Created
March 11, 2013 15:42
-
-
Save dyladan/5135135 to your computer and use it in GitHub Desktop.
This should re-enable java 6 and 7 on macs and check the plist ever 15 minutes after startup. Put xprotect_re-enable_java_6_and_7.sh in /Library/Scripts and put com.company.xprotect_re-enable_java_6_and_7.plist in /Library/LaunchDaemons the launch daemon plist should have 644 permissions with owner root and group wheel
the script should have per…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Label</key> | |
| <string>com.company.xprotect_re-enable_java_6_and_7</string> | |
| <key>ProgramArguments</key> | |
| <array> | |
| <string>sh</string> | |
| <string>/Library/Scripts/xprotect_re-enable_java_6_and_7.sh</string> | |
| </array> | |
| <key>QueueDirectories</key> | |
| <array/> | |
| <key>RunAtLoad</key> | |
| <true/> | |
| <key>StartInterval</key> | |
| <integer>900</integer> | |
| <key>WatchPaths</key> | |
| <array/> | |
| </dict> | |
| </plist> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # This script will check the current Java 6 and Java 7 browser plug-in | |
| # versions and compare them against the minimum version allowed by | |
| # Apple's XProtect malware protection. If the minimum Java version | |
| # allowed by XProtect does not allow the current version of the Java | |
| # browser plug-in on the Mac, the script will alter the Mac's | |
| # /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist | |
| # file to set the minimum version allowed to match the current version | |
| # of the Mac's Java browser plug-in. This allows the Mac's current Java | |
| # browser plug-in to run in Safari without being blocked. | |
| osvers=$(sw_vers -productVersion | awk -F. '{print $2}') | |
| javaVendor=`/usr/bin/defaults read "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Info" CFBundleIdentifier` | |
| CURRENT_JAVA_6_BUILD=`/usr/libexec/PlistBuddy -c "print :JavaVM:JVMVersion" "/Library/Java/Home/bundle/Info.plist"` | |
| XPROTECT_JAVA_6_BUILD=`/usr/libexec/PlistBuddy -c "print :JavaWebComponentVersionMinimum" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist` | |
| CURRENT_JAVA_7_BUILD=`/usr/libexec/PlistBuddy -c "print :CFBundleVersion" "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Info.plist"` | |
| XPROTECT_JAVA_7_BUILD=`/usr/libexec/PlistBuddy -c "print :PlugInBlacklist:10:com.oracle.java.JavaAppletPlugin:MinimumPlugInBundleVersion" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist` | |
| # | |
| # Check to see if Xprotect is blocking Apple's Java 6 browser plug-in and re-enable the plug-in if needed. | |
| # Changes in this section are from Pepijn Bruienne's re-enable_java_6 script: https://github.com/bruienne | |
| # | |
| if [[ -e /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist ]]; then | |
| if [ ${CURRENT_JAVA_6_BUILD} != ${XPROTECT_JAVA_6_BUILD} ]; then | |
| /usr/bin/logger "Current Java 6 build (${CURRENT_JAVA_6_BUILD}) does not match the minimum build required by Xprotect (${XPROTECT_JAVA_6_BUILD}). Setting current version as the minimum build." | |
| /usr/bin/defaults write /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta JavaWebComponentVersionMinimum -string "$CURRENT_JAVA_6_BUILD" | |
| /usr/bin/plutil -convert xml1 /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist | |
| /bin/chmod a+r /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist | |
| else | |
| /usr/bin/logger "Current JVM build is ${CURRENT_JAVA_6_BUILD} and Xprotect minimum build is ${XPROTECT_JAVA_6_BUILD}, nothing to do here." | |
| fi | |
| # | |
| # Script checks to see if the Mac is running Mac OS X 10.7.x or higher. If it is, the | |
| # script checks to see if the Oracle Java browser plug-in is installed. If the Oracle | |
| # Java browser plug-in is installed and Xprotect is blocking the currently installed | |
| # version of Oracle's Java 7 browser plug-in, the script will re-enable the Java 7 | |
| # browser plug-in. | |
| # | |
| if [[ ${osvers} -ge 7 ]]; then | |
| if [ "$javaVendor" = "com.oracle.java.JavaAppletPlugin" ]; then | |
| if [ ${CURRENT_JAVA_7_BUILD} != ${XPROTECT_JAVA_7_BUILD} ]; then | |
| /usr/bin/logger "Current Java 7 build (${CURRENT_JAVA_7_BUILD}) does not match the minimum build required by Xprotect (${XPROTECT_JAVA_7_BUILD}). Setting current version as the minimum build." | |
| /usr/libexec/PlistBuddy -c "Set :PlugInBlacklist:10:com.oracle.java.JavaAppletPlugin:MinimumPlugInBundleVersion $CURRENT_JAVA_7_BUILD" /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist | |
| /usr/bin/plutil -convert xml1 /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist | |
| /bin/chmod a+r /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist | |
| else | |
| /usr/bin/logger "Current Oracle Java version is ${CURRENT_JAVA_7_BUILD} and Xprotect minimum version is ${XPROTECT_JAVA_7_BUILD}, nothing to do here." | |
| fi | |
| fi | |
| fi | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment