Contents

SystemPolicyKernelExtensions

The payload that configures the kernel extension policies.

Declaration

object SystemPolicyKernelExtensions

Properties

NameTypeDescription
AllowedKernelExtensionsSystemPolicyKernelExtensions.AllowedKernelExtensions

The dictionary that represents a set of kernel extensions that the system always allows to load on the computer. The dictionary maps team identifiers (keys) to arrays of bundle identifiers.

AllowedTeamIdentifiers[string]

The array of team identifiers that define which validly signed kernel extensions can load.

AllowNonAdminUserApprovalsboolean

If true, nonadministrative users can approve additional kernel extensions in the Security & Privacy preferences.

Available in macOS 11 and later.

AllowUserOverridesboolean

If true, users can approve additional kernel extensions that configuration profiles don’t explicitly allow.

Discussion

Specify com.apple.syspolicy.kernel-extension-policy as the payload type.

Profile availability

Device channel

macOS

User channel

NA

Allow manual install

NA

Requires supervision

NA

Requires user-approved MDM

macOS

Allowed in user enrollment

NA

Allow multiple payloads

macOS

Profile example

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>AllowUserOverrides</key>
            <false/>
            <key>AllowedTeamIdentifiers</key>
            <array>
                <string>ABCDE12345</string>
            </array>
            <key>AllowedKernelExtensions</key>
            <dict>
                <key></key>
                <array>
                    <string>com.example.mydriver</string>
                </array>
                <key>ABCDE12345</key>
                <array>
                    <string>com.example.kext.mydriver</string>
                </array>
            </dict>
            <key>PayloadIdentifier</key>
            <string>com.example.mysystempolicykernalextensionspayload</string>
            <key>PayloadType</key>
            <string>com.apple.syspolicy.kernel-extension-policy</string>
            <key>PayloadUUID</key>
            <string>3202f59b-3583-4e6c-82ae-776f3c815df1</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>System Policy Kernal Extension</string>
    <key>PayloadIdentifier</key>
    <string>com.example.myprofile</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>d9fa7f5b-713d-48f8-a8bd-219cf3061873</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Topics

Objects

See Also

System Policy