Kernel Extension Policy¶
This payload allows you to control Allowed kernel extensions.
The payload can only be installed by an MDM that is “User Approved”. IE. only via DEP or manually trusted.
Contents
Summary¶
| PayloadType: | com.apple.syspolicy.kernel-extension-policy |
|---|---|
| Supervised Only: | |
| True | |
| macOS: | 10.13.2 |
| macOS Deprecated: | |
| N/A | |
| iOS: | N/A |
| iOS Deprecated: | N/A |
| Highlander: | N/A |
Keys¶
AllowUserOverrides¶
Allow user to approve kernel extensions
If set to true, users can approve additional kernel extensions not explicitly allowed by configuration profiles.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | N/A | N/A | N/A | N/A | N/A | N/A |
AllowedTeamIdentifiers¶
Allowed Team Identifiers
An array of team identifiers that define which validly signed kernel extensions will be allowed to load.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
AllowedKernelExtensions¶
Allowed Kernel Extensions
A dictionary representing a set of kernel extensions that will always be allowed to load on the machine. The dictionary maps team identifiers (keys) to arrays of bundle identifiers. For unsigned legacy kernel extensions, use an empty key for the team identifier.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| dict | N/A | N/A | N/A | N/A | N/A | N/A |