fleet/it-and-security/lib/configuration-profiles/macos-full-disk-access-for-fleetd.mobileconfig
Victor Lyuboslavsky 7a20da1f2f
Moving mdm_profiles to it-and-security/lib/mdm_profiles (#17268)
Moving mdm_profiles to it-and-security/lib/mdm_profiles so that they are
together with other gitops config files.

---------

Co-authored-by: Noah Talerman <noahtal@umich.edu>
2024-03-01 15:18:54 -06:00

76 lines
2.8 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>Configures Privacy Preferences Policy Control settings</string>
<key>PayloadDisplayName</key>
<string>Privacy Preferences Policy Control</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.2C1ED825-A0C3-4274-B0AD-40B80FCA4F71.com.apple.TCC.configuration-profile-policy.10C7E72A-C594-43B0-BB45-154848EBAED8</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>10C7E72A-C594-43B0-BB45-154848EBAED8</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>identifier "com.fleetdm.orbit" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "8VBZ3948LU"</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/opt/orbit/bin/orbit/macos/edge/orbit</string>
<key>IdentifierType</key>
<string>path</string>
<key>StaticCode</key>
<false/>
</dict>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>identifier "com.fleetdm.orbit" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "8VBZ3948LU"</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/opt/orbit/bin/orbit/macos/stable/orbit</string>
<key>IdentifierType</key>
<string>path</string>
<key>StaticCode</key>
<false/>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>Grants full disk access to orbit and orbit edge</string>
<key>PayloadDisplayName</key>
<string>Turn on full disk access for fleetd</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.2C1ED825-A0C3-4274-B0AD-40B80FCA4F71</string>
<key>PayloadOrganization</key>
<string>FleetDM</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>2C1ED825-A0C3-4274-B0AD-40B80FCA4F71</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>