System Policy Basic Usage:
spctl --assess [--type type] [-v] path ... # assessment
spctl --add [--type type] [--path|--requirement|--anchor|--hash] spec ... # add rule(s)
spctl [--enable|--disable|--remove] [--type type] [--path|--requirement|--anchor|--hash|--rule] spec # change rule(s)
spctl --status | --master-enable | --master-disable # system master switch
Kernel Extension User Consent Usage:
spctl kext-consent ** Modifications only available in Recovery OS **
status
Print whether kernel extension user consent is enabled or disabled.
enable
Enable requiring user consent for kernel extensions.
disable
Disable requiring user consent for kernel extensions.
add
Insert a new Team Identifier into the list allowed to load kernel extensions without user consent.
list
Print the list of Team Identifiers allowed to load without user consent.
remove
Remove a Team Identifier from the list allowed to load kernel extensions without user consent.
当下载的某些软件打开时,提示文件已破坏,是否要移到废纸篓时,这是因为苹果系统的安全策略限制的,此时只需要在命令行使用此命令 sudo spctl --master-disable就可以顺利运行了,完成后再通过sudo spctl --master-enable就可以啦
