System Policy Rule¶
This is one of three payloads that allows control of various GateKeeper settings.
This payload allows control over Gatekeeper’s system policy rules. The keys and functionality are tightly related to the spctl command line tool. You should be read the manual page for spctl.
This payload must only exist in a device profile. If the payload is present in a user profile, an error will be generated during installation and the profile will fail to install.
Summary¶
| PayloadType: | com.apple.systempolicy.rule |
|---|---|
| Supervised Only: | |
| N/A | |
| macOS: | 10.8 |
| macOS Deprecated: | |
| N/A | |
| iOS: | N/A |
| iOS Deprecated: | N/A |
| Highlander: | N/A |
Keys¶
Requirement¶
The policy requirement
The policy requirement. This key must follow the syntax described in Code Signing Requirement Language.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | always | N/A | N/A | N/A | N/A |
Comment¶
This string will appear in the System Policy UI.
This string will appear in the System Policy UI. If it is missing, “PayloadDisplayName” or “PayloadDescription” will be put into this field before the rule is added to the System Policy database.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
Expiration¶
An expiration date for rule(s) being processed.
An expiration date for rule(s) being processed.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| date | N/A | N/A | N/A | N/A | N/A | N/A |
OperationType¶
Operation Type.
Operation Type.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | operation:execute | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- operation:execute
- operation:install
- operation:lsopen