Gate Keeper database

> sqlite3 /var/db/gkopaque.db # as of 10.9.5
sqlite> select COUNT(*) from whitelist;
sqlite> .headers on
sqlite> .mode column
sqlite> select * from conditions;

label weight source identifier version conditions
------------- ---------- ---------- ----------------- ---------- -----------------
google chrome 200.0 EQHXZ8M8AV {errors=[-67013]}
google chrome 300.0 EQHXZ8M8AV {errors=[-67013]}
sqlite> select count(*) from merged;
sqqlite> .schema CREATE TABLE conditions ( label text, weight real NOT NULL UNIQUE, source text, identifier text, version text, conditions text NOT NULL); CREATE TABLE merged (seq INT2 UNIQUE); CREATE TABLE whitelist (current BLOB, opaque BLOB); CREATE INDEX whitelist_current ON whitelist (current);


current “CDHash” of a given code object to see an app is “whitelisted” :
Find CDHash by running “codesign -dvvv” and searching for the CDHash value in the output. Grep the database for the value: sqlite3 /var/db/gkopaque.bundle/Contents/Resources/gkopaque.db "select quote(current), quote(opaque) from whitelist" | grep -i [yourCDHashHere]

GateKeepers whitelist