CalvinBackup/apple_device-management
1
0
Fork 0
mirror of https://github.com/apple/device-management.git synced 2026-05-27 09:42:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release_iOS-18-2_macOS-15-2

Browse Source
This commit is contained in:
Cyrus Daboo
2024-12-12 15:35:43 -05:00
parent b6202ca2fb
commit 1fa842739c
133 changed files with 529 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files
declarative/declarations/configurations/diskmanagement.settings.yaml
+7 -7
View File
@@ -23,7 +23,7 @@ payloadkeys:
- key: Restrictions
type: <dictionary>
presence: optional
content: Defines the restrictions for disks
content: The restrictions for the disk.
subkeys:
- key: ExternalStorage
title: External Storage
@@ -36,9 +36,9 @@ payloadkeys:
combinetype: enum-last
content: |-
Specifies the mount policy for external storage:
* Allowed - external storage that is read-write or read-only will be mounted.
* ReadOnly - only external storage that is read-only will be automatically mounted. Note that external storage that is read-write will not be mounted read-only.
* Disallowed - no external storage will be mounted.
* 'Allowed': the system can mount external storage that is read-write or read-only.
* 'ReadOnly': the system can only mount read-only external storage. Note that external storage that is read-write will not be mounted read-only.
* 'Disallowed': The system can't mount any external storage.
- key: NetworkStorage
title: Network Storage
type: <string>
@@ -50,6 +50,6 @@ payloadkeys:
combinetype: enum-last
content: |-
Specifies the mount policy for network storage:
* Allowed - network storage that is read-write or read-only will be mounted.
* ReadOnly - only network storage that is read-only will be mounted. Note that network storage that is read-write will not be mounted read-only.
* Disallowed - no network storage will be mounted.
* 'Allowed': the system can mount network storage that is read-write or read-only.
* 'ReadOnly': the system can only mount read-only network storage. Note that network storage that is read-write will not be mounted read-only.
* 'Disallowed': The system can't mount any network storage.
declarative/declarations/configurations/math.settings.yaml
+2 -2
View File
@@ -75,7 +75,7 @@ payloadkeys:
type: <dictionary>
presence: optional
content: If present, configures the Math Notes mode of the calculator. If not
present, math notes mode is enabled.
present, Math Notes mode is enabled.
subkeys:
- key: Enabled
type: <boolean>
@@ -110,7 +110,7 @@ payloadkeys:
type: <boolean>
presence: required
combinetype: boolean-and
content: Controls whether keyboard suggestions include math solutions
content: Controls whether keyboard suggestions include math solutions.
- key: MathNotes
type: <boolean>
presence: required
declarative/declarations/configurations/safari.extensions.settings.yaml
+17 -19
View File
@@ -30,17 +30,15 @@ payloadkeys:
title: Managed Extensions
type: <dictionary>
presence: optional
content: Extensions being managed
content: The dictionary of managed extensions settings.
subkeys:
- key: ANY
type: <dictionary>
presence: optional
content: The composed identifier of the managed extension, or "*" for all extensions.
In order for the extension to be managed, its host app must be present on the
device. To generate this string use codesign -dv <path_to_appex>. The browser
extension is located in the PlugIns folder inside the app bundle. The expected
format is "Identifier (TeamIdentifier)". For extensions that are not also available
on macOS the app developer will need to provide this information.
content: |-
The composed identifier of the managed extension, or “*” for all extensions. In order for the extension to be managed, its host app must be present on the device.
To generate this string use 'codesign -dv <path_to_appex>'. The browser extension is located in the PlugIns folder inside the app bundle. The expected format is “Identifier (TeamIdentifier)”.
For extensions that aren't also available on macOS the app developer needs to provide this information.
subkeytype: ExtensionDictionary
subkeys:
- key: State
@@ -54,9 +52,9 @@ payloadkeys:
combinetype: enum-last
content: |-
Controls whether an extension is allowed.
* Allowed - The user is allowed to turn the extension on or off
* AlwaysOn - The extension will always be on
* AlwaysOff - The extension will always be off
* 'Allowed' - The user is allowed to turn the extension on or off.
* 'AlwaysOn' - The extension will always be on.
* 'AlwaysOff' - The extension will always be off.
- key: PrivateBrowsing
title: Private Browsing state
type: <string>
@@ -68,18 +66,18 @@ payloadkeys:
combinetype: enum-last
content: |-
Controls whether an extension is allowed in Private Browsing.
* Allowed - The user is allowed to turn the extension on or off in Private Browsing
* AlwaysOn - The extension will always be on in Private Browsing if the extension is on outside of Private Browsing
* AlwaysOff - The extension will never be on in Private Browsing
* 'Allowed' - The user is allowed to turn the extension on or off in Private Browsing.
* 'AlwaysOn' - The extension will always be on in Private Browsing if the extension is on outside of Private Browsing.
* 'AlwaysOff' - The extension will never be on in Private Browsing.
- key: AllowedDomains
title: Allowed domains
type: <array>
presence: optional
combinetype: set-union
content: Controls the domains and sub-domains the extension is granted access
to. Any non-prefixed domains take precedence over prefixed domains, and DeniedDomains
takes precedence over AllowedDomains. Any domains not specified in AllowedDomains
or DeniedDomains are configurable by the user.
to. Any non-prefixed domains take precedence over prefixed domains, and 'DeniedDomains'
takes precedence over 'AllowedDomains'. Any domains not specified in 'AllowedDomains'
or 'DeniedDomains' are configurable by the user.
subkeys:
- key: Domain
title: Domain
@@ -90,10 +88,10 @@ payloadkeys:
type: <array>
presence: optional
combinetype: set-union
content: Controls the domains and sub-domains the extension is not allowed to
content: Controls the domains and sub-domains the extension isn't allowed to
access. Any non-prefixed domains take precedence over prefixed domains, and
DeniedDomains takes precedence over AllowedDomains. Any domains not specified
in AllowedDomains or DeniedDomains are configurable by the user.
'DeniedDomains' takes precedence over 'AllowedDomains'. Any domains not specified
in 'AllowedDomains' or 'DeniedDomains' are configurable by the user.
subkeys:
- key: Domain
title: Domain
declarative/declarations/configurations/services.background-tasks.yaml
+11 -17
View File
@@ -24,8 +24,8 @@ payloadkeys:
type: <string>
presence: required
content: The unique identifier of the set of background tasks managed with this
configuration. This should be a reverse DNS style identifier. This is used solely
by the management system to differentiate between tasks in different configurations.
configuration. This should be a reverse DNS style identifier. The system uses
this identifier to differentiate between tasks in different configurations.
- key: TaskDescription
title: Task Description
type: <string>
@@ -40,20 +40,14 @@ payloadkeys:
- application/zip
presence: optional
content: |-
Specifies the identifier of an asset declaration containing a reference
to the files to be used for the background task configuration. The corresponding
asset must be of type "com.apple.asset.data". The referenced data must be a zip
archive of an entire directory, that will be expanded and stored in a well known
location for the background task. The asset's "ContentType" and "Hash-SHA-256"
keys in the "Reference" key are required.
This file should contain background task executables, scripts, and configuration
files, but not the launchd configuration files.
Specifies the identifier of an asset declaration containing a reference to the files to be used for the background task configuration. The corresponding asset must be of type “'com.apple.asset.data'”.
The referenced data must be a zip archive of an entire directory, that will be expanded and stored in a well known location for the background task. The asset's “ContentType” and “Hash-SHA-256” keys in the “Reference” key are required.
This file should contain background task executables, scripts, and configuration files, but not the 'launchd' configuration files.
- key: LaunchdConfigurations
title: Launchd Configurations
type: <array>
presence: optional
content: An array of launchd configuration files used to run the background tasks.
content: An array of 'launchd' configuration files used to run the background tasks.
subkeys:
- key: launchd-item
type: <dictionary>
@@ -70,11 +64,11 @@ payloadkeys:
- application/xml
- text/xml
presence: required
content: |-
Specifies the identifier of an asset declaration containing a reference
to the launchd configuration file for the background task. The referenced data must be a
property list file conforming to the launchd.plist format. The asset's "ContentType" and "Hash-SHA-256"
keys in the "Reference" key are required.
content: Specifies the identifier of an asset declaration containing a reference
to the launchd configuration file for the background task. The referenced
data must be a property list file conforming to the launchd.plist format.
The asset's ContentType and Hash-SHA-256” keys in the “Reference” key are
required.
- key: Context
title: Launchd Context
type: <string>
declarative/declarations/configurations/softwareupdate.settings.yaml
+53 -58
View File
@@ -33,9 +33,9 @@ payloadkeys:
presence: optional
default: true
combinetype: boolean-and
content: If 'true', the device shows all software update enforcement notifications.
If 'false', the device only shows notifications triggered one hour before the
enforcement deadline, and the restart countdown notification.
content: |-
If set to 'true', the device shows all software update enforcement notifications.
If set to 'false', the device only shows notifications triggered one hour before the enforcement deadline, and the restart countdown notification.
- key: Deferrals
title: Software Update Deferrals
supportedOS:
@@ -44,8 +44,8 @@ payloadkeys:
- supervised
type: <dictionary>
presence: optional
content: Controls the deferral of software updates. Rapid Security Responses are
not considered within 'Major', 'Minor', or 'System' deferral mechanism.
content: This object configures the deferral of software updates. Rapid Security
Responses aren't considered within 'Major', 'Minor', or 'System' deferral mechanism.
subkeys:
- key: CombinedPeriodInDays
title: Combined Major/Minor Update Deferral Period
@@ -60,7 +60,7 @@ payloadkeys:
combinetype: number-max
content: Specifies the number of days to defer a major or minor OS software update
on the device. When set, software updates only appear after the specified delay,
following the release of the software update.
following the release of the software update. Available in iOS 18 and later.
- key: MajorPeriodInDays
title: Major Update Deferral Period
supportedOS:
@@ -74,7 +74,7 @@ payloadkeys:
combinetype: number-max
content: Specifies the number of days to defer a major OS software update on the
device. When set, software updates only appear after the specified delay, following
the release of the software update.
the release of the software update. Available in macOS 15 and later.
- key: MinorPeriodInDays
title: Minor Update Deferral Period
supportedOS:
@@ -87,8 +87,9 @@ payloadkeys:
max: 90
combinetype: number-max
content: Specifies the number of days to defer a minor OS software update on the
device. When set, software updates only appear after the specified delay, following
the release of the software update.
device. It also defers major updates for iOS. When set, software updates only
appear after the specified delay, following the release of the software update.
Available in macOS 15 and later.
- key: SystemPeriodInDays
title: System Update Deferral Period
supportedOS:
@@ -102,7 +103,7 @@ payloadkeys:
combinetype: number-max
content: Specifies the number of days to defer system or non-OS updates. When
set, updates only appear after the specified delay, following the release of
the update.
the update. Available in macOS 15 and later.
- key: RecommendedCadence
title: Software Update Recommended Cadence
supportedOS:
@@ -116,10 +117,10 @@ payloadkeys:
- Newest
combinetype: enum-last
content: |-
Specifies how the device shows software updates to the user. When more than one update is available update, the device behaves as follows:
* "All" - Shows all software update versions.
* "Oldest" - Shows only the oldest (lower numbered) software update version.
* "Newest" - Shows only the newest (highest numbered) software update version.
This string specifies how the device shows software updates to the user. When more than one update is available update, the device behaves as follows:
* 'All' - Shows all software update versions.
* 'Oldest' - Shows only the oldest (lower numbered) software update version.
* 'Newest' - Shows only the newest (highest numbered) software update version.
- key: AutomaticActions
title: Automatic Software Update Settings
supportedOS:
@@ -128,7 +129,7 @@ payloadkeys:
- supervised
type: <dictionary>
presence: optional
content: Specifies various automatic Software Update functionality.
content: This object configures various automatic Software Update functionality.
subkeys:
- key: Download
title: Automatic downloads of available updates.
@@ -141,10 +142,10 @@ payloadkeys:
default: Allowed
combinetype: enum-last
content: |-
Specifies whether automatic downloads of available updates can be controlled by the user:
* "Allowed" - the user can enable or disable automatic downloads.
* "AlwaysOn" - automatic downloads are always enabled.
* "AlwaysOff" - automatic downloads are always disabled.
Specifies whether the user can control automatic downloads of available updates:
* 'Allowed' - the user can enable or disable automatic downloads.
* 'AlwaysOn' - automatic downloads are always enabled.
* 'AlwaysOff' - automatic downloads are always disabled.
- key: InstallOSUpdates
title: Automatic installs of OS updates.
type: <string>
@@ -156,10 +157,10 @@ payloadkeys:
default: Allowed
combinetype: enum-last
content: |-
Specifies whether automatic install of available OS updates can be controlled by the user:
* "Allowed" - the user can enable or disable automatic installs.
* "AlwaysOn" - automatic installs are always enabled.
* "AlwaysOff" - automatic installs are always disabled.
Specifies whether the user can control automatic installation of available updates:
* 'Allowed' - the user can enable or disable automatic installation.
* 'AlwaysOn' - automatic installations are always enabled.
* 'AlwaysOff' - automatic installations are always disabled.
- key: InstallSecurityUpdate
title: Automatic installs of available security updates.
supportedOS:
@@ -174,10 +175,10 @@ payloadkeys:
default: Allowed
combinetype: enum-last
content: |-
Specifies whether automatic install of available security updates can be controlled by the user:
* "Allowed" - the user can enable or disable automatic installs.
* "AlwaysOn" - automatic installs are always enabled.
* "AlwaysOff" - automatic installs are always disabled.
Specifies whether the user can control automatic installation of available security updates:
* 'Allowed' - the user can enable or disable automatic installation.
* 'AlwaysOn' - automatic installations are always enabled.
* 'AlwaysOff' - automatic installations are always disabled.
- key: RapidSecurityResponse
title: Rapid Security Response Settings
supportedOS:
@@ -186,8 +187,8 @@ payloadkeys:
- supervised
type: <dictionary>
presence: optional
content: These configurations allow for setting user access to interacting with
Rapid Security Responses (RSRs).
content: These configurations set user access to interacting with Rapid Security
Responses (RSRs).
subkeys:
- key: Enable
title: Enable Rapid Security Response Installation
@@ -195,17 +196,18 @@ payloadkeys:
presence: optional
default: true
combinetype: boolean-and
content: If 'false', Rapid Security Responses are not offered for user installation.
Rapid Security Responses can still be installed via 'com.apple.configuration.softwareupdate.enforcement.specific'
configurations. If 'true', Rapid Security Responses are offered to the user.
content: |-
If set to 'false', Rapid Security Responses aren't offered for user installation. The system can still install Rapid Security Responses with 'com.apple.configuration.softwareupdate.enforcement.specific' configurations.
If set to 'true', the system offers Rapid Security Responses to the user.
- key: EnableRollback
title: Enable Rapid Security Response Rollbacks
type: <boolean>
presence: optional
default: true
combinetype: boolean-and
content: If 'false', Rapid Security Response rollbacks are not offered to the
user. If 'true', Rapid Security Response rollbacks are offered to the user.
content: |-
If set to 'false', the system doesn't offer Rapid Security Response rollbacks to the user.
If set to 'true', the system offers Rapid Security Response rollbacks to the user.
- key: AllowStandardUserOSUpdates
title: Allow Standard User OS Updates
supportedOS:
@@ -215,16 +217,16 @@ payloadkeys:
presence: optional
default: true
combinetype: boolean-and
content: If 'true', a standard user can perform Major and Minor Software Updates.
If 'false', only administrators can perform Major and Minor Software Updates.
content: |-
If set to 'true', a standard user can perform Major and Minor Software Updates.
If set to 'false', only administrators can perform Major and Minor Software Updates.
- key: Beta
supportedOS:
macOS:
introduced: n/a
type: <dictionary>
presence: optional
content: Configurations for controlling or specifying the beta programs associated
with a device.
content: This object configures the beta program settings for a device.
subkeys:
- key: ProgramEnrollment
supportedOS:
@@ -240,26 +242,19 @@ payloadkeys:
default: Allowed
combinetype: enum-last
content: |-
Specifies whether beta program enrollment can be controlled by the user in software update settings UI:
* "Allowed" - the user can enroll in any applicable beta programs associated with their
logged in Apple Account. If the `OfferPrograms` key is present, then the programs listed in
that key are also presented to the user.
* "AlwaysOn" - the beta programs specified by the organization are used, and the user
is not be able to enroll in a beta program using their logged in Apple Account. The device
is automatically enrolled into the beta program specified by the `RequireProgram` key if
it is present. Otherwise, the programs listed in the `OfferPrograms` key are
presented to the user to choose which to enroll with.
* "AlwaysOff" - The device is not allowed to enroll in any beta programs. The device is
removed from any beta programs, if already enrolled.
Specifies whether the user can control beta program enrollment in the software update settings UI:
* 'Allowed' - the user can enroll in any applicable beta programs associated with their logged in Apple Account. If the 'OfferPrograms' key is present, then the programs listed in that key are also presented to the user.
* 'AlwaysOn' - the beta programs specified by the organization are used, and the user isn't able to enroll in a beta program using their logged in Apple Account. The device is automatically enrolled into the beta program specified by the 'RequireProgram' key if it's present. Otherwise, the system presents the programs listed in the 'OfferPrograms' key to the user to choose which to enroll with.
* 'AlwaysOff' - The device isn't allowed to enroll in any beta programs. The system removes the device from any beta programs, if already enrolled.
- key: OfferPrograms
type: <array>
presence: optional
combinetype: set-union
content: An array of beta programs allowed on the device. This key must only be
present if the `ProgramEnrollment` key is set to `Allowed` or `AlwaysOn`. This
key must not be present if the `RequireProgram` key is present. This key can
be present on unsupervised devices where the `ProgramEnrollment` key is not
supported but is implicitly set to `Allowed`.
present if the 'ProgramEnrollment' key is set to 'Allowed' or 'AlwaysOn'. This
key must not be present if the 'RequireProgram' key is present. This key can
be present on unsupervised devices where the 'ProgramEnrollment' key isn't supported
but is implicitly set to 'Allowed'.
subkeys:
- key: Program
type: <dictionary>
@@ -274,8 +269,8 @@ payloadkeys:
type: <string>
presence: required
content: The Apple Business Manager or Apple School Manager seeding service
token for the organization the MDM server is part of. This token is used
to enroll the device in the corresponding beta program.
token for the organization the MDM server is part of. The system uses this
token to enroll the device in the corresponding beta program.
- key: RequireProgram
supportedOS:
iOS:
@@ -285,7 +280,7 @@ payloadkeys:
presence: optional
combinetype: first
content: The device automatically enrolls in this beta program. This key must
only be present if the `ProgramEnrollment` key is set to `AlwaysOn`. The `OfferPrograms`
only be present if the 'ProgramEnrollment' key is set to 'AlwaysOn'. The 'OfferPrograms'
key must not be present if this key is present.
subkeys:
- key: Description
@@ -296,8 +291,8 @@ payloadkeys:
type: <string>
presence: required
content: The Apple Business Manager or Apple School Manager seeding service
token for the organization the MDM server is part of. This token is used to
enroll the device in the corresponding beta program.
token for the organization the MDM server is part of. The system uses this
token to enroll the device in the corresponding beta program.
related-status-items:
- status-items:
- softwareupdate.beta-enrollment
declarative/status/device.model.marketing-name.yaml
+1 -2
View File
@@ -55,5 +55,4 @@ payloadkeys:
type: <string>
presence: required
content: The device's marketing name, such as 'iPhone 12'. This value may not always
be available. Alternatively, use 'device.model.configuration-code' to look up
the marketing name through the web API.
be available.
declarative/status/softwareupdate.beta-enrollment.yaml
+1 -1
View File
@@ -30,5 +30,5 @@ payloadkeys:
title: The device's enrolled beta program.
type: <string>
presence: required
content: The device's enrolled beta program name, or an empty string if there is
content: The device's enrolled beta program name, or an empty string if there's
no enrolled beta program.
declarative/status/softwareupdate.device-id.yaml
+1 -1
View File
@@ -31,4 +31,4 @@ payloadkeys:
type: <string>
presence: required
content: The device identifier to use when looking up available software updates
via <https://gdmf.apple.com/v2/pmv>.
via 'https://gdmf.apple.com/v2/pmv'.
declarative/status/softwareupdate.pending-version.yaml
+7
View File
@@ -46,3 +46,10 @@ payloadkeys:
presence: required
content: The build version of the pending software update, including any rapid
security response version. This string is empty if no update is pending.
- key: target-local-date-time
title: The target local date-time
type: <string>
presence: optional
content: The local date time value for when the pending software update will be
installed. This key is only present when the pending software update is being
enforced.