pluginkit 读取macOS Mojave扩展插件列表的使用方法

最近研究macOS Mojave 10.14系统上插件的使用变化，以便于后续解决恶意扩展插件问题，发现与原来的处理方式改变后，旧有的脚本还真不一定能找出当前系统的malware，于是还得顺应时代改进，还要兼容旧的，工作量看着就又要来了。这个过程中发现了一个一直存在却被忽略，不停被改进的插件查看命令工具pluginkit，百度上都没有查到哦，所以想做点介绍！

pluginkit可以对扩展插件列表进行查询读取，并进行有限的调试和研发；

1，实例介绍

列出已安装插件的路径，SDK等信息

IObits-iMac-4:Downloads julius$ pluginkit -mDvvv -p com.apple.Safari.extension
     com.agilebits.onepassword7.1PasswordSafariAppExtension(7.2.1)
	            Path = /Applications/1Password 7.app/Contents/PlugIns/1PasswordSafariAppExtension.appex
	            UUID = 0B382857-6739-4C71-A209-B8AB8B00B627
	       Timestamp = 2018-10-31 06:40:31 +0000
	             SDK = com.apple.Safari.extension
	   Parent Bundle = /Applications/1Password 7.app
	    Display Name = 1Password
	      Short Name = 1PasswordSafariAppExtension
	     Parent Name = 1Password 7

     com.blogo.Blogo.Safari-Extension(3.2.9)
	            Path = /Applications/Blogo.app/Contents/PlugIns/Safari-Extension.appex
	            UUID = D1F81358-A8AB-41DC-99BF-E2C7D0B0BDE9
	       Timestamp = 2018-11-21 02:42:16 +0000
	             SDK = com.apple.Safari.extension
	   Parent Bundle = /Applications/Blogo.app
	    Display Name = Blogo
	      Short Name = Safari-Extension
	     Parent Name = Blogo

 (2 plug-ins)

 

 

 

2，使用手册  man page for pluginkit 

pluginkit(8)              BSD System Manager's Manual             pluginkit(8)

 

NAME

     pluginkit -- plugin plug-in extension pluginkit

 

SYNOPSIS

     pluginkit -m [-ADv] [-p -protocol] [-i -identifier] [key=value] [...]

     pluginkit [-ar] [-v] [file ...]

     pluginkit -e election [-p -protocol] [-i -identifier] [key=value] [...]

 

DESCRIPTION

     pluginkit manages the PlugInKit subsystem for the current user. It can

     query the plug-in database and make limited interventions for debugging

     and development.

 

     A list of flags and their descriptions:

 

     -A, --all-versions

              Matches find all versions of a given plug-in known to the sys-

              tem.  By default, only the latest (highest) version is returned.

 

     -a       Explicitly adds plugins at the file location(s) given, even if

              they are not normally eligible for automatic discovery.  Note

              that database clean-ups may eventually remove them in that case.

 

     -e election

              Perform a matching operation (see -m) and apply the given user

              election setting to all matching plug-ins.  Elections can be

              "use", "ignore", and "default". Elections are applied to all

              plug-ins with given identifier.

 

     -D, --duplicates

              Matches find all physical instances of a given plug-in known to

              the system, even multiple copies with the same version.

 

     -i, --identifier identifier

              Specifies a plug-in identifier to match, a short-hand for NSEx-

              tensionIdentifier=identifier.

     -m --match

              Requests pluginkit to scan all registered plug-ins for those

              matching the given search criteria (see DISCOVERY MATCHING

              below).  All matching plug-ins are returned, one per line. Add

              the -v option to get more detailed output. This is exactly

              reproducing the functionality of PlugInKit discovery, except

              that no host-specific restrictions are imposed. The -A and -D

              options affect the outcome.

 

     -p --protocol protocol

              Specifies a plug-in protocol to  match, a short-hand for NSEx-

              tensionPointName=protocol.

 

     -r       Explicitly removes plugins at the file location(s) given. Note

              that automatic discovery procedures may add them back if they

              are still present.

 

     --raw    Present replies from the management daemon (pkd) in raw XML

              form. This is primarily useful for debugging and for reporting

              full state in bug reports.

 

     -v       Asks for more verbose operation. For matching requests, more

              detail is printed about each matched plug-in.  This option can

              be given more than once.

 

DISCOVERY MATCHING

     During plug-in discovery, PlugInKit matches plug-ins against match crite-

     ria and delivers matching plug-ins.  Only plug-ins that match all given

     criteria are eligible. Criteria are expressed as "key" (must be present)

     or "key=value" (key must be present and have the given value). The -i and

     -p arguments are shorthands for the conventional identifier and protocol

     matching keys.  All matching plug-ins are reduced according to the -A and

     -D options given. With -D, all eligible plug-ins are returned. With -A,

     the last-registered (by timestamp) instance of each version is returned.

     By default, only the last instance of the highest version is returned.

     Note that this reduction is applied after matching.

EXPLICIT CHANGES

     The -a and -r options make changes to the system's plug-in registry. The

     registry is designed to operate automatically, and will update on its own

     as applications are installed, removed, and discovered. The options

     available through pluginkit are intended only for limited manipulation

     during plug-in development and for certain maintenance tasks.  They can-

     not make permanent alterations of the automatic registry state.

 

SEE ALSO

     pkd(8), launchd(8)

 

HISTORY

     The pluginkit command first appeared in OS X 10.9.