spctl OSX系统下的安全策略管理

System Policy Basic Usage:

spctl --assess [--type type] [-v] path ... # assessment

spctl --add [--type type] [--path|--requirement|--anchor|--hash] spec ... # add rule(s)

spctl [--enable|--disable|--remove] [--type type] [--path|--requirement|--anchor|--hash|--rule] spec # change rule(s)

spctl --status | --master-enable | --master-disable # system master switch

Kernel Extension User Consent Usage:

spctl kext-consent ** Modifications only available in Recovery OS **

status

Print whether kernel extension user consent is enabled or disabled.

enable

Enable requiring user consent for kernel extensions.

disable

Disable requiring user consent for kernel extensions.

add

Insert a new Team Identifier into the list allowed to load kernel extensions without user consent.

list

Print the list of Team Identifiers allowed to load without user consent.

remove

Remove a Team Identifier from the list allowed to load kernel extensions without user consent.

当下载的某些软件打开时，提示文件已破坏，是否要移到废纸篓时，这是因为苹果系统的安全策略限制的，此时只需要在命令行使用此命令 sudo spctl  --master-disable就可以顺利运行了，完成后再通过sudo spctl --master-enable就可以啦