DigiDNA May 2024 (#672)

* Ethernet manifests updated to have their EAPClientConfiguration structures match the one from the Wi-Fi manifest on commit 5be546e (the most up-to-date version which will be merged using a different PR)

* Empty descriptions removed

* Comment removed from the EAS manifest following official documentation update. Also, missing closing double quotes added

* New iOS Restrictions key along with a stylistic tweak and redundant platforms tag removal

* New PPPC manifest key

* Tweaks to recent updates following Device Management repository update

* The `moduleName` key in both of the Screensaver domains is incorrectly documented as required. Tested, confirmed, and reported (FB13737034). The commit makes the key optional.

* Added the HESSID key to the Wi-Fi manifest

* Description update in the PPPC manifest

* Added an exclusion condition to the `UserName` key in the Wi-Fi manifest

* Added the new `allowAutoDim` key to the Restrictions manifest

* New keys added to segments

* Default values corrected in the MCX Energy Saver and the Content Caching manifests

Manifests/ManifestsApple/com.apple.AssetCache.managed.plist

@@ -13,7 +13,7 @@
 	<key>pfm_interaction</key>
 	<string>exclusive</string>
 	<key>pfm_last_modified</key>
-	<date>2023-08-15T08:00:00Z</date>
+	<date>2024-05-16T08:07:50Z</date>
 	<key>pfm_macos_min</key>
 	<string>10.13.4</string>
 	<key>pfm_platforms</key>
@@ -134,7 +134,7 @@ The payload organization for a payload need not match the payload organization i
 		</dict>
 		<dict>
 			<key>pfm_default</key>
-			<true/>
+			<false/>
 			<key>pfm_description</key>
 			<string>Users can't turn off the content caching service.</string>
 			<key>pfm_description_reference</key>

Manifests/ManifestsApple/com.apple.MCX-EnergySaver.plist

@@ -13,7 +13,7 @@
 	<key>pfm_interaction</key>
 	<string>combined</string>
 	<key>pfm_last_modified</key>
-	<date>2023-08-15T08:00:00Z</date>
+	<date>2024-05-16T08:07:50Z</date>
 	<key>pfm_platforms</key>
 	<array>
 		<string>macOS</string>
@@ -785,7 +785,7 @@
 		</dict>
 		<dict>
 			<key>pfm_default</key>
-			<true/>
+			<false/>
 			<key>pfm_description</key>
 			<string></string>
 			<key>pfm_name</key>

Manifests/ManifestsApple/com.apple.TCC.configuration-profile-policy.plist

@@ -11,7 +11,7 @@
 	<key>pfm_interaction</key>
 	<string>combined</string>
 	<key>pfm_last_modified</key>
-	<date>2023-11-29T16:46:29Z</date>
+	<date>2024-05-02T12:40:46Z</date>
 	<key>pfm_macos_min</key>
 	<string>10.14</string>
 	<key>pfm_platforms</key>
@@ -413,6 +413,121 @@
 					<key>pfm_value_import_processor</key>
 					<string>com.apple.TCC.configuration-profile-policy.services.AppleEvents</string>
 				</dict>
+				<dict>
+					<key>pfm_description</key>
+					<string>Specifies the policies for the app to access Bluetooth devices.</string>
+					<key>pfm_macos_min</key>
+					<string>11.0</string>
+					<key>pfm_name</key>
+					<string>BluetoothAlways</string>
+					<key>pfm_subkeys</key>
+					<array>
+						<dict>
+							<key>pfm_description</key>
+							<string>Keys are limited to the privacy service names listed below. Each key is an array of dictionaries describing the app or process to which access is given. In the case of conflicting specifications, the most restrictive setting (deny) will be used.</string>
+							<key>pfm_name</key>
+							<string>Services</string>
+							<key>pfm_require</key>
+							<string>always</string>
+							<key>pfm_subkeys</key>
+							<array>
+								<dict>
+									<key>pfm_description</key>
+									<string>The bundle ID or installation path of the binary.</string>
+									<key>pfm_name</key>
+									<string>Identifier</string>
+									<key>pfm_require</key>
+									<string>always</string>
+									<key>pfm_title</key>
+									<string>Identifier</string>
+									<key>pfm_type</key>
+									<string>string</string>
+									<key>pfm_value_placeholder</key>
+									<string>com.github.erikberglund.ProfileCreator</string>
+								</dict>
+								<dict>
+									<key>pfm_description</key>
+									<string>The type of Identifier value.</string>
+									<key>pfm_name</key>
+									<string>IdentifierType</string>
+									<key>pfm_range_list</key>
+									<array>
+										<string>bundleID</string>
+										<string>path</string>
+									</array>
+									<key>pfm_range_list_titles</key>
+									<array>
+										<string>Bundle ID</string>
+										<string>Path</string>
+									</array>
+									<key>pfm_require</key>
+									<string>always</string>
+									<key>pfm_title</key>
+									<string>Identifier Type</string>
+									<key>pfm_type</key>
+									<string>string</string>
+								</dict>
+								<dict>
+									<key>pfm_description</key>
+									<string>The designated requirement describing the code signature of this executable.</string>
+									<key>pfm_name</key>
+									<string>CodeRequirement</string>
+									<key>pfm_require</key>
+									<string>always</string>
+									<key>pfm_title</key>
+									<string>Code Requirement</string>
+									<key>pfm_type</key>
+									<string>string</string>
+								</dict>
+								<dict>
+									<key>pfm_description</key>
+									<string>If set to true, statically validate the code requirement. Used only if the process invalidates its dynamic code signature.</string>
+									<key>pfm_name</key>
+									<string>StaticCode</string>
+									<key>pfm_title</key>
+									<string>StaticCode</string>
+									<key>pfm_type</key>
+									<string>boolean</string>
+								</dict>
+								<dict>
+									<key>pfm_description</key>
+									<string>The 'Authorization' key is an optional replacement for the 'Allowed' key. Every payload must specify either 'Authorization' or 'Allowed', but not both.
+'Allow': Equivalent to a 'true' value for the 'Allowed' key.
+'Deny': Equivalent to a 'false' value for the 'Allowed' key.</string>
+									<key>pfm_name</key>
+									<string>Authorization</string>
+									<key>pfm_range_list</key>
+									<array>
+										<string>Allow</string>
+										<string>Deny</string>
+									</array>
+									<key>pfm_type</key>
+									<string>string</string>
+								</dict>
+								<dict>
+									<key>pfm_description</key>
+									<string>Not Used</string>
+									<key>pfm_hidden</key>
+									<string>all</string>
+									<key>pfm_name</key>
+									<string>Comment</string>
+									<key>pfm_title</key>
+									<string>Comment</string>
+									<key>pfm_type</key>
+									<string>string</string>
+								</dict>
+							</array>
+							<key>pfm_title</key>
+							<string>Services</string>
+							<key>pfm_type</key>
+							<string>dictionary</string>
+						</dict>
+					</array>
+					<key>pfm_title</key>
+					<string>Bluetooth Always</string>
+					<key>pfm_type</key>
+					<string>array</string>
+				</dict>
 				<dict>
 					<key>pfm_description_reference</key>
 					<string>Specifies the policies for calendar information managed by the Calendar.app.</string>
@@ -2974,6 +3089,6 @@ Available in macOS 11 and later.</string>
 	<key>pfm_user_approved</key>
 	<true/>
 	<key>pfm_version</key>
-	<integer>7</integer>
+	<integer>8</integer>
 </dict>
 </plist>

Manifests/ManifestsApple/com.apple.applicationaccess-iOS.plist

@@ -15,7 +15,7 @@
 	<key>pfm_interaction</key>
 	<string>combined</string>
 	<key>pfm_last_modified</key>
-	<date>2024-03-07T11:07:13Z</date>
+	<date>2024-05-14T14:00:54Z</date>
 	<key>pfm_platforms</key>
 	<array>
 		<string>iOS</string>
@@ -192,6 +192,7 @@ The payload organization for a payload need not match the payload organization i
 					<string>allowSystemAppRemoval</string>
 					<string>allowUIAppInstallation</string>
 					<string>allowMarketplaceAppInstallation</string>
+					<string>allowWebDistributionAppInstallation</string>
 					<string>allowYouTube</string>
 					<string>allowiTunes</string>
 					<string>blacklistedAppBundleIDs</string>
@@ -244,6 +245,7 @@ The payload organization for a payload need not match the payload organization i
 					<string>allowLockScreenNotificationsView</string>
 					<string>allowLockScreenTodayView</string>
 					<string>allowMailPrivacyProtection</string>
+					<string>allowAutoDim</string>
 					<string>allowManagedToWriteUnmanagedContacts</string>
 					<string>allowNFC</string>
 					<string>allowNotificationsModification</string>
@@ -1015,14 +1017,26 @@ Additionally, if set to true and ScreenObservationPermissionModificationAllowed
 			<string>17.4</string>
 			<key>pfm_name</key>
 			<string>allowMarketplaceAppInstallation</string>
-			<key>pfm_platforms</key>
-			<array>
-				<string>iOS</string>
-			</array>
 			<key>pfm_supervised</key>
 			<true/>
 			<key>pfm_title</key>
-			<string>Allow App Installation from alternative marketplaces</string>
+			<string>Allow app installation from alternative marketplaces</string>
+			<key>pfm_type</key>
+			<string>boolean</string>
+		</dict>
+		<dict>
+			<key>pfm_default</key>
+			<true/>
+			<key>pfm_description</key>
+			<string>When 'false', the device prevents installation of apps directly from the web.</string>
+			<key>pfm_ios_min</key>
+			<string>17.5</string>
+			<key>pfm_name</key>
+			<string>allowWebDistributionAppInstallation</string>
+			<key>pfm_supervised</key>
+			<true/>
+			<key>pfm_title</key>
+			<string>Allow App Installation from web sites</string>
 			<key>pfm_type</key>
 			<string>boolean</string>
 		</dict>
@@ -2281,6 +2295,22 @@ Available on iOS 17 and later.</string>
 			<key>pfm_type</key>
 			<string>boolean</string>
 		</dict>
+		<dict>
+			<key>pfm_default</key>
+			<true/>
+			<key>pfm_description</key>
+			<string>If set to false, disables auto dim on iPads with OLED displays.</string>
+			<key>pfm_ios_min</key>
+			<string>17.4</string>
+			<key>pfm_name</key>
+			<string>allowAutoDim</string>
+			<key>pfm_supervised</key>
+			<true/>
+			<key>pfm_title</key>
+			<string>Allow Auto Dim</string>
+			<key>pfm_type</key>
+			<string>boolean</string>
+		</dict>
 		<dict>
 			<key>pfm_default</key>
 			<true/>
@@ -3062,6 +3092,6 @@ In iOS 10 and earlier, users can always pick an option that is more restrictive
 	<key>pfm_unique</key>
 	<true/>
 	<key>pfm_version</key>
-	<integer>10</integer>
+	<integer>11</integer>
 </dict>
 </plist>

Manifests/ManifestsApple/com.apple.eas.account.plist

@@ -15,7 +15,7 @@
 	<key>pfm_interaction</key>
 	<string>combined</string>
 	<key>pfm_last_modified</key>
-	<date>2024-01-30T15:23:48Z</date>
+	<date>2024-04-17T07:26:36Z</date>
 	<key>pfm_note</key>
 	<string>As with VPN and Wi-Fi configurations, it is possible to associate an SCEP credential with an Exchange configu- ration via the PayloadCertificateUUID key.</string>
 	<key>pfm_platforms</key>
@@ -153,7 +153,7 @@ Required in macOS or non-interactive installations (like MDM on iOS).</string>
 		</dict>
 		<dict>
 			<key>pfm_description</key>
-			<string>The email address for the account (e.g. "john@company.com).</string>
+			<string>The email address for the account (e.g. "john@company.com").</string>
 			<key>pfm_description_reference</key>
 			<string>Specifies the full email address for the account. If not present in the payload, the device prompts for this string during profile installation.
 In macOS, this key is required.</string>
@@ -780,8 +780,6 @@ Availability: Available only in iOS 6.0 and later.</string>
 			<string>Number of days to sync</string>
 			<key>pfm_type</key>
 			<string>integer</string>
-			<key>pfmx_comment</key>
-			<string>The No Limit option is only mentioned in https://support.apple.com/en-al/guide/deployment/depa9c22f8c/web. No value is given for it in the document, however a value of zero was provided by a user of the manifest who tested it to work.</string>
 		</dict>
 		<dict>
 			<key>pfm_description</key>