Skip to content

Instantly share code, notes, and snippets.

@haircut

haircut/TCC-Testing-Privacy-Policy.mobileconfig

Created August 23, 2018 02:11
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save haircut/197f89ec5a07837b73f2e52dcf4c4172 to your computer and use it in GitHub Desktop.
Save haircut/197f89ec5a07837b73f2e52dcf4c4172 to your computer and use it in GitHub Desktop.
Download ZIP
Largely disable consent prompts in a Jamf environment.
Raw
TCC-Testing-Privacy-Policy.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>Services</key>
<dict>
<key>Accessibility</key>
<array>
<dict>
<key>Identifier</key>
<string>com.apple.Terminal</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.Terminal&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow Terminal to control applications via the Accessibility subsystem.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.jamf.management.Jamf</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.jamf.management.Jamf&quot; and certificate leaf[subject.OU] = &quot;483DWKW443&quot; and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow Jamf.app to control applicationss via the Accessibility subsystem.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.loginwindow</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.loginwindow&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow loginwindow to control applicationss via the Accessibility subsystem.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.xpc.launchd</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.xpc.launchd&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow launchd to control applicationss via the Accessibility subsystem.</string>
</dict>
</array>
<key>PostEvent</key>
<array>
<dict>
<key>Identifier</key>
<string>com.apple.Terminal</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.Terminal&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow Terminal to use CoreGraphics APIs to send CGEvents to the system event stream.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.jamf.management.Jamf</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.jamf.management.Jamf&quot; and certificate leaf[subject.OU] = &quot;483DWKW443&quot; and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow Jamf.app to use CoreGraphics APIs to send CGEvents to the system event stream.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.loginwindow</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.loginwindow&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow loginwindow to use CoreGraphics APIs to send CGEvents to the system event stream.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.xpc.launchd</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.xpc.launchd&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow launchd to use CoreGraphics APIs to send CGEvents to the system event stream.</string>
</dict>
</array>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Identifier</key>
<string>com.apple.Terminal</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.Terminal&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow Terminal access to all protected filess.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.jamf.management.Jamf</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.jamf.management.Jamf&quot; and certificate leaf[subject.OU] = &quot;483DWKW443&quot; and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow Jamf.app access to all protected files.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.loginwindow</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.loginwindow&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow loginwindow access to all protected files.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.xpc.launchd</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.xpc.launchd&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow launchd access to all protected files.</string>
</dict>
</array>
<key>SystemPolicySysAdminFiles</key>
<array>
<dict>
<key>Identifier</key>
<string>com.apple.Terminal</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.Terminal&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow Terminal access to some files used in system administration.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.jamf.management.Jamf</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.jamf.management.Jamf&quot; and certificate leaf[subject.OU] = &quot;483DWKW443&quot; and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow Jamf.app access to some files used in system administration.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.loginwindow</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.loginwindow&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow loginwindow access to some files used in system administration.</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.xpc.launchd</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.xpc.launchd&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>Allow launchd access to some files used in system administration.</string>
</dict>
</array>
<key>AppleEvents</key>
<array>
<dict>
<key>Identifier</key>
<string>com.apple.Terminal</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.Terminal&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>**EXAMPLE** Allow Terminal to send a restricted AppleEvent to Safari.</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.Safari</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverCodeRequirement</key>
<string>identifier &quot;com.apple.Safari&quot; and anchor apple</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.jamf.management.Jamf</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.jamf.management.Jamf&quot; and certificate leaf[subject.OU] = &quot;483DWKW443&quot; and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>**EXAMPLE** Allow Jamf.app to send a restricted AppleEvent to Safari.</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.Safari</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverCodeRequirement</key>
<string>identifier &quot;com.apple.Safari&quot; and anchor apple</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.loginwindow</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.loginwindow&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>**EXAMPLE** Allow loginwindow to send a restricted AppleEvent to Safari.</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.Safari</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverCodeRequirement</key>
<string>identifier &quot;com.apple.Safari&quot; and anchor apple</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.xpc.launchd</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.xpc.launchd&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>**EXAMPLE** Allow launchd to send a restricted AppleEvent to Safari.</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.Safari</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverCodeRequirement</key>
<string>identifier &quot;com.apple.Safari&quot; and anchor apple</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.jamf.management.Jamf</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.jamf.management.Jamf&quot; and certificate leaf[subject.OU] = &quot;483DWKW443&quot; and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>**EXAMPLE** Allow Jamf.app to send a restricted AppleEvent to Self Service.</string>
<key>AEReceiverIdentifier</key>
<string>com.jamfsoftware.selfservice.mac</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverCodeRequirement</key>
<string>anchor apple generic and identifier &quot;com.jamfsoftware.selfservice.mac&quot;</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.Terminal</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.Terminal&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>**EXAMPLE** Allow Terminal to send a restricted AppleEvent to Self Service.</string>
<key>AEReceiverIdentifier</key>
<string>com.jamfsoftware.selfservice.mac</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverCodeRequirement</key>
<string>anchor apple generic and identifier &quot;com.jamfsoftware.selfservice.mac&quot;</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.loginwindow</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.loginwindow&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>**EXAMPLE** Allow loginwindow to send a restricted AppleEvent to Self Service.</string>
<key>AEReceiverIdentifier</key>
<string>com.jamfsoftware.selfservice.mac</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverCodeRequirement</key>
<string>anchor apple generic and identifier &quot;com.jamfsoftware.selfservice.mac&quot;</string>
</dict>
<dict>
<key>Identifier</key>
<string>com.apple.xpc.launchd</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>CodeRequirement</key>
<string>identifier &quot;com.apple.xpc.launchd&quot; and anchor apple</string>
<key>Allowed</key>
<true/>
<key>Comment</key>
<string>**EXAMPLE** Allow launchd to send a restricted AppleEvent to Self Service.</string>
<key>AEReceiverIdentifier</key>
<string>com.jamfsoftware.selfservice.mac</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverCodeRequirement</key>
<string>anchor apple generic and identifier &quot;com.jamfsoftware.selfservice.mac&quot;</string>
</dict>
</array>
</dict>
<key>PayloadDescription</key>
<string>Largely disable consent prompts in a Jamf environment.</string>
<key>PayloadDisplayName</key>
<string>TCC Testing Privacy Policy</string>
<key>PayloadIdentifier</key>
<string>test.mdm.tcc.SystemPolicySysAdminFiles.1</string>
<key>PayloadOrganization</key>
<string>Org</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>0D4540F5-35EC-45B8-9F11-46F6CA7721ED</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Largely disable consent prompts in a Jamf environment.</string>
<key>PayloadDisplayName</key>
<string>TCC Testing Privacy Policy</string>
<key>PayloadIdentifier</key>
<string>test.mdm.tcc.SystemPolicySysAdminFiles</string>
<key>PayloadOrganization</key>
<string>Org</string>
<key>PayloadScope</key>
<string>system</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>963857BE-CDFF-4ED5-95CD-08FE187E1365</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment