Kernel Extension Policy

../../_images/com.apple.syspolicy.kernel-extension-policy.png

This payload allows you to control Allowed kernel extensions.

The payload can only be installed by an MDM that is “User Approved”. IE. only via DEP or manually trusted.

Summary

PayloadType:com.apple.syspolicy.kernel-extension-policy
Supervised Only:
 True
macOS:10.13.2
macOS Deprecated:
 N/A
iOS:N/A
iOS Deprecated:N/A
Highlander:N/A

Keys

AllowUserOverrides

Allow user to approve kernel extensions

If set to true, users can approve additional kernel extensions not explicitly allowed by configuration profiles.

Type Default Required Regex iOS macOS Supervised
boolean N/A N/A N/A N/A N/A N/A

AllowedTeamIdentifiers

Allowed Team Identifiers

An array of team identifiers that define which validly signed kernel extensions will be allowed to load.

Type Default Required Regex iOS macOS Supervised
array N/A N/A N/A N/A N/A N/A

AllowedKernelExtensions

Allowed Kernel Extensions

A dictionary representing a set of kernel extensions that will always be allowed to load on the machine. The dictionary maps team identifiers (keys) to arrays of bundle identifiers. For unsigned legacy kernel extensions, use an empty key for the team identifier.

Type Default Required Regex iOS macOS Supervised
dict N/A N/A N/A N/A N/A N/A