shaharnis
Contributor
Contributor

Full Disk Access now being granted via custom profile xml

Hello,

We're having issues with using a custom xml profile configuration.

I have a simple configuration file which we publish after installing a specific security app, which grants Full Disk Access to the application.
Using JAMF with the configuration file worked fine and the application was given full disk access.

For some reason, using the same configuration file with vmware workspace one doesn't succeed and full disk access is not applied, yet I do see the profile is being applied.

shaharnis_1-1622716198921.jpeg

 

shaharnis_0-1622716178903.png

 

 

 

 

 

 

 

 

 

 

 

Below is my xml config file, removed personal information.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>identifier "com.myapp.app" and anchor apple generic and certificate 1[field.x.x.xxx.xxxxxx.xxx.x.x.x] /* exists */ and certificate leaf[field.x.x.xxx.xxxxxx.xxx.x.x.xx] /* exists */ and certificate leaf[subject.OU] = NNNNNNNNNN</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.myapp.app</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>payloadScope</key>
<string>system</string>
</dict>
</plist>


Thanks for any help

Labels (2)
0 Kudos
2 Replies
KevinKrumm
Enthusiast
Enthusiast

try pasting just the 

<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>identifier "com.myapp.app" and anchor apple generic and certificate 1[field.x.x.xxx.xxxxxx.xxx.x.x.x] /* exists */ and certificate leaf[field.x.x.xxx.xxxxxx.xxx.x.x.xx] /* exists */ and certificate leaf[subject.OU] = NNNNNNNNNN</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.myapp.app</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>payloadScope</key>
<string>system</string>
</dict>

 

Tags (1)
rterakedis
VMware Employee
VMware Employee

@shaharnis - did you copy/paste this into a custom XML profile or did you use the "Privacy Preferences" payload in a macOS device profile?

If you did a custom XML profile, you may have pasted too much of the profile.  You would only need to paste the following content:

<dict>
  <key>PayloadDescription</key>
  <string>My_App_Policy</string>
  <key>PayloadDisplayName</key>
  <string>My_App_Policy</string>
  <key>PayloadIdentifier</key>
  <string>1111111-1111-1111-1111-11111111</string>
  <key>PayloadOrganization</key>
  <string>myapp</string>
  <key>PayloadType</key>
  <string>com.apple.TCC.configuration-profile-policy</string>
  <key>PayloadUUID</key>
  <string>22222222-1111-1111-1111-11111111</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  <key>Services</key>
  <dict>
    <key>SystemPolicyAllFiles</key>
    <array>
      <dict>
        <key>Allowed</key>
        <true/>
        <key>CodeRequirement</key>
        <string>identifier "com.myapp.app" and anchor apple generic and certificate 1[field.x.x.xxx.xxxxxx.xxx.x.x.x] /* exists */ and certificate leaf[field.x.x.xxx.xxxxxx.xxx.x.x.xx] /* exists */ and certificate leaf[subject.OU] = NNNNNNNNNN</string>
        <key>Comment</key>
        <string></string>
        <key>Identifier</key>
        <string>com.myapp.app</string>
        <key>IdentifierType</key>
        <string>bundleID</string>
      </dict>
    </array>
  </dict>
</dict>

 Workspace ONE will handle wrapping the custom XML dictionaries into the array.