To define which process an authorization right can be extended to, it is highly recommended to link the rule to a signature or a specific path. This practice ensures granularity in privilege control and prevents unauthorized processes from receiving undue permissions.
Common signature terms in macOS
During the analysis of execution logs in the Mac Authorization Requested event, the following patterns may be found:
- anchor apple generic
- Used by developers accredited by Apple with official certificates.
- anchor apple
- Applications signed directly by Apple.
- anchor apple generic and notarized
- Third-party applications signed and with additional validation through Apple’s notarization process.
Third-party applications with specific rights
Vendors can create their own rights that must be mapped to applications for release in EPM. Example of signature for the Podman software when requesting an update:
identifier "io.podmandesktop.PodmanDesktop" and anchor apple generic
Info
For additional information on signature syntax, refer to Apple’s official documentation.