From f8f749ba005cc2e5f4083092bf59905b878e8eaa Mon Sep 17 00:00:00 2001 From: jontowles Date: Thu, 25 Oct 2018 23:57:12 -0400 Subject: [PATCH] Create AirWatchTCCProfile --- AirWatchTCCProfile | 667 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 667 insertions(+) create mode 100644 AirWatchTCCProfile diff --git a/AirWatchTCCProfile b/AirWatchTCCProfile new file mode 100644 index 0000000..a847fca --- /dev/null +++ b/AirWatchTCCProfile @@ -0,0 +1,667 @@ + + + Services + + + + SystemPolicySysAdminFiles + + + + + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + bundleID + + Identifier + + com.airwatch.mac.agent + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to access files used in system administration + + + + + + CodeRequirement + + anchor apple generic and identifier airwatchd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + path + + Identifier + + /Library/Application Support/AirWatch/airwatchd + + Allowed + + + + Comment + + Allow airwatchd to access files used in system administration + + + + + + SystemPolicyAllFiles + + + + + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + bundleID + + Identifier + + com.airwatch.mac.agent + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to access all protected files + + + + + + CodeRequirement + + anchor apple generic and identifier airwatchd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + path + + Identifier + + /Library/Application Support/AirWatch/airwatchd + + Allowed + + + + Comment + + Allow airwatchd to access all protected files + + + + + + Accessibility + + + + + + CodeRequirement + + anchor apple generic and identifier airwatchd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + path + + Identifier + + /Library/Application Support/AirWatch/airwatchd + + Allowed + + + + Comment + + Allow airwatchd in Accessibility + + + + + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + bundleID + + Identifier + + com.airwatch.mac.agent + + Allowed + + + + Comment + + Allow VMware AirWatch Agent in Accessibility + + + + + + PostEvent + + + + + + CodeRequirement + + anchor apple generic and identifier airwatchd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + path + + Identifier + + /Library/Application Support/AirWatch/airwatchd + + Allowed + + + + Comment + + Allow airwatchd to send PostEvents + + + + + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + bundleID + + Identifier + + com.airwatch.mac.agent + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to send PostEvents + + + + + + CodeRequirement + + anchor apple generic and identifier AWRemoteManagementDaemon and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + path + + Identifier + + /Library/Application Support/AirWatch/AWRemoteManagementDaemon + + Allowed + + + + Comment + + Allow AWRemoteManagementDaemon to send PostEvents + + + + + + CodeRequirement + + anchor apple generic and identifier AWRemoteTunnelAgent and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + IdentifierType + + path + + Identifier + + /Library/Application Support/AirWatch/AWRemoteTunnelAgent + + Allowed + + + + Comment + + Allow AWRemoteTunnelAgent to send PostEvents + + + + + + AppleEvents + + + + + + Identifier + + com.airwatch.mac.agent + + IdentifierType + + bundleID + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.apple.finder + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.apple.finder" and anchor apple + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to send AppleEvents to Finder.app + + + + + + Identifier + + com.airwatch.mac.agent + + IdentifierType + + bundleID + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.apple.systemuiserver + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.apple.systemuiserver" and anchor apple + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to send AppleEvents to SystemUIServer.app + + + + + + Identifier + + com.airwatch.mac.agent + + IdentifierType + + bundleID + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.apple.systempreferences + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.apple.systempreferences" and anchor apple + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to send AppleEvents to System Preferences.app + + + + + + Identifier + + com.airwatch.mac.agent + + IdentifierType + + bundleID + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.apple.systemevents + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.apple.systemevents" and anchor apple + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to send AppleEvents to System Events.app + + + + + + Identifier + + com.airwatch.mac.agent + + IdentifierType + + bundleID + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.apple.mail + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.apple.mail" and anchor apple + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to send AppleEvents to Mail.app + + + + + + Identifier + + com.airwatch.mac.agent + + IdentifierType + + bundleID + + CodeRequirement + + anchor apple generic and identifier "com.airwatch.mac.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.microsoft.Outlook + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.microsoft.Outlook" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 + + Allowed + + + + Comment + + Allow VMware AirWatch Agent to send AppleEvents to Microsoft Outlook.app + + + + + + Identifier + + /Library/Application Support/AirWatch/airwatchd + + IdentifierType + + path + + CodeRequirement + + anchor apple generic and identifier airwatchd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.apple.finder + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.apple.finder" and anchor apple + + Allowed + + + + Comment + + Allow airwatchd to send AppleEvents to Finder.app + + + + + + Identifier + + /Library/Application Support/AirWatch/airwatchd + + IdentifierType + + path + + CodeRequirement + + anchor apple generic and identifier airwatchd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.apple.systemuiserver + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.apple.systemuiserver" and anchor apple + + Allowed + + + + Comment + + Allow airwatchd to send AppleEvents to SystemUIServer.app + + + + + + Identifier + + /Library/Application Support/AirWatch/airwatchd + + IdentifierType + + path + + CodeRequirement + + anchor apple generic and identifier airwatchd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.microsoft.Outlook + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.microsoft.Outlook" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 + + Allowed + + + + Comment + + Allow airwatchd to send AppleEvents to Microsoft Outlook.app + + + + + + Identifier + + /Library/Application Support/AirWatch/airwatchd + + IdentifierType + + path + + CodeRequirement + + anchor apple generic and identifier airwatchd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = S2ZMFGQM93) + + AEReceiverIdentifier + + com.apple.systemevents + + AEReceiverIdentifierType + + bundleID + + AEReceiverCodeRequirement + + identifier "com.apple.systemevents" and anchor apple + + Allowed + + + + Comment + + Allow airwatchd to send AppleEvents to System Events.app + + + + + + + + PayloadDescription + + TCC Payload for AirWatch Agent + + PayloadDisplayName + + TCC Payload for AirWatch Agent + + PayloadIdentifier + + com.vmware.agent.tcc + + PayloadOrganization + + VMware + + PayloadType + + com.apple.TCC.configuration-profile-policy + + PayloadUUID + + 0D4540F5-35EC-45B8-9F11-XXXXXXXXXXXX + + PayloadVersion + + 1 + +