3 Replies
      Latest reply on Feb 15, 2020 5:20 AM by tnickcarruthers
      Cauver Level 1 Level 1 (0 points)

        In a 10.13.x system I find that /var/db/SystemPolicyConfiguration/KextPolicy is corrupted.

        I see sqlite commands report:

        Error: database disk image is malformed

         

        How to fix this file?

        • Re: how to fix a corrupted KextPolicy db file
          Cauver Level 1 Level 1 (0 points)

          After a trial, I was able to get rid of the corrupted kextpolicy file this way:

           

          Steps to verify KextPolicy is is sqlite type and corrupted:

          1) ensure that kextpolicy is a sqlite file:

          file /var/db/SystemPolicyConfiguration/KextPolicy

          /var/db/SystemPolicyConfiguration/KextPolicy: SQLite 3.x database

           

          2) ensure that kextpolicy is corrupted:

          sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy .dump

          ...

          PRAGMA foreign_keys=OFF;

          BEGIN TRANSACTION;

          CREATE TABLE kext_load_history_v3 ( path TEXT PRIMARY KEY, team_id TEXT, bundle_id TEXT, boot_uuid TEXT, created_at TEXT, last_seen TEXT, flags INTEGER );

          /**** ERROR: (11) database disk image is malformed *****/

          /**** ERROR: (11) database disk image is malformed *****/

           

          Steps to get rid of corrupted kextpolicy file:

          By default the system is SIP enabled. So, KextPolicy file cannot be removed. So, please disable SIP, remove the KextPolicy file.

           

          1. Backup the folder /var/db/SystemPolicyConfiguration/
          2. Boot to Recovery OS by restarting your machine and holding down the Command and R keys at startup.
          3. Launch Terminal from the Utilities menu.
          4. On Terminal, execute command "csrutil disable"
          5. Restart the system
          6. Remove /var/db/SystemPolicyConfiguration/KextPolicy file
          7. Optionally remove all the files such as Default.plist in the same path /var/db/SystemPolicyConfiguration
          8. Boot to Recovery OS by restarting your machine and holding down the Command and R keys at startup.
          9. Launch Terminal from the Utilities menu.
          10. On Terminal, execute command "csrutil enable"
          11. Restart the system
            • Re: how to fix a corrupted KextPolicy db file
              ChooRefundUG Level 1 Level 1 (10 points)

              Thank you sooooo much, man!!! This helped me!

              I was searching many days on how i can fix my problems with the kext-extensions blocked notifications and a NOT SHOWING "Allow" Button for enabling in system preferences...

              After i followed your setps the button for allowing kext finally re-appeared so i could again start allowing the extensions!

              Again, thanks heaps!

               

              best regards,
              Chris

              • Re: how to fix a corrupted KextPolicy db file
                tnickcarruthers Level 1 Level 1 (0 points)

                This restored some of the sanity I lost while grappling with this problem.

                 

                Thank you!  It worked perfectly.  I was trying to install Norton 360, and could not approve the "blocked extension" error, because the approval button and message were not appearing. My only other recourse was to turn off the Kext consent, which defeats the purpose of that part of SIP.  Odd that there were no error messages, though I didn't look deep in the system log.

                 

                In any case, Cauver, you are my hero.  Thanks again!