how to fix a corrupted KextPolicy db file

In a 10.13.x system I find that /var/db/SystemPolicyConfiguration/KextPolicy is corrupted.

I see sqlite commands report:

Error: database disk image is malformed


How to fix this file?

Replies

After a trial, I was able to get rid of the corrupted kextpolicy file this way:


Steps to verify KextPolicy is is sqlite type and corrupted:

1) ensure that kextpolicy is a sqlite file:

file /var/db/SystemPolicyConfiguration/KextPolicy

/var/db/SystemPolicyConfiguration/KextPolicy: SQLite 3.x database


2) ensure that kextpolicy is corrupted:

sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy .dump

...

PRAGMA foreign_keys=OFF;

BEGIN TRANSACTION;

CREATE TABLE kext_load_history_v3 ( path TEXT PRIMARY KEY, team_id TEXT, bundle_id TEXT, boot_uuid TEXT, created_at TEXT, last_seen TEXT, flags INTEGER );

/**** ERROR: (11) database disk image is malformed *****/

/**** ERROR: (11) database disk image is malformed *****/


Steps to get rid of corrupted kextpolicy file:

By default the system is SIP enabled. So, KextPolicy file cannot be removed. So, please disable SIP, remove the KextPolicy file.


  1. Backup the folder /var/db/SystemPolicyConfiguration/
  2. Boot to Recovery OS by restarting your machine and holding down the Command and R keys at startup.
  3. Launch Terminal from the Utilities menu.
  4. On Terminal, execute command "csrutil disable"
  5. Restart the system
  6. Remove /var/db/SystemPolicyConfiguration/KextPolicy file
  7. Optionally remove all the files such as Default.plist in the same path /var/db/SystemPolicyConfiguration
  8. Boot to Recovery OS by restarting your machine and holding down the Command and R keys at startup.
  9. Launch Terminal from the Utilities menu.
  10. On Terminal, execute command "csrutil enable"
  11. Restart the system
  • Thank you. Worked very well on Big Sur 11.4., albeit I not only deleted KextPolicy, but similarly restored old versions of KextClassification.plist, KextPolicy-shm, and KextPolicy-wal from TimeMachine, which I knew were ok at the time.

  • THANK YOU!

Add a Comment

Thank you sooooo much, man!!! This helped me!

I was searching many days on how i can fix my problems with the kext-extensions blocked notifications and a NOT SHOWING "Allow" Button for enabling in system preferences...
After i followed your setps the button for allowing kext finally re-appeared so i could again start allowing the extensions!
Again, thanks heaps!


best regards,
Chris

This restored some of the sanity I lost while grappling with this problem.


Thank you! It worked perfectly. I was trying to install Norton 360, and could not approve the "blocked extension" error, because the approval button and message were not appearing. My only other recourse was to turn off the Kext consent, which defeats the purpose of that part of SIP. Odd that there were no error messages, though I didn't look deep in the system log.


In any case, Cauver, you are my hero. Thanks again!