--master‑disable Disable the assessment subsystem altogether.
Operations that would be denied by system policy will be allowed to proceed;
assessment APIs always report success. Requires root access.
| --master-enable Enable the assessment subsystem. Operations that are denied by system policy will fail; assessment APIs report the truth. Requires root access.
|
| --status Query whether the assessment subsystem is enabled or disabled.
spctl --status
assessments disabled
| --add Add rule(s) to the system-wide assessment rule database.
| --remove Remove rule(s) from the assessment rule database.
| -a --assess Requests that spctl perform an assessment on the files given.
| --disable Disable one or more rules in the assessment rule database. Disabled rules are not considered when performing assessment, but
remain in the database and can be re-enabled later.
| --enable Enable rule(s) in the assessment rule database, counteracting earlier disabling.
| --disable
| In addition, the following options are recognized:
| --continue If the assessment of a file fails, continue assessing additional file arguments.
Default: the first failed assessment terminates operation.
| Used in rule update opeartions, arguments
| --anchor are hashes of anchor certificates.
| --path denote paths to files on disk.
| --rule are the index numbers of existing rules.
| --hash code directory hashes.
| --requirementare code requirement source.
|
| --priority prio the priority of the rule(s) created or changed. Priorities are floating-point numbers. Higher numeric values indicate higher priority.
| --ignore-cache Do not query or use the assessment object cache. This may significantly slow down operation. Newly generated assessments may
still be stored in the cache.
| --label label
Attach label to new rules, or find in existing rules. Labels are arbitrary strings that are assigned by
convention. Rule labels are optional.
| --no-cache Do not place the outcome of any assessments into the assessment object cache. No other assessment may reuse this outcome. This
option not prohibit the use of existing cache entries.
| --raw When displaying the outcome of an assessment, write it as a "raw" XML plist instead of parsing it in somewhat more friendly
form. This is useful when used in scripts, or to access newly invented assessment aspects that spctl does not yet know about.
| -t --type Specify which type of assessment is desired: execute to assess code execution, install to assess installation of an installer
package, and open to assess the opening of documents. The default is to assess execution.
| -v --verbose Requests more verbose output. Repeat or give it a higher numeric value to increase verbosity.
| | | | | | | | | | | | | | | | | | | | | | |