NSInputStream *) stream 58 | options: (YAMLReadOptions) opt 59 | error: (NSError **) error; 60 | 61 | // Returns first object from parsed YAML data. 62 | + (id) objectWithYAMLData: (NSData *) data 63 | options: (YAMLReadOptions) opt 64 | error: (NSError **) error; 65 | 66 | // Returns first object from parsed YAML string. 67 | + (id) objectWithYAMLString: (NSString *) string 68 | options: (YAMLReadOptions) opt 69 | error: (NSError **) error; 70 | 71 | #pragma mark Writing YAML 72 | 73 | // Returns YES on success, NO otherwise. 74 | + (BOOL) writeObject: (id) object 75 | toYAMLStream: (NSOutputStream *) stream 76 | options: (YAMLWriteOptions) opt 77 | error: (NSError **) error; 78 | 79 | // Caller is responsible for releasing returned object. 80 | + (NSData *) createYAMLDataWithObject: (id) object 81 | options: (YAMLWriteOptions) opt 82 | error: (NSError **) error NS_RETURNS_RETAINED; 83 | 84 | // Returns autoreleased object. 85 | + (NSData *) YAMLDataWithObject: (id) object 86 | options: (YAMLWriteOptions) opt 87 | error: (NSError **) error; 88 | 89 | // Caller is responsible for releasing returned object. 90 | + (NSString *) createYAMLStringWithObject: (id) object 91 | options: (YAMLWriteOptions) opt 92 | error: (NSError **) error NS_RETURNS_RETAINED; 93 | 94 | // Returns autoreleased object. 95 | + (NSString *) YAMLStringWithObject: (id) object 96 | options: (YAMLWriteOptions) opt 97 | error: (NSError **) error; 98 | 99 | #pragma mark Deprecated 100 | 101 | // Deprecated, use objectsWithYAMLStream:options:error or objectWithYAMLStream:options:error instead. 102 | + (NSMutableArray *) YAMLWithStream: (NSInputStream *) stream options: (YAMLReadOptions) opt error: (NSError **) error __attribute__((deprecated)); 103 | 104 | // Deprecated, use objectsWithYAMLData:options:error or objectWithYAMLData:options:error instead. 105 | + (NSMutableArray *) YAMLWithData: (NSData *) data options: (YAMLReadOptions) opt error: (NSError **) error __attribute__((deprecated)); 106 | 107 | // Deprecated, use YAMLDataWithObject:options:error or createYAMLDataWithObject:options:error instead. 108 | + (NSData *) dataFromYAML: (id) object options: (YAMLWriteOptions) opt error: (NSError **) error __attribute__((deprecated)); 109 | 110 | // Deprecated, use writeYAMLObject:toStream:options:error instead. 111 | + (BOOL) writeYAML: (id) object toStream: (NSOutputStream *) stream options: (YAMLWriteOptions) opt error: (NSError **) error __attribute__((deprecated)); 112 | 113 | @end 114 | -------------------------------------------------------------------------------- /Lockdown/3rd-Party/YAML.framework/Versions/A/Resources/English.lproj/InfoPlist.strings: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/3rd-Party/YAML.framework/Versions/A/Resources/English.lproj/InfoPlist.strings -------------------------------------------------------------------------------- /Lockdown/3rd-Party/YAML.framework/Versions/A/Resources/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | BuildMachineOSBuild 6 | 15D21 7 | CFBundleDevelopmentRegion 8 | English 9 | CFBundleExecutable 10 | YAML 11 | CFBundleIdentifier 12 | com.yourcompany.YAML 13 | CFBundleInfoDictionaryVersion 14 | 6.0 15 | CFBundleName 16 | YAML 17 | CFBundlePackageType 18 | FMWK 19 | CFBundleShortVersionString 20 | 1.0 21 | CFBundleSignature 22 | ???? 23 | CFBundleSupportedPlatforms 24 | 25 | MacOSX 26 | 27 | CFBundleVersion 28 | 1 29 | DTCompiler 30 | com.apple.compilers.llvm.clang.1_0 31 | DTPlatformBuild 32 | 7C68 33 | DTPlatformVersion 34 | GM 35 | DTSDKBuild 36 | 15C43 37 | DTSDKName 38 | macosx10.11 39 | DTXcode 40 | 0720 41 | DTXcodeBuild 42 | 7C68 43 | 44 | 45 | -------------------------------------------------------------------------------- /Lockdown/3rd-Party/YAML.framework/Versions/A/YAML: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/3rd-Party/YAML.framework/Versions/A/YAML -------------------------------------------------------------------------------- /Lockdown/3rd-Party/YAML.framework/Versions/Current: -------------------------------------------------------------------------------- 1 | A -------------------------------------------------------------------------------- /Lockdown/3rd-Party/YAML.framework/YAML: -------------------------------------------------------------------------------- 1 | Versions/Current/YAML -------------------------------------------------------------------------------- /Lockdown/AboutWindowController.h: -------------------------------------------------------------------------------- 1 | // 2 | // AboutWindowController.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | @interface AboutWindowController : NSWindowController 11 | { 12 | 13 | } 14 | 15 | /* PROPERTIES */ 16 | 17 | //version label/string 18 | @property(weak) IBOutlet NSTextField *versionLabel; 19 | 20 | /* METHODS */ 21 | 22 | //invoked when user clicks 'more info' button 23 | // ->open Lockdown's product page 24 | - (IBAction)moreInfo:(id)sender; 25 | 26 | @end 27 | -------------------------------------------------------------------------------- /Lockdown/AboutWindowController.m: -------------------------------------------------------------------------------- 1 | // 2 | // AboutWindowController.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import "Consts.h" 9 | #import "AppDelegate.h" 10 | 11 | #import "AboutWindowController.h" 12 | 13 | 14 | @implementation AboutWindowController 15 | 16 | @synthesize versionLabel; 17 | 18 | //automatically called when nib is loaded 19 | // ->center window 20 | -(void)awakeFromNib 21 | { 22 | //center 23 | [self.window center]; 24 | } 25 | 26 | //automatically invoked when window is loaded 27 | // ->set to white 28 | -(void)windowDidLoad 29 | { 30 | //super 31 | [super windowDidLoad]; 32 | 33 | //make white 34 | [self.window setBackgroundColor: NSColor.whiteColor]; 35 | 36 | //set version sting 37 | [self.versionLabel setStringValue:[NSString stringWithFormat:@"version: %@", [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleVersion"]]]; 38 | 39 | return; 40 | } 41 | 42 | //automatically invoked when user clicks 'more info' 43 | // ->load lockdown's html page in the user's default browser 44 | -(IBAction)moreInfo:(id)sender 45 | { 46 | //open URL 47 | // ->invokes user's default browser 48 | [[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:PRODUCT_URL]]; 49 | 50 | return; 51 | } 52 | @end 53 | -------------------------------------------------------------------------------- /Lockdown/AppDelegate.h: -------------------------------------------------------------------------------- 1 | // 2 | // AppDelegate.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | #import "AboutWindowController.h" 11 | #import "ErrorWindowController.h" 12 | 13 | 14 | @interface AppDelegate : NSObject 15 | { 16 | 17 | } 18 | 19 | /* PROPERTIES */ 20 | 21 | //current view controller 22 | @property(nonatomic, retain)NSViewController* currentViewController; 23 | 24 | //commands 25 | @property(nonatomic, retain)NSMutableArray* commands; 26 | 27 | //commands path 28 | @property(nonatomic, retain)NSString* commandsFile; 29 | 30 | //main view 31 | @property(nonatomic, retain)NSView *mainView; 32 | 33 | //command execution mode 34 | // ->audit/fix 35 | @property NSUInteger mode; 36 | 37 | //about window controller 38 | @property(nonatomic, retain)AboutWindowController* aboutWindowController; 39 | 40 | //error window controller 41 | @property(nonatomic, retain)ErrorWindowController* errorWindowController; 42 | 43 | 44 | /* METHODS */ 45 | 46 | //change top pane 47 | // ->switch between either flat (default) or tree-based (hierachical) view 48 | -(void)changeViewController:(NSUInteger)viewID; 49 | 50 | //check if app is pristine 51 | // ->that is to say, nobody modified on-disk image/resources 52 | OSStatus verifySelf(); 53 | 54 | //load commands 55 | // ->read them into memory and convery into objc obj 56 | -(BOOL)loadCommands; 57 | 58 | //save commands 59 | // ->write out commands to disk 60 | -(BOOL)saveCommands; 61 | 62 | //display error window 63 | -(void)displayErrorWindow:(NSDictionary*)errorInfo; 64 | 65 | @end 66 | 67 | -------------------------------------------------------------------------------- /Lockdown/AppDelegate.m: -------------------------------------------------------------------------------- 1 | // 2 | // AppDelegate.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | // 3rd-party components (all MIT license'd) 8 | // a) osxlockdown: https://github.com/SummitRoute/osxlockdown 9 | // b) ANSIEscapeHelper: https://github.com/ali-rantakari/ANSIEscapeHelper 10 | // c) YAML -> Obj-C framework: https://github.com/mirek/YAML.framework 11 | 12 | #import 13 | #include 14 | 15 | #import "Consts.h" 16 | #import "Exception.h" 17 | #import "Utilities.h" 18 | #import "AppDelegate.h" 19 | #import "CommandsViewController.h" 20 | #import "ExecuteViewController.h" 21 | #import "WarningViewController.h" 22 | #import "3rd-Party/YAML.framework/Headers/YAMLSerialization.h" 23 | 24 | 25 | @implementation AppDelegate 26 | 27 | @synthesize mode; 28 | @synthesize commands; 29 | @synthesize commandsFile; 30 | @synthesize aboutWindowController; 31 | @synthesize currentViewController; 32 | @synthesize errorWindowController; 33 | 34 | 35 | //automatically called as app's 'main' method 36 | // ->check version, load commands, and initial UI view 37 | -(void)applicationDidFinishLaunching:(NSNotification *)aNotification 38 | { 39 | //app's (self) signing status 40 | OSStatus signingStatus = !noErr; 41 | 42 | //install exception handlers 43 | installExceptionHandlers(); 44 | 45 | //check if OS is supported 46 | if(YES != isSupportedOS()) 47 | { 48 | //show error popup 49 | [self displayErrorWindow: @{KEY_ERROR_MSG:@"ERROR: unsupported OS", KEY_ERROR_SUB_MSG: [NSString stringWithFormat:@"OS X %@ is not supported", [[NSProcessInfo processInfo] operatingSystemVersionString]], KEY_ERROR_SHOULD_EXIT:@YES}]; 50 | 51 | //bail 52 | goto bail; 53 | } 54 | 55 | //r00t 56 | // ->for realz 57 | if(0 != setuid(0)) 58 | { 59 | //err msg 60 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: setuid() failed with: %d\n", errno); 61 | 62 | //bail 63 | goto bail; 64 | } 65 | 66 | //alloc array for commands 67 | commands = [NSMutableArray array]; 68 | 69 | //get a path for the commands file 70 | // ->as user might select/deselect commands 71 | commandsFile = [NSTemporaryDirectory() stringByAppendingPathComponent:COMMANDS_FILE]; 72 | 73 | //prepare osxlockdown 74 | // ->set to r00t, remove q attr, etc 75 | [self prepOSXLockdown]; 76 | 77 | //(re)verify self 78 | // ->show error if app cannot be verified (will exit) 79 | signingStatus = verifySelf(); 80 | if(noErr != signingStatus) 81 | { 82 | //show alert 83 | showUnverifiedAlert(signingStatus); 84 | 85 | //exit 86 | exit(0); 87 | } 88 | 89 | //load yaml commands 90 | if(YES != [self loadCommands]) 91 | { 92 | //show error popup 93 | [self displayErrorWindow: @{KEY_ERROR_MSG:@"ERROR: load failure", KEY_ERROR_SUB_MSG: @"failed to load lockdown commands", KEY_ERROR_SHOULD_EXIT:@YES}]; 94 | 95 | //bail 96 | goto bail; 97 | } 98 | 99 | //all happy, now enable 'continue' button 100 | // ->need 'else' to scope for dispatch_after 101 | else 102 | { 103 | //wait 1 second 104 | // ->then enable 'continue' button & make it selected 105 | dispatch_after(dispatch_time(DISPATCH_TIME_NOW, 1 * NSEC_PER_SEC), dispatch_get_main_queue(), ^{ 106 | 107 | //enable 108 | ((WarningViewController*)self.currentViewController).continueButton.enabled = YES; 109 | 110 | //make selected 111 | [[[NSApplication sharedApplication] keyWindow] makeFirstResponder:((WarningViewController*)self.currentViewController).continueButton]; 112 | }); 113 | } 114 | 115 | //bail 116 | bail: 117 | 118 | return; 119 | } 120 | 121 | //tell app to close when user clicks 'x' button 122 | -(BOOL)applicationShouldTerminateAfterLastWindowClosed:(NSApplication *)theApplication 123 | { 124 | return YES; 125 | } 126 | 127 | //delete temp copy of commands file 128 | -(void)applicationWillTerminate:(NSNotification *)notification 129 | { 130 | //delete 131 | [[NSFileManager defaultManager] removeItemAtPath:self.commandsFile error:NULL]; 132 | 133 | return; 134 | } 135 | 136 | //prepare osxlockdown components 137 | // ->make exec, set to r00t, etc... 138 | -(void)prepOSXLockdown 139 | { 140 | //path to osxlockdown binary 141 | NSString* osxlockdown = nil; 142 | 143 | //init path to osxlockdown binary 144 | osxlockdown = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:BINARY_FILE]; 145 | 146 | //make sure osxlockdown binary has executable bit set 147 | [[NSFileManager defaultManager] setAttributes:@{NSFilePosixPermissions:@0755} ofItemAtPath:osxlockdown error:NULL]; 148 | 149 | //set osxlockdown binary to r00t 150 | [[NSFileManager defaultManager] setAttributes:@{NSFileGroupOwnerAccountID:@0, NSFileOwnerAccountID:@0} ofItemAtPath:osxlockdown error:NULL]; 151 | 152 | //set osxlockdown commands to r00t 153 | [[NSFileManager defaultManager] setAttributes:@{NSFileGroupOwnerAccountID:@0, NSFileOwnerAccountID:@0} ofItemAtPath:[[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:COMMANDS_FILE] error:NULL]; 154 | 155 | return; 156 | } 157 | 158 | //automatically invoked when user clicks 'About/Info' 159 | // ->show about window 160 | -(IBAction)about:(id)sender 161 | { 162 | //alloc/init settings window 163 | if(nil == self.aboutWindowController) 164 | { 165 | //alloc/init 166 | aboutWindowController = [[AboutWindowController alloc] initWithWindowNibName:@"AboutWindow"]; 167 | } 168 | 169 | //center window 170 | [[self.aboutWindowController window] center]; 171 | 172 | //show it 173 | [self.aboutWindowController showWindow:self]; 174 | 175 | return; 176 | } 177 | 178 | 179 | //change top pane 180 | // ->switch between either flat (default) or tree-based (hierachical) view 181 | -(void)changeViewController:(NSUInteger)viewID 182 | { 183 | //key window 184 | NSWindow* keyWindow = nil; 185 | 186 | //grab key window 187 | keyWindow = [[NSApplication sharedApplication] keyWindow]; 188 | 189 | //first 190 | // ->remove existing view 191 | if([self.currentViewController view] != nil) 192 | { 193 | //remove 194 | [[self.currentViewController view] removeFromSuperview]; 195 | 196 | //'free' 197 | self.currentViewController = nil; 198 | } 199 | 200 | //display specified view 201 | switch(viewID) 202 | { 203 | //warning view 204 | case VIEW_WARNING: 205 | { 206 | //alloc/init 207 | currentViewController = [[WarningViewController alloc] initWithNibName:@"WarningView" bundle:nil]; 208 | 209 | break; 210 | } 211 | 212 | //command selector view 213 | case VIEW_COMMANDS: 214 | { 215 | //alloc/init 216 | currentViewController = [[CommandsViewController alloc] initWithNibName:@"TestsView" bundle:nil]; 217 | 218 | //resize window 219 | [keyWindow setFrame:NSMakeRect(0,0,600,533) display:YES]; 220 | 221 | //set view's frame to match window's 222 | self.currentViewController.view.frame = [keyWindow contentRectForFrameRect:keyWindow.frame]; 223 | 224 | //center window 225 | [[[NSApplication sharedApplication] keyWindow] center]; 226 | 227 | break; 228 | } 229 | 230 | //execute commands view 231 | case VIEW_EXECUTE: 232 | { 233 | //alloc/init 234 | currentViewController = [[ExecuteViewController alloc] initWithNibName:@"ExecuteView" bundle:nil]; 235 | 236 | //resize window 237 | [keyWindow setFrame:NSMakeRect(0,0,600,533) display:YES]; 238 | 239 | //set view's frame to match window's 240 | self.currentViewController.view.frame = [keyWindow contentRectForFrameRect:keyWindow.frame]; 241 | 242 | //center window 243 | [[[NSApplication sharedApplication] keyWindow] center]; 244 | 245 | break; 246 | } 247 | } 248 | 249 | //add subview 250 | [self.mainView addSubview:self.currentViewController.view]; 251 | 252 | return; 253 | } 254 | 255 | //load original commands 256 | // ->read them into memory and convery into an objc obj 257 | -(BOOL)loadCommands 258 | { 259 | //loaded 260 | BOOL bLoaded = NO; 261 | 262 | //error 263 | NSError* error = nil; 264 | 265 | //path to commands 266 | NSString* commandsPath = nil; 267 | 268 | //input stream 269 | NSInputStream *yamlStream = nil; 270 | 271 | //init path to commands file 272 | commandsPath = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:COMMANDS_FILE]; 273 | 274 | //init yaml input stream from w/ commands 275 | yamlStream = [[NSInputStream alloc] initWithFileAtPath:commandsPath]; 276 | if(nil == yamlStream) 277 | { 278 | //err msg 279 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: loading commands initialization failed\n"); 280 | 281 | //bail 282 | goto bail; 283 | } 284 | 285 | //load commands 286 | self.commands = [YAMLSerialization objectsWithYAMLStream:yamlStream options:kYAMLReadOptionStringScalars error:&error]; 287 | 288 | //make sure loading succeeded and data looks ok 289 | if( (nil != error) || 290 | (YES != [self.commands isKindOfClass:[NSMutableArray class]]) || 291 | (0 == self.commands.count) ) 292 | { 293 | //err msg 294 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: loading commands failed with: %s\n", error.description.UTF8String); 295 | 296 | //bail 297 | goto bail; 298 | } 299 | 300 | //format is an array, with a single member 301 | // ->and array of dictionaries (want that) 302 | self.commands = self.commands.firstObject; 303 | 304 | //again, make sure this data looks ok 305 | if( (YES != [self.commands isKindOfClass:[NSMutableArray class]]) || 306 | (0 == self.commands.count) ) 307 | { 308 | //err msg 309 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: loading commands failed\n"); 310 | 311 | //bail 312 | goto bail; 313 | } 314 | 315 | //happy 316 | bLoaded = YES; 317 | 318 | //bail 319 | bail: 320 | 321 | return bLoaded; 322 | } 323 | 324 | //save commands 325 | // ->write commands out to disk 326 | -(BOOL)saveCommands 327 | { 328 | //loaded 329 | BOOL bSaved = NO; 330 | 331 | //error 332 | NSError* error = nil; 333 | 334 | //output stream 335 | NSOutputStream *yamlStream = nil; 336 | 337 | //init output stream 338 | yamlStream = [NSOutputStream outputStreamToFileAtPath:self.commandsFile append:NO]; 339 | if(nil == yamlStream) 340 | { 341 | //err msg 342 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: failed to output output stream for %s\n", self.commandsFile.UTF8String); 343 | 344 | //bail 345 | goto bail; 346 | } 347 | 348 | //open stream 349 | [yamlStream open]; 350 | 351 | //write commands to stream 352 | if(YES != [YAMLSerialization writeObject:self.commands toYAMLStream:yamlStream options:kYAMLWriteOptionSingleDocument error:&error]) 353 | { 354 | //err msg 355 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: writing commands to output stream failed with: %s\n", error.description.UTF8String); 356 | 357 | //bail 358 | goto bail; 359 | } 360 | 361 | //close stream 362 | [yamlStream close]; 363 | 364 | //happy 365 | bSaved = YES; 366 | 367 | //bail 368 | bail: 369 | 370 | return bSaved; 371 | } 372 | 373 | //display error window 374 | -(void)displayErrorWindow:(NSDictionary*)errorInfo 375 | { 376 | //alloc error window 377 | errorWindowController = [[ErrorWindowController alloc] initWithWindowNibName:@"ErrorWindowController"]; 378 | 379 | //main thread 380 | // ->just show UI alert, unless its fatal (then load URL) 381 | if(YES == [NSThread isMainThread]) 382 | { 383 | //non-fatal errors 384 | // ->show error error popup 385 | if(YES != [errorInfo[KEY_ERROR_URL] isEqualToString:FATAL_ERROR_URL]) 386 | { 387 | //display it 388 | // ->call this first to so that outlets are connected 389 | [self.errorWindowController display]; 390 | 391 | //configure it 392 | [self.errorWindowController configure:errorInfo]; 393 | } 394 | //fatal error 395 | // ->launch browser to go to fatal error page, then exit 396 | else 397 | { 398 | //launch browser 399 | [[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:errorInfo[KEY_ERROR_URL]]]; 400 | 401 | //then exit 402 | [NSApp terminate:self]; 403 | } 404 | } 405 | //background thread 406 | // ->have to show error window on main thread 407 | else 408 | { 409 | //show alert 410 | // ->in main UI thread 411 | dispatch_sync(dispatch_get_main_queue(), ^{ 412 | 413 | //display it 414 | // ->call this first to so that outlets are connected 415 | [self.errorWindowController display]; 416 | 417 | //configure it 418 | [self.errorWindowController configure:errorInfo]; 419 | 420 | }); 421 | } 422 | 423 | return; 424 | } 425 | 426 | 427 | @end 428 | -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "size" : "16x16", 5 | "idiom" : "mac", 6 | "filename" : "icon_16x16.png", 7 | "scale" : "1x" 8 | }, 9 | { 10 | "size" : "16x16", 11 | "idiom" : "mac", 12 | "filename" : "icon_32x32.png", 13 | "scale" : "2x" 14 | }, 15 | { 16 | "idiom" : "mac", 17 | "size" : "32x32", 18 | "scale" : "1x" 19 | }, 20 | { 21 | "size" : "32x32", 22 | "idiom" : "mac", 23 | "filename" : "icon_32x32@2x.png", 24 | "scale" : "2x" 25 | }, 26 | { 27 | "size" : "128x128", 28 | "idiom" : "mac", 29 | "filename" : "icon_128x128.png", 30 | "scale" : "1x" 31 | }, 32 | { 33 | "size" : "128x128", 34 | "idiom" : "mac", 35 | "filename" : "icon_128x128@2x.png", 36 | "scale" : "2x" 37 | }, 38 | { 39 | "size" : "256x256", 40 | "idiom" : "mac", 41 | "filename" : "icon_256x256.png", 42 | "scale" : "1x" 43 | }, 44 | { 45 | "size" : "256x256", 46 | "idiom" : "mac", 47 | "filename" : "icon_256x256@2x.png", 48 | "scale" : "2x" 49 | }, 50 | { 51 | "size" : "512x512", 52 | "idiom" : "mac", 53 | "filename" : "icon_512x512.png", 54 | "scale" : "1x" 55 | }, 56 | { 57 | "size" : "512x512", 58 | "idiom" : "mac", 59 | "filename" : "icon_512x512@2x.png", 60 | "scale" : "2x" 61 | } 62 | ], 63 | "info" : { 64 | "version" : 1, 65 | "author" : "xcode" 66 | } 67 | } -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_128x128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_128x128.png -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_128x128@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_128x128@2x.png -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_16x16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_16x16.png -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_256x256.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_256x256.png -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_256x256@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_256x256@2x.png -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_32x32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_32x32.png -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_32x32@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_32x32@2x.png -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_512x512.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_512x512.png -------------------------------------------------------------------------------- /Lockdown/Assets.xcassets/AppIcon.appiconset/icon_512x512@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Assets.xcassets/AppIcon.appiconset/icon_512x512@2x.png -------------------------------------------------------------------------------- /Lockdown/Base.lproj/Main.storyboard: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /Lockdown/CommandsViewController.h: -------------------------------------------------------------------------------- 1 | // 2 | // TestsViewController.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | @interface CommandsViewController : NSViewController 11 | { 12 | 13 | } 14 | 15 | /* PROPERTIES */ 16 | 17 | //table view 18 | @property(weak)IBOutlet NSTableView *tableView; 19 | 20 | //'audit' button 21 | @property(weak)IBOutlet NSButton *auditButton; 22 | 23 | //'fix' button 24 | @property(weak)IBOutlet NSButton *fixButton; 25 | 26 | /* METHODS */ 27 | 28 | //checkbox button handler 29 | -(IBAction)toggleTest:(id)sender; 30 | 31 | //'audit' and 'fix' button handler 32 | -(IBAction)executeCommands:(id)sender; 33 | 34 | @end 35 | -------------------------------------------------------------------------------- /Lockdown/CommandsViewController.m: -------------------------------------------------------------------------------- 1 | // 2 | // TestsViewController.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import "Consts.h" 9 | #import "AppDelegate.h" 10 | #import "CommandsViewController.h" 11 | 12 | 13 | @implementation CommandsViewController 14 | 15 | @synthesize fixButton; 16 | @synthesize tableView; 17 | @synthesize auditButton; 18 | 19 | //table delegate 20 | // ->return number of commands 21 | -(NSInteger)numberOfRowsInTableView:(NSTableView *)tableView 22 | { 23 | //rows (command count) 24 | return ((AppDelegate*)[[NSApplication sharedApplication] delegate]).commands.count; 25 | } 26 | 27 | //table delegate method 28 | // ->return cell for row 29 | -(NSView *)tableView:(NSTableView *)tableView viewForTableColumn:(NSTableColumn *)tableColumn row:(NSInteger)row 30 | { 31 | //command 32 | NSMutableDictionary* command = nil; 33 | 34 | //column index 35 | NSUInteger index = 0; 36 | 37 | //table cell 38 | NSTableCellView *result = nil; 39 | 40 | //check box 41 | NSButton* checkBox = nil; 42 | 43 | //get existing cell 44 | result = [self.tableView makeViewWithIdentifier:tableColumn.identifier owner:self]; 45 | 46 | //grab index 47 | index = [[self.tableView tableColumns] indexOfObject:tableColumn]; 48 | 49 | //get command for row 50 | command = ((AppDelegate*)[[NSApplication sharedApplication] delegate]).commands[row]; 51 | 52 | //handle column specific logic 53 | switch(index) 54 | { 55 | //logic for 'enabled' column 56 | case COLUMN_ENABLED: 57 | 58 | //grab checkbox 59 | checkBox = (NSButton*)[result viewWithTag:1001]; 60 | 61 | //for enabled commands 62 | // ->enable checkbox 63 | if(YES == [command[@"enabled"] isEqualToString:@"true"]) 64 | { 65 | //enable 66 | checkBox.state = NSOnState; 67 | } 68 | //for disabled commands 69 | // ->disable checkbox 70 | else 71 | { 72 | //disable 73 | checkBox.state = NSOffState; 74 | } 75 | 76 | break; 77 | 78 | //logic for 'command' column 79 | case COLUMN_COMMAND: 80 | 81 | //set string to title of command 82 | result.textField.stringValue = command[@"title"]; 83 | 84 | break; 85 | 86 | default: 87 | 88 | break; 89 | } 90 | 91 | return result; 92 | } 93 | 94 | //automatically invoked when user checks/unchecks checkbox in row 95 | // ->enable/disable command state, plus handle some other button logic 96 | -(IBAction)toggleTest:(id)sender 97 | { 98 | //row 99 | NSInteger row = 0; 100 | 101 | //commands 102 | NSMutableArray* commands = nil; 103 | 104 | //get row 105 | row = [self.tableView rowForView:sender]; 106 | 107 | //grab commands 108 | commands = ((AppDelegate*)[[NSApplication sharedApplication] delegate]).commands; 109 | 110 | //sanity check 111 | if( (-1 == row) || 112 | (row >= commands.count) ) 113 | { 114 | //bail 115 | goto bail; 116 | } 117 | 118 | //toggle command state 119 | // ->YAML wants 'true' or 'false' though... 120 | commands[row][@"enabled"] = (NSOnState == ((NSButton*)(sender)).state) ? @"true" : @"false"; 121 | 122 | //buttons may have been disabled via a full toggle off 123 | // ->so just always re-enable (ok if they already are) 124 | if(NSOnState == ((NSButton*)(sender)).state) 125 | { 126 | //enable 'audit' button 127 | self.auditButton.enabled = YES; 128 | 129 | //enable 'fix' button 130 | self.fixButton.enabled = YES; 131 | } 132 | //if this is the last test disabled 133 | // ->disable buttons 134 | else 135 | { 136 | //check all 137 | for(NSMutableDictionary* command in commands) 138 | { 139 | //when at least one other is enabled 140 | // ->no need to do anything 141 | if(YES == [command[@"enabled"] isEqualToString:@"true"]) 142 | { 143 | //bail 144 | goto bail; 145 | } 146 | } 147 | 148 | //all are disabled! 149 | // ->so disable buttons as well... 150 | 151 | //disable 'audit' button 152 | self.auditButton.enabled = NO; 153 | 154 | //disable 'fix' button 155 | self.fixButton.enabled = NO; 156 | } 157 | 158 | //bail 159 | bail: 160 | 161 | return; 162 | } 163 | 164 | //automatically invoked when user clicks 'Toggle All' 165 | // ->toggle all commands 'on' or 'off' and enable/disable other buttons 166 | -(IBAction)toggle:(id)sender 167 | { 168 | //iterate over all commands 169 | // ->update enabled state 170 | for(NSMutableDictionary* command in ((AppDelegate*)[[NSApplication sharedApplication] delegate]).commands) 171 | { 172 | //toggle command state 173 | // ->YAML wants 'true' or 'false' though... 174 | command[@"enabled"] = (NSOnState == ((NSButton*)(sender)).state) ? @"true" : @"false"; 175 | } 176 | 177 | //reload table 178 | [self.tableView reloadData]; 179 | 180 | //when toggle is off 181 | // ->disable buttons 182 | if(NSOffState == ((NSButton*)(sender)).state) 183 | { 184 | //disable 'audit' button 185 | self.auditButton.enabled = NO; 186 | 187 | //disable 'fix' button 188 | self.fixButton.enabled = NO; 189 | } 190 | //otherwise enable 191 | // ->doesn't matter if they are already enabled 192 | else 193 | { 194 | //enable 'audit' button 195 | self.auditButton.enabled = YES; 196 | 197 | //enable 'fix' button 198 | self.fixButton.enabled = YES; 199 | } 200 | 201 | return; 202 | } 203 | 204 | //automatically invoked when either 'audit' or 'fix' buttons are clicked 205 | // ->save commands (as some may be changed state), save mode, then load next view and execute commands 206 | -(IBAction)executeCommands:(id)sender 207 | { 208 | //alert 209 | NSAlert *alert = nil; 210 | 211 | //save all commands 212 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) saveCommands]; 213 | 214 | //set mode 215 | ((AppDelegate*)[[NSApplication sharedApplication] delegate]).mode = ((NSButton*)sender).tag; 216 | 217 | //warn if updating all software (in fix mode) 218 | // ->this may not be what the user really wants to do, and might take awhile! 219 | if(MODE_FIX == ((NSButton*)sender).tag) 220 | { 221 | //find & check if 'update' software command is enabled 222 | if(YES == [[((AppDelegate*)[[NSApplication sharedApplication] delegate]).commands firstObject][@"enabled"] isEqualToString:@"true"]) 223 | { 224 | //init alert 225 | alert = [[NSAlert alloc] init]; 226 | 227 | //set button 228 | [alert addButtonWithTitle:@"ok"]; 229 | 230 | //set button 231 | [alert addButtonWithTitle:@"cancel"]; 232 | 233 | //set main text 234 | [alert setMessageText:@"Continuing will update all OS X software!"]; 235 | 236 | //set detailed test 237 | [alert setInformativeText:@"\"Verify all application software is current\" is selected\r\n...this will run Apple's updater and may take awhile"]; 238 | 239 | //set style to warning 240 | [alert setAlertStyle:NSWarningAlertStyle]; 241 | 242 | //remove 'focus' ring 243 | // ->done via unsetting first responder 244 | dispatch_after(dispatch_time(DISPATCH_TIME_NOW, 0), dispatch_get_main_queue(), ^(void) 245 | { 246 | //unset first responder 247 | [[alert window] makeFirstResponder:nil]; 248 | }); 249 | 250 | //show alert/warning 251 | if(NSAlertFirstButtonReturn == [alert runModal]) 252 | { 253 | //load view 254 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) changeViewController:VIEW_EXECUTE]; 255 | } 256 | 257 | //bail 258 | goto bail; 259 | 260 | }//update software warning 261 | 262 | }//fix mode 263 | 264 | //load 'execute' view 265 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) changeViewController:VIEW_EXECUTE]; 266 | 267 | //bail 268 | bail: 269 | 270 | return; 271 | } 272 | 273 | @end 274 | -------------------------------------------------------------------------------- /Lockdown/Consts.h: -------------------------------------------------------------------------------- 1 | // 2 | // Consts.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #ifndef Consts_h 9 | #define Consts_h 10 | 11 | //path to bash 12 | #define BASH @"/bin/bash" 13 | 14 | //osx lockdown binary 15 | #define BINARY_FILE @"osxlockdown" 16 | 17 | //(yaml) commands 18 | #define COMMANDS_FILE @"commands.yaml" 19 | 20 | //warning view 21 | #define VIEW_WARNING 0x0 22 | 23 | //commands view 24 | #define VIEW_COMMANDS 0x01 25 | 26 | //execute view 27 | #define VIEW_EXECUTE 0x02 28 | 29 | //enabled column 30 | #define COLUMN_ENABLED 0x0 31 | 32 | //command column 33 | #define COLUMN_COMMAND 0x1 34 | 35 | //audit mode 36 | #define MODE_AUDIT 101 37 | 38 | //fix mode 39 | #define MODE_FIX 102 40 | 41 | //error msg 42 | #define KEY_ERROR_MSG @"errorMsg" 43 | 44 | //sub msg 45 | #define KEY_ERROR_SUB_MSG @"errorSubMsg" 46 | 47 | //error URL 48 | #define KEY_ERROR_URL @"errorURL" 49 | 50 | //flag for error popup 51 | #define KEY_ERROR_SHOULD_EXIT @"shouldExit" 52 | 53 | //general error URL 54 | #define FATAL_ERROR_URL @"https://objective-see.com/errors.html" 55 | 56 | //product url 57 | #define PRODUCT_URL @"https://objective-see.com/products/lockdown.html" 58 | 59 | #endif /* Consts_h */ 60 | -------------------------------------------------------------------------------- /Lockdown/ErrorWindowController.h: -------------------------------------------------------------------------------- 1 | // 2 | // ErrorWindowController.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | @interface ErrorWindowController : NSWindowController 11 | { 12 | 13 | } 14 | 15 | /* PROPERTIES */ 16 | 17 | //main msg in window 18 | @property (weak) IBOutlet NSTextField *errMsg; 19 | 20 | //sub msg in window 21 | @property (weak) IBOutlet NSTextField *errSubMsg; 22 | 23 | //info/help/fix button 24 | @property (weak) IBOutlet NSButton *infoButton; 25 | 26 | //close button 27 | @property (weak) IBOutlet NSButton *closeButton; 28 | 29 | //(optional) url for 'Info' button 30 | @property(nonatomic, retain)NSURL* errorURL; 31 | 32 | //flag indicating close button should exit app 33 | @property BOOL shouldExit; 34 | 35 | /* METHODS */ 36 | 37 | //configure the object/window 38 | -(void)configure:(NSDictionary*)errorInfo; 39 | 40 | //display (show) window 41 | -(void)display; 42 | 43 | @end 44 | -------------------------------------------------------------------------------- /Lockdown/ErrorWindowController.m: -------------------------------------------------------------------------------- 1 | // 2 | // ErrorWindowController.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import "Consts.h" 9 | #import "ErrorWindowController.h" 10 | 11 | @implementation ErrorWindowController 12 | 13 | @synthesize errorURL; 14 | @synthesize shouldExit; 15 | @synthesize closeButton; 16 | 17 | //automatically called when nib is loaded 18 | // ->center window 19 | -(void)awakeFromNib 20 | { 21 | //center 22 | [self.window center]; 23 | 24 | return; 25 | } 26 | 27 | //configure the object/window 28 | -(void)configure:(NSDictionary*)errorInfo 29 | { 30 | //set error msg 31 | self.errMsg.stringValue = errorInfo[KEY_ERROR_MSG]; 32 | 33 | //set error sub msg 34 | self.errSubMsg.stringValue = errorInfo[KEY_ERROR_SUB_MSG]; 35 | 36 | //save exit 37 | self.shouldExit = [errorInfo[KEY_ERROR_SHOULD_EXIT] boolValue]; 38 | 39 | //grab optional error url 40 | if(nil != errorInfo[KEY_ERROR_URL]) 41 | { 42 | //extract/convert 43 | self.errorURL = [NSURL URLWithString:errorInfo[KEY_ERROR_URL]]; 44 | } 45 | 46 | //when exiting 47 | // ->change 'close' to 'exit' 48 | if(YES == self.shouldExit) 49 | { 50 | //change title 51 | self.closeButton.title = @"Exit"; 52 | } 53 | 54 | //for fatal errors 55 | // ->change 'Info' to 'help fix' 56 | if(YES == [[self.errorURL absoluteString] isEqualToString:FATAL_ERROR_URL]) 57 | { 58 | //change title 59 | self.infoButton.title = @"Help Fix"; 60 | } 61 | 62 | //set delegate 63 | [self.window setDelegate:self]; 64 | 65 | return; 66 | } 67 | 68 | //display (show) window 69 | -(void)display 70 | { 71 | //show (now configured), alert 72 | [self showWindow:self]; 73 | 74 | //make it key window 75 | [self.window makeKeyAndOrderFront:self]; 76 | 77 | //make window front 78 | [NSApp activateIgnoringOtherApps:YES]; 79 | 80 | //make close button active 81 | [self.window makeFirstResponder:closeButton]; 82 | 83 | //make white 84 | [self.window setBackgroundColor: NSColor.whiteColor]; 85 | 86 | return; 87 | } 88 | 89 | //invoked when user clicks '?' (help button) 90 | // ->open url with more info about the error(s) 91 | -(IBAction)help:(id)sender 92 | { 93 | //if a url was specified 94 | // ->use that one 95 | if(nil != self.errorURL) 96 | { 97 | //open URL 98 | // ->invokes user's default browser 99 | [[NSWorkspace sharedWorkspace] openURL:self.errorURL]; 100 | } 101 | //use default URL 102 | else 103 | { 104 | //open URL 105 | // ->invokes user's default browser 106 | [[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:[NSString stringWithFormat:@"%@#errors", PRODUCT_URL]]]; 107 | } 108 | 109 | //when error should cause an exit 110 | // ->close window here (to trigger exit) 111 | if(YES == self.shouldExit) 112 | { 113 | //close 114 | [self.window close]; 115 | } 116 | 117 | return; 118 | } 119 | 120 | //invoked when user clicks 'close' 121 | // ->just close window 122 | -(IBAction)close:(id)sender 123 | { 124 | //close 125 | [self.window close]; 126 | 127 | return; 128 | } 129 | 130 | //automatically invoked when window is closing 131 | // ->exit the app if specified... 132 | -(void)windowWillClose:(NSNotification *)notification 133 | { 134 | //check if should exit process 135 | // ->e.g. an error during install, etc 136 | if(YES == self.shouldExit) 137 | { 138 | //exit 139 | [NSApp terminate:self]; 140 | } 141 | 142 | return; 143 | } 144 | 145 | @end 146 | -------------------------------------------------------------------------------- /Lockdown/Exception.h: -------------------------------------------------------------------------------- 1 | // 2 | // Exception.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | @import Foundation; 9 | 10 | #import 11 | #import 12 | 13 | /* FUNCTIONS */ 14 | 15 | //install exception/signal handlers 16 | void installExceptionHandlers(); 17 | 18 | //exception handler for Obj-C exceptions 19 | void exceptionHandler(NSException *exception); 20 | 21 | //signal handler for *nix style exceptions 22 | void signalHandler(int signal, siginfo_t *info, void *context); 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /Lockdown/Exception.m: -------------------------------------------------------------------------------- 1 | // 2 | // Exception.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import "Consts.h" 9 | #import "Exception.h" 10 | #import "AppDelegate.h" 11 | 12 | #import 13 | 14 | //global 15 | // ->only report an fatal exception once 16 | BOOL wasReported = NO; 17 | 18 | //install exception/signal handlers 19 | void installExceptionHandlers() 20 | { 21 | //sigaction struct 22 | struct sigaction sa = {0}; 23 | 24 | //init signal struct 25 | sigemptyset(&sa.sa_mask); 26 | sa.sa_flags = SA_SIGINFO; 27 | sa.sa_sigaction = signalHandler; 28 | 29 | //objective-C exception handler 30 | NSSetUncaughtExceptionHandler(&exceptionHandler); 31 | 32 | //install signal handlers 33 | sigaction(SIGILL, &sa, NULL); 34 | sigaction(SIGSEGV, &sa, NULL); 35 | sigaction(SIGBUS, &sa, NULL); 36 | sigaction(SIGABRT, &sa, NULL); 37 | sigaction(SIGTRAP, &sa, NULL); 38 | sigaction(SIGFPE, &sa, NULL); 39 | 40 | return; 41 | } 42 | 43 | //exception handler 44 | // will be invoked for Obj-C exceptions 45 | void exceptionHandler(NSException *exception) 46 | { 47 | //error info dictionary 48 | NSMutableDictionary* errorInfo = nil; 49 | 50 | //error msg 51 | NSString* errorMessage = nil; 52 | 53 | //ignore if exception was already reported 54 | if(YES == wasReported) 55 | { 56 | //bail 57 | goto bail; 58 | } 59 | 60 | //alloc 61 | errorInfo = [NSMutableDictionary dictionary]; 62 | 63 | //err msg 64 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: OS version: %s /App version: %s\n", [[NSProcessInfo processInfo] operatingSystemVersionString].UTF8String, [[[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleVersion"] UTF8String]); 65 | 66 | //create error msg 67 | errorMessage = [NSString stringWithFormat:@"unhandled obj-c exception caught [name: %@ / reason: %@]", [exception name], [exception reason]]; 68 | 69 | //err msg 70 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: %s\n", errorMessage.UTF8String); 71 | 72 | //err msg 73 | syslog(LOG_ERR, "OBJECTIVE-SEE ERROR: %s\n", [[NSThread callStackSymbols] description].UTF8String); 74 | 75 | //add main error msg 76 | errorInfo[KEY_ERROR_MSG] = @"ERROR: unrecoverable fault"; 77 | 78 | //add sub msg 79 | errorInfo[KEY_ERROR_SUB_MSG] = [exception name]; 80 | 81 | //set error URL 82 | errorInfo[KEY_ERROR_URL] = FATAL_ERROR_URL; 83 | 84 | //fatal error 85 | // ->agent should exit 86 | errorInfo[KEY_ERROR_SHOULD_EXIT] = [NSNumber numberWithBool:YES]; 87 | 88 | //display error msg 89 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) displayErrorWindow:errorInfo]; 90 | 91 | //set flag 92 | wasReported = YES; 93 | 94 | //need to sleep, otherwise returning from this function will cause OS to kill agent 95 | // instead, we want error popup to be displayed (which will exit agent when closed) 96 | if(YES != [NSThread isMainThread]) 97 | { 98 | //nap 99 | while(YES) 100 | { 101 | //nap 102 | [NSThread sleepForTimeInterval:1.0f]; 103 | } 104 | } 105 | 106 | //bail 107 | bail: 108 | 109 | return; 110 | } 111 | 112 | //handler for signals 113 | // will be invoked for BSD/*nix signals 114 | void signalHandler(int signal, siginfo_t *info, void *context) 115 | { 116 | //error info dictionary 117 | NSMutableDictionary* errorInfo = nil; 118 | 119 | //error msg 120 | NSString* errorMessage = nil; 121 | 122 | //context 123 | ucontext_t *uContext = NULL; 124 | 125 | //ignore if exception was already reported 126 | if(YES == wasReported) 127 | { 128 | //bail 129 | goto bail; 130 | } 131 | 132 | //alloc 133 | errorInfo = [NSMutableDictionary dictionary]; 134 | 135 | //err msg 136 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: OS version: %s /App version: %s\n", [[NSProcessInfo processInfo] operatingSystemVersionString].UTF8String, [[[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleVersion"] UTF8String]); 137 | 138 | //typecast context 139 | uContext = (ucontext_t *)context; 140 | 141 | //create error msg 142 | errorMessage = [NSString stringWithFormat:@"unhandled exception caught, si_signo: %d /si_code: %s /si_addr: %p /rip: %p", 143 | info->si_signo, (info->si_code == SEGV_MAPERR) ? "SEGV_MAPERR" : "SEGV_ACCERR", info->si_addr, (unsigned long*)uContext->uc_mcontext->__ss.__rip]; 144 | 145 | //err msg 146 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: %s\n", errorMessage.UTF8String); 147 | 148 | //err msg 149 | syslog(LOG_ERR, "OBJECTIVE-SEE ERROR: %s\n", [[NSThread callStackSymbols] description].UTF8String); 150 | 151 | //add main error msg 152 | errorInfo[KEY_ERROR_MSG] = @"ERROR: unrecoverable fault"; 153 | 154 | //add sub msg 155 | errorInfo[KEY_ERROR_SUB_MSG] = [NSString stringWithFormat:@"si_signo: %d / rip: %p", info->si_signo, (unsigned long*)uContext->uc_mcontext->__ss.__rip]; 156 | 157 | //set error URL 158 | errorInfo[KEY_ERROR_URL] = FATAL_ERROR_URL; 159 | 160 | //fatal error 161 | // ->agent should exit 162 | errorInfo[KEY_ERROR_SHOULD_EXIT] = [NSNumber numberWithBool:YES]; 163 | 164 | //display error msg 165 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) displayErrorWindow:errorInfo]; 166 | 167 | //set flag 168 | wasReported = YES; 169 | 170 | //bail 171 | bail: 172 | 173 | return; 174 | } 175 | -------------------------------------------------------------------------------- /Lockdown/ExecuteViewController.h: -------------------------------------------------------------------------------- 1 | // 2 | // ExecuteViewController.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | @interface ExecuteViewController : NSViewController 11 | 12 | /* PROPERTIES */ 13 | 14 | //output text field 15 | @property(unsafe_unretained)IBOutlet NSTextView *output; 16 | 17 | //progress indicator 18 | @property(weak)IBOutlet NSProgressIndicator *progressIndicator; 19 | 20 | //status message 21 | @property(weak)IBOutlet NSTextField *statusMsg; 22 | 23 | //back button 24 | @property(weak)IBOutlet NSButton *backButton; 25 | 26 | //close button 27 | @property(weak)IBOutlet NSButton *closeButton; 28 | 29 | /* METHODS */ 30 | 31 | //execute commands 32 | // ->dump output to text view 33 | -(void)execCommands:(NSUInteger)mode; 34 | 35 | //back button handler 36 | -(IBAction)backButtonHandler:(id)sender; 37 | 38 | //close button handler 39 | -(IBAction)closeButtonHandler:(id)sender; 40 | 41 | @end 42 | -------------------------------------------------------------------------------- /Lockdown/ExecuteViewController.m: -------------------------------------------------------------------------------- 1 | // 2 | // ExecuteViewController.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | #import "Consts.h" 11 | #import "AppDelegate.h" 12 | #import "AMR_ANSIEscapeHelper.h" 13 | #import "ExecuteViewController.h" 14 | 15 | 16 | @implementation ExecuteViewController 17 | 18 | @synthesize output; 19 | @synthesize statusMsg; 20 | @synthesize backButton; 21 | @synthesize closeButton; 22 | @synthesize progressIndicator; 23 | 24 | //view loaded 25 | // ->init UI and spawn commands 26 | -(void)viewDidLoad 27 | { 28 | //initial output msg 29 | NSMutableString* outputMsg = nil; 30 | 31 | //super 32 | [super viewDidLoad]; 33 | 34 | //init status message to nada 35 | self.statusMsg.stringValue = @""; 36 | 37 | //disable 'back' button 38 | self.backButton.enabled = NO; 39 | 40 | //disable 'close' button 41 | self.closeButton.enabled = NO; 42 | 43 | //init output msg 44 | outputMsg = [NSMutableString stringWithString:@"starting 'osxlockdown' "]; 45 | 46 | //append msg for 'auditing'... 47 | if(MODE_AUDIT == ((AppDelegate*)[[NSApplication sharedApplication] delegate]).mode) 48 | { 49 | //append 50 | [outputMsg appendString:@"to AUDIT security configuration settings..."]; 51 | } 52 | //append msg for 'fix' 53 | else 54 | { 55 | //append 56 | [outputMsg appendString:@"to FIX security configuration settings..."]; 57 | } 58 | 59 | //set initial output message 60 | // ->some of the commands take a while to generate output... 61 | [[self.output textStorage] setAttributedString: [[[AMR_ANSIEscapeHelper alloc] init] attributedStringWithANSIEscapedString:outputMsg]]; 62 | 63 | //exec commands in background thread 64 | // ->ensures UI is still responsive, etc. 65 | dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ 66 | 67 | //nap to allow inital msg to show 68 | [NSThread sleepForTimeInterval:0.75f]; 69 | 70 | //exec 71 | // ->'mode' variable will indicate audit or fix 72 | [self execCommands:((AppDelegate*)[[NSApplication sharedApplication] delegate]).mode]; 73 | 74 | }); 75 | 76 | return; 77 | } 78 | 79 | //execute commands in background 80 | // ->dump output to text view (via main thread) 81 | -(void)execCommands:(NSUInteger)mode 82 | { 83 | //osxlockdown's binary path 84 | NSString* binaryPath = nil; 85 | 86 | //args 87 | NSMutableString* arguments = nil; 88 | 89 | //task 90 | NSTask *task = nil; 91 | 92 | //output pipe 93 | NSPipe *outPipe = nil; 94 | 95 | //read handle 96 | NSFileHandle* readHandle = nil; 97 | 98 | //number of enabled commands 99 | NSUInteger enabledCommands = 0; 100 | 101 | //partial output 102 | NSString* partialOutput = nil; 103 | 104 | //ansi converted string 105 | NSAttributedString *convertedString = nil; 106 | 107 | //cumulative output 108 | NSMutableAttributedString* cumulativeOutput = nil; 109 | 110 | //init cumulative output string 111 | cumulativeOutput = [[NSMutableAttributedString alloc] initWithString:@""]; 112 | 113 | //init binary path 114 | binaryPath = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:BINARY_FILE]; 115 | 116 | //change dir 117 | // ->otherwise osxlockdown binary will fail.... 118 | [[NSFileManager defaultManager] changeCurrentDirectoryPath:[binaryPath stringByDeletingLastPathComponent]]; 119 | 120 | //calculate number of enabled commands 121 | // ->needed to accurately increment progress indicator 122 | for(NSMutableDictionary* command in ((AppDelegate*)[[NSApplication sharedApplication] delegate]).commands) 123 | { 124 | //for enabled commands 125 | // ->increment count... 126 | if(YES == [command[@"enabled"] isEqualToString:@"true"]) 127 | { 128 | //inc 129 | enabledCommands++; 130 | } 131 | } 132 | 133 | //add extra for system info command(s) 134 | // ->date/serial #, etc... 135 | enabledCommands += 5; 136 | 137 | //init args 138 | arguments = [NSMutableString stringWithFormat:@"\"%@\" %@ \"%@\"", binaryPath, @"-commands_file", ((AppDelegate*)[[NSApplication sharedApplication] delegate]).commandsFile]; 139 | 140 | //logic for 'audit' mode 141 | // ->just set msg, as no extra args are needed 142 | if(MODE_AUDIT == mode) 143 | { 144 | //update status msg in main thread 145 | dispatch_sync(dispatch_get_main_queue(), ^{ 146 | 147 | //set 148 | self.statusMsg.stringValue = @"auditing..."; 149 | 150 | }); 151 | } 152 | 153 | //logic for 'fix' mode 154 | // ->set msg and specify '-remediate' arg 155 | else 156 | { 157 | //update status msg in main thread 158 | dispatch_sync(dispatch_get_main_queue(), ^{ 159 | 160 | //set 161 | self.statusMsg.stringValue = @"fixing..."; 162 | 163 | }); 164 | 165 | //append '-remediate' arg 166 | [arguments appendString:@" -remediate"]; 167 | } 168 | 169 | //init task 170 | task = [NSTask new]; 171 | 172 | //init output pipe 173 | outPipe = [NSPipe pipe]; 174 | 175 | //assign pipe to std output 176 | [task setStandardOutput:outPipe]; 177 | 178 | //assign pipe to std error too 179 | [task setStandardError:outPipe]; 180 | 181 | //init read handle 182 | readHandle = [outPipe fileHandleForReading]; 183 | 184 | //set task's path 185 | // ->exec via /bin/bash, so specify that 186 | [task setLaunchPath:BASH]; 187 | 188 | //set task's args 189 | [task setArguments:@[@"-c", arguments]]; 190 | 191 | //launch 192 | [task launch]; 193 | 194 | //grab output 195 | // ->display in scrolling text view 196 | while(YES == [task isRunning]) 197 | { 198 | //init string with avaialable data 199 | partialOutput = [[NSString alloc] initWithData:[readHandle availableData] encoding:NSUTF8StringEncoding]; 200 | 201 | //convert to attributed string 202 | // ->wrap as AMR_ANSIEscapeHelper is a bit buggy (e.g. if ansi escapings aren't balanced) 203 | @try 204 | { 205 | //convert 206 | convertedString = [[[AMR_ANSIEscapeHelper alloc] init] attributedStringWithANSIEscapedString:partialOutput]; 207 | 208 | //append to cumulative output 209 | [cumulativeOutput appendAttributedString:convertedString]; 210 | } 211 | //if conversion failed 212 | // ->just use unconverted string... 213 | @catch (NSException *exception) 214 | { 215 | //append to cumulative output 216 | [cumulativeOutput appendAttributedString:[[NSAttributedString alloc] initWithString:partialOutput attributes:nil]]; 217 | } 218 | 219 | //update ui on main thread 220 | // ->add output to text view, scroll, and update progress indicator 221 | dispatch_sync(dispatch_get_main_queue(), ^{ 222 | 223 | //update text view's text 224 | [[self.output textStorage] setAttributedString:cumulativeOutput]; 225 | 226 | //scroll 227 | [self.output scrollRangeToVisible:NSMakeRange([[self.output string] length], 0)]; 228 | 229 | //increment circular progress indicator 230 | [self.progressIndicator incrementBy:(float)100/enabledCommands]; 231 | 232 | }); 233 | } 234 | 235 | //init string with avaialable data 236 | partialOutput = [[NSString alloc] initWithData:[readHandle readDataToEndOfFile] encoding:NSUTF8StringEncoding]; 237 | 238 | //convert to attributed string 239 | // ->wrap as AMR_ANSIEscapeHelper is a bit buggy (e.g. if ansi escapings aren't balanced) 240 | @try 241 | { 242 | //convert 243 | convertedString = [[[AMR_ANSIEscapeHelper alloc] init] attributedStringWithANSIEscapedString:partialOutput]; 244 | 245 | //append to cumulative output 246 | [cumulativeOutput appendAttributedString:convertedString]; 247 | } 248 | //if conversion failed 249 | // ->just use unconverted string... 250 | @catch (NSException *exception) 251 | { 252 | //append to cumulative output 253 | [cumulativeOutput appendAttributedString: [[NSAttributedString alloc] initWithString:partialOutput attributes:nil]]; 254 | } 255 | 256 | //finalize UI 257 | // ->set status message and enable buttons 258 | dispatch_sync(dispatch_get_main_queue(), ^{ 259 | 260 | //update text view's text 261 | [[self.output textStorage] setAttributedString:cumulativeOutput]; 262 | 263 | //scroll 264 | [self.output scrollRangeToVisible:NSMakeRange([[self.output string] length], 0)]; 265 | 266 | //make sure process indicator is complete 267 | self.progressIndicator.doubleValue = 100; 268 | 269 | //update status msg 270 | self.statusMsg.stringValue = @"complete!"; 271 | 272 | //enable 'back' button 273 | self.backButton.enabled = YES; 274 | 275 | //enable 'close' button 276 | self.closeButton.enabled = YES; 277 | 278 | //make 'close' button selected 279 | [[[NSApplication sharedApplication] keyWindow] makeFirstResponder:self.closeButton]; 280 | 281 | }); 282 | 283 | return; 284 | } 285 | 286 | //automatically invoked when user clicks 'back' 287 | // ->return to previous ('commands') view 288 | -(IBAction)backButtonHandler:(id)sender 289 | { 290 | //change (back) to commands view 291 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) changeViewController:VIEW_COMMANDS]; 292 | 293 | return; 294 | } 295 | 296 | //automatically invoked when user clicks 'close' 297 | // ->just exit app 298 | -(IBAction)closeButtonHandler:(id)sender 299 | { 300 | //exit 301 | [NSApp terminate:self]; 302 | 303 | return; 304 | } 305 | 306 | @end 307 | -------------------------------------------------------------------------------- /Lockdown/Images/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Images/icon.png -------------------------------------------------------------------------------- /Lockdown/Images/lockDown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Images/lockDown.png -------------------------------------------------------------------------------- /Lockdown/Images/logoApple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Images/logoApple.png -------------------------------------------------------------------------------- /Lockdown/Images/logoAppleBG.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Images/logoAppleBG.png -------------------------------------------------------------------------------- /Lockdown/Images/logoAppleOver.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Images/logoAppleOver.png -------------------------------------------------------------------------------- /Lockdown/Images/summitRoute.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Images/summitRoute.png -------------------------------------------------------------------------------- /Lockdown/Images/warning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/objective-see/LockDown/a3ecb6ba7ebe20d4c4bc64385472a4fa7e168079/Lockdown/Images/warning.png -------------------------------------------------------------------------------- /Lockdown/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleDevelopmentRegion 6 | en 7 | CFBundleExecutable 8 | $(EXECUTABLE_NAME) 9 | CFBundleIconFile 10 | 11 | CFBundleIdentifier 12 | $(PRODUCT_BUNDLE_IDENTIFIER) 13 | CFBundleInfoDictionaryVersion 14 | 6.0 15 | CFBundleName 16 | $(PRODUCT_NAME) 17 | CFBundlePackageType 18 | APPL 19 | CFBundleShortVersionString 20 | 1.0 21 | CFBundleSignature 22 | ???? 23 | CFBundleVersion 24 | 1.0 25 | LSMinimumSystemVersion 26 | $(MACOSX_DEPLOYMENT_TARGET) 27 | NSHumanReadableCopyright 28 | Copyright © 2016 Objective-See, LLC. All rights reserved. 29 | NSMainStoryboardFile 30 | Main 31 | NSPrincipalClass 32 | NSApplicationKeyEvents 33 | 34 | 35 | -------------------------------------------------------------------------------- /Lockdown/LICENSE: -------------------------------------------------------------------------------- 1 | Lockdown by Patrick Wardle (Objective-See) is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. See http://creativecommons.org/ for details 2 | To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/4.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. 3 | 4 | Creative Commons Corporation (“Creative Commons”) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an “as-is” basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible. 5 | 6 | Using Creative Commons Public Licenses 7 | 8 | Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses. 9 | 10 | Considerations for licensors: Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC-licensed material, or material used under an exception or limitation to copyright. More considerations for licensors. 11 | Considerations for the public: By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensor’s permission is not necessary for any reason–for example, because of any applicable exception or limitation to copyright–then that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. Although not required by our licenses, you are encouraged to respect those requests where reasonable. More considerations for the public. 12 | Creative Commons Attribution-NonCommercial 4.0 International Public License 13 | 14 | By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-NonCommercial 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions. 15 | 16 | Section 1 – Definitions. 17 | 18 | Adapted Material means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image. 19 | Adapter's License means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License. 20 | Copyright and Similar Rights means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights. 21 | Effective Technological Measures means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements. 22 | Exceptions and Limitations means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material. 23 | Licensed Material means the artistic or literary work, database, or other material to which the Licensor applied this Public License. 24 | Licensed Rights means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license. 25 | Licensor means the individual(s) or entity(ies) granting rights under this Public License. 26 | NonCommercial means not primarily intended for or directed towards commercial advantage or monetary compensation. For purposes of this Public License, the exchange of the Licensed Material for other material subject to Copyright and Similar Rights by digital file-sharing or similar means is NonCommercial provided there is no payment of monetary compensation in connection with the exchange. 27 | Share means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them. 28 | Sui Generis Database Rights means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world. 29 | You means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning. 30 | Section 2 – Scope. 31 | 32 | License grant. 33 | Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to: 34 | reproduce and Share the Licensed Material, in whole or in part, for NonCommercial purposes only; and 35 | produce, reproduce, and Share Adapted Material for NonCommercial purposes only. 36 | Exceptions and Limitations. For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions. 37 | Term. The term of this Public License is specified in Section 6(a). 38 | Media and formats; technical modifications allowed. The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material. 39 | Downstream recipients. 40 | Offer from the Licensor – Licensed Material. Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License. 41 | No downstream restrictions. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material. 42 | No endorsement. Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i). 43 | Other rights. 44 | 45 | Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise. 46 | Patent and trademark rights are not licensed under this Public License. 47 | To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties, including when the Licensed Material is used other than for NonCommercial purposes. 48 | Section 3 – License Conditions. 49 | 50 | Your exercise of the Licensed Rights is expressly made subject to the following conditions. 51 | 52 | Attribution. 53 | 54 | If You Share the Licensed Material (including in modified form), You must: 55 | 56 | retain the following if it is supplied by the Licensor with the Licensed Material: 57 | identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated); 58 | a copyright notice; 59 | a notice that refers to this Public License; 60 | a notice that refers to the disclaimer of warranties; 61 | a URI or hyperlink to the Licensed Material to the extent reasonably practicable; 62 | indicate if You modified the Licensed Material and retain an indication of any previous modifications; and 63 | indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License. 64 | You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information. 65 | If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable. 66 | If You Share Adapted Material You produce, the Adapter's License You apply must not prevent recipients of the Adapted Material from complying with this Public License. 67 | Section 4 – Sui Generis Database Rights. 68 | 69 | Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material: 70 | 71 | for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database for NonCommercial purposes only; 72 | if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material; and 73 | You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database. 74 | For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights. 75 | Section 5 – Disclaimer of Warranties and Limitation of Liability. 76 | 77 | Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You. 78 | To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You. 79 | The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. 80 | Section 6 – Term and Termination. 81 | 82 | This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically. 83 | Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates: 84 | 85 | automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or 86 | upon express reinstatement by the Licensor. 87 | For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License. 88 | For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License. 89 | Sections 1, 5, 6, 7, and 8 survive termination of this Public License. 90 | Section 7 – Other Terms and Conditions. 91 | 92 | The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed. 93 | Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License. 94 | Section 8 – Interpretation. 95 | 96 | For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License. 97 | To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions. 98 | No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor. 99 | Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority. 100 | Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the “Licensor.” Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at creativecommons.org/policies, Creative Commons does not authorize the use of the trademark “Creative Commons” or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses. 101 | 102 | Creative Commons may be contacted at creativecommons.org. -------------------------------------------------------------------------------- /Lockdown/NSApplicationKeyEvents.h: -------------------------------------------------------------------------------- 1 | // 2 | // NSApplicationKeyEvents.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | @interface NSApplicationKeyEvents : NSApplication 11 | 12 | @end 13 | -------------------------------------------------------------------------------- /Lockdown/NSApplicationKeyEvents.m: -------------------------------------------------------------------------------- 1 | // 2 | // NSApplicationKeyEvents.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import "NSApplicationKeyEvents.h" 9 | 10 | @implementation NSApplicationKeyEvents 11 | 12 | //to enable select/copy etc even though app doesn't have an 'Edit' menu 13 | // details: http://stackoverflow.com/questions/970707/cocoa-keyboard-shortcuts-in-dialog-without-an-edit-menu 14 | -(void)sendEvent:(NSEvent *)event 15 | { 16 | //keydown logic 17 | // ->cmd+c, cmd+v, cmd+a 18 | if( ([event type] == NSKeyDown) && 19 | (([event modifierFlags] & NSDeviceIndependentModifierFlagsMask) == NSCommandKeyMask) ) 20 | { 21 | //cmd+a 22 | if ([[event charactersIgnoringModifiers] isEqualToString:@"a"]) 23 | { 24 | if ([self sendAction:@selector(selectAll:) to:nil from:self]) 25 | return; 26 | } 27 | 28 | //cmd+c 29 | else if ([[event charactersIgnoringModifiers] isEqualToString:@"c"]) 30 | { 31 | if ([self sendAction:@selector(copy:) to:nil from:self]) 32 | return; 33 | } 34 | } 35 | 36 | //super 37 | [super sendEvent:event]; 38 | 39 | return; 40 | } 41 | 42 | @end 43 | -------------------------------------------------------------------------------- /Lockdown/UI/AboutWindow.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | -------------------------------------------------------------------------------- /Lockdown/UI/ErrorWindowController.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /Lockdown/UI/ExecuteView.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 57 | 58 | 59 | 60 | 61 | 62 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /Lockdown/UI/TestsView.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 32 | 43 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 144 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | -------------------------------------------------------------------------------- /Lockdown/UI/WarningView.xib: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /Lockdown/Utilities.h: -------------------------------------------------------------------------------- 1 | // 2 | // Utilities.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #ifndef Utilities_h 9 | #define Utilities_h 10 | 11 | /* FUNCTIONS */ 12 | 13 | //check if app is pristine 14 | // ->that is to say, nobody modified on-disk image/resources 15 | OSStatus verifySelf(); 16 | 17 | //display alert about app being unverifable 18 | void showUnverifiedAlert(OSStatus signingError); 19 | 20 | //spawn self as root 21 | BOOL spawnAsRoot(char* path, char** argv); 22 | 23 | //get OS version 24 | NSDictionary* getOSVersion(); 25 | 26 | //is current OS version supported? 27 | // ->for now, just OS X 10.11.* (El Capitan) 28 | BOOL isSupportedOS(); 29 | 30 | #endif /* Utilities_h */ 31 | -------------------------------------------------------------------------------- /Lockdown/Utilities.m: -------------------------------------------------------------------------------- 1 | // 2 | // Utilities.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | @import AppKit; 9 | 10 | #import 11 | 12 | //check if app is pristine 13 | // ->that is to say, nobody modified on-disk image/resources 14 | OSStatus verifySelf() 15 | { 16 | //status 17 | OSStatus status = !noErr; 18 | 19 | //sec ref (for self) 20 | SecCodeRef secRef = NULL; 21 | 22 | //get sec ref to self 23 | status = SecCodeCopySelf(kSecCSDefaultFlags, &secRef); 24 | 25 | //check 26 | if(noErr != status) 27 | { 28 | //bail 29 | goto bail; 30 | } 31 | 32 | //validate 33 | status = SecStaticCodeCheckValidityWithErrors(secRef, kSecCSDefaultFlags, NULL, NULL); 34 | 35 | //check 36 | if(status != noErr) 37 | { 38 | //err msg 39 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: failed to validate application bundle (%d)\n", status); 40 | 41 | //bail 42 | goto bail; 43 | } 44 | 45 | //bail 46 | bail: 47 | 48 | //release sec ref 49 | if(NULL != secRef) 50 | { 51 | //release 52 | CFRelease(secRef); 53 | } 54 | 55 | return status; 56 | } 57 | 58 | //display alert about app being unverifable 59 | void showUnverifiedAlert(OSStatus signingError) 60 | { 61 | //alert box 62 | NSAlert* modifiedAlert = nil; 63 | 64 | //alloc/init alert 65 | modifiedAlert = [NSAlert alertWithMessageText:@"ERROR: application could not be verified" defaultButton:@"Ok" alternateButton:nil otherButton:nil informativeTextWithFormat:@"code: %d\nplease re-download and run again!", signingError]; 66 | 67 | //show it 68 | [modifiedAlert runModal]; 69 | 70 | //make front 71 | [NSApp activateIgnoringOtherApps:YES]; 72 | 73 | return; 74 | } 75 | 76 | //spawn self as root 77 | BOOL spawnAsRoot(char* path, char** argv) 78 | { 79 | //return/status var 80 | BOOL bRet = NO; 81 | 82 | //authorization ref 83 | AuthorizationRef authorizatioRef = {0}; 84 | 85 | //flag indicating auth ref was created 86 | BOOL authRefCreated = NO; 87 | 88 | //status code 89 | OSStatus osStatus = -1; 90 | 91 | //create authorization ref 92 | // ->and check 93 | osStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizatioRef); 94 | if(errAuthorizationSuccess != osStatus) 95 | { 96 | //bail 97 | goto bail; 98 | } 99 | 100 | //set flag indicating auth ref was created 101 | authRefCreated = YES; 102 | 103 | //spawn self as r00t w/ install flag (will ask user for password) 104 | // ->and check 105 | osStatus = AuthorizationExecuteWithPrivileges(authorizatioRef, path, 0, argv, NULL); 106 | if(errAuthorizationSuccess != osStatus) 107 | { 108 | //bail 109 | goto bail; 110 | } 111 | 112 | //no errors 113 | bRet = YES; 114 | 115 | //bail 116 | bail: 117 | 118 | //free auth ref 119 | if(YES == authRefCreated) 120 | { 121 | //free 122 | AuthorizationFree(authorizatioRef, kAuthorizationFlagDefaults); 123 | } 124 | 125 | return bRet; 126 | } 127 | 128 | //get OS version 129 | NSDictionary* getOSVersion() 130 | { 131 | //os version info 132 | NSMutableDictionary* osVersionInfo = nil; 133 | 134 | //major v 135 | SInt32 majorVersion = 0; 136 | 137 | //minor v 138 | SInt32 minorVersion = 0; 139 | 140 | //alloc dictionary 141 | osVersionInfo = [NSMutableDictionary dictionary]; 142 | 143 | //get major version 144 | if(0 != Gestalt(gestaltSystemVersionMajor, &majorVersion)) 145 | { 146 | //reset 147 | osVersionInfo = nil; 148 | 149 | //bail 150 | goto bail; 151 | } 152 | 153 | //get minor version 154 | if(0 != Gestalt(gestaltSystemVersionMinor, &minorVersion)) 155 | { 156 | //reset 157 | osVersionInfo = nil; 158 | 159 | //bail 160 | goto bail; 161 | } 162 | 163 | //set major version 164 | osVersionInfo[@"majorVersion"] = [NSNumber numberWithInteger:majorVersion]; 165 | 166 | //set minor version 167 | osVersionInfo[@"minorVersion"] = [NSNumber numberWithInteger:minorVersion]; 168 | 169 | //bail 170 | bail: 171 | 172 | return osVersionInfo; 173 | } 174 | 175 | //is current OS version supported? 176 | // ->for now, just OS X 10.11.* (El Capitan) 177 | BOOL isSupportedOS() 178 | { 179 | //support flag 180 | BOOL isSupported = NO; 181 | 182 | //OS version info 183 | NSDictionary* osVersionInfo = nil; 184 | 185 | //get OS version info 186 | osVersionInfo = getOSVersion(); 187 | 188 | //sanity check 189 | if(nil == osVersionInfo) 190 | { 191 | //bail 192 | goto bail; 193 | } 194 | 195 | //gotta be OS X 196 | if(10 != [osVersionInfo[@"majorVersion"] intValue]) 197 | { 198 | //err msg 199 | syslog(LOG_ERR, "OBJECTIVE-SEE LOCKDOWN ERROR: OS major version %s not supported\n", [osVersionInfo[@"majorVersion"] UTF8String]); 200 | 201 | //bail 202 | goto bail; 203 | } 204 | 205 | //gotta be OS X 11 206 | if([osVersionInfo[@"minorVersion"] intValue] < 11) 207 | { 208 | //err msg 209 | syslog(LOG_DEBUG, "OS minor version %s not supported\n", [osVersionInfo[@"minor"] UTF8String]); 210 | 211 | //bail 212 | goto bail; 213 | } 214 | 215 | //OS version is supported 216 | isSupported = YES; 217 | 218 | //bail 219 | bail: 220 | 221 | return isSupported; 222 | } 223 | -------------------------------------------------------------------------------- /Lockdown/ViewController.h: -------------------------------------------------------------------------------- 1 | // 2 | // ViewController.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | @interface ViewController : NSViewController 11 | { 12 | 13 | } 14 | 15 | @end 16 | 17 | -------------------------------------------------------------------------------- /Lockdown/ViewController.m: -------------------------------------------------------------------------------- 1 | // 2 | // ViewController.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import "AppDelegate.h" 9 | #import "ViewController.h" 10 | 11 | @implementation ViewController 12 | 13 | //initial view loaded 14 | // ->make front, and load 'warning' view 15 | -(void)viewDidLoad 16 | { 17 | //super 18 | [super viewDidLoad]; 19 | 20 | //make front 21 | [NSApp activateIgnoringOtherApps:YES]; 22 | 23 | //save view 24 | ((AppDelegate*)[[NSApplication sharedApplication] delegate]).mainView = self.view; 25 | 26 | //load intial view 27 | // ->warns user of 'risks' 28 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) changeViewController:0x0]; 29 | 30 | return; 31 | } 32 | 33 | @end 34 | -------------------------------------------------------------------------------- /Lockdown/WarningViewController.h: -------------------------------------------------------------------------------- 1 | // 2 | // WarningViewController.h 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | 10 | @interface WarningViewController : NSViewController 11 | { 12 | 13 | } 14 | 15 | /* PROPERTIES */ 16 | 17 | //'continue' button 18 | @property(weak)IBOutlet NSButton* continueButton; 19 | 20 | @end 21 | -------------------------------------------------------------------------------- /Lockdown/WarningViewController.m: -------------------------------------------------------------------------------- 1 | // 2 | // WarningViewController.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import "Consts.h" 9 | #import "AppDelegate.h" 10 | #import "WarningViewController.h" 11 | 12 | 13 | @implementation WarningViewController 14 | 15 | @synthesize continueButton; 16 | 17 | //view loaded 18 | // ->enable 'continue' button after a bit 19 | -(void)viewDidLoad 20 | { 21 | //super 22 | [super viewDidLoad]; 23 | } 24 | 25 | //automatically invoked 26 | // ->button handler for 'continue' button 27 | -(IBAction)buttonHandler:(id)sender 28 | { 29 | //change to commands view 30 | [((AppDelegate*)[[NSApplication sharedApplication] delegate]) changeViewController:VIEW_COMMANDS]; 31 | 32 | return; 33 | } 34 | 35 | @end 36 | -------------------------------------------------------------------------------- /Lockdown/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.m 3 | // Lockdown 4 | // 5 | // Created by Patrick Wardle on 2/14/16 and is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. 6 | // 7 | 8 | #import 9 | #import 10 | 11 | #import "Utilities.h" 12 | 13 | 14 | /*CODE */ 15 | 16 | //main 17 | int main(int argc, char *argv[]) 18 | { 19 | //return var 20 | int retVar = -1; 21 | 22 | //app's (self) signing status 23 | OSStatus signingStatus = !noErr; 24 | 25 | //verify self 26 | // ->show error if app cannot be verified (will exit) 27 | signingStatus = verifySelf(); 28 | if(noErr != signingStatus) 29 | { 30 | //show alert 31 | showUnverifiedAlert(signingStatus); 32 | 33 | //exit 34 | exit(0); 35 | } 36 | 37 | //when non-r00t instance 38 | // ->spawn self via auth exec 39 | if(0 != geteuid()) 40 | { 41 | //spawn as root 42 | if(YES != spawnAsRoot(argv[0], argv)) 43 | { 44 | //err msg 45 | syslog(LOG_ERR, "OBJECTIVE-SEE ERROR: failed to spawn self as r00t\n"); 46 | 47 | //bail 48 | goto bail; 49 | } 50 | 51 | //happy 52 | retVar = 0; 53 | } 54 | 55 | //otherwise 56 | // ->just kick off app, as we're root now 57 | else 58 | { 59 | //app away 60 | retVar = NSApplicationMain(argc, (const char **)argv); 61 | } 62 | 63 | //bail 64 | bail: 65 | 66 | return retVar; 67 | } 68 | 69 | 70 | 71 | --------------------------------------------------------------------------------