DigiDNA minor release updates (#588)

* 2022-12 platforms minor version release updates * Changed as the original yaml from Apple but both pfm_description, pfm_description_reference and pfm_note should be controlled * Changed last modified and fixed minors errors such as 2 dots, etc. * Date correction * * Added: pfm_title key at line 359 and value at line 360 * * Added: pfm_platforms key value for macOS * Changed: pfm_last_modified date * Platforms sorted * Added back Domains detail lost in merge --------- Co-authored-by: Ari Leviatan <relgit@users.noreply.github.com> Co-authored-by: Yann BERNARD <DigiYann@users.noreply.github.com>
ProfileCreator · Aug 8, 2023 · dc25ddb · dc25ddb
1 parent f706a02
commit dc25ddb
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 33 deletions.
diff --git a/Manifests/ManifestsApple/com.apple.domains.plist b/Manifests/ManifestsApple/com.apple.domains.plist
@@ -13,7 +13,7 @@
 	<key>pfm_interaction</key>
 	<string>combined</string>
 	<key>pfm_last_modified</key>
-	<date>2023-02-27T08:57:44Z</date>
+	<date>2023-04-18T11:14:46Z</date>
 	<key>pfm_platforms</key>
 	<array>
 		<string>iOS</string>
@@ -161,16 +161,16 @@ The payload organization for a payload need not match the payload organization i
 		<dict>
 			<key>pfm_description</key>
 			<string>Downloads from Safari will be considered managed documents if they originate from a managed domain.</string>
-			<key>pfm_description_reference</key>
-			<string>Optional. An array of URL strings. URLs matching the patterns listed here will be considered managed. Not supported in macOS.</string>
 			<key>pfm_description_extended</key>
 			<string>Any email address that does not have a suffix that matches one of the unmarked email domains specified by the key EmailDomains will be considered out-of-domain and will be highlighted as such in the Mail app.</string>
+			<key>pfm_description_reference</key>
+			<string>Optional. An array of URL strings. URLs matching the patterns listed here will be considered managed. Not supported in macOS.</string>
+			<key>pfm_name</key>
+			<string>WebDomains</string>
 			<key>pfm_platforms</key>
 			<array>
 				<string>iOS</string>
 			</array>
-			<key>pfm_name</key>
-			<string>WebDomains</string>
 			<key>pfm_subkeys</key>
 			<array>
 				<dict>
@@ -194,18 +194,6 @@ The payload organization for a payload need not match the payload organization i
 		<dict>
 			<key>pfm_description</key>
 			<string>User names and passwords entered in websites with Safari can be saved if the domain is listed.</string>
-			<key>pfm_description_reference</key>
-			<string>Optional. An array of URL strings. Supported in iOS 9.3 and later; not supported in macOS. Users can save passwords in Safari only from URLs matching the patterns listed here. Regardless of the iCloud account that the user is using, if the device is not supervised, there can be no whitelist. If the device is supervised, there may be a whitelist, but if there is still no whitelist, note these two cases:
-• IfthedeviceisconfiguredasSharediPad, no password can be saved.
-• IfthedeviceisnotconfiguredasShared iPad, all passwords can be saved.</string>
-			<key>pfm_ios_min</key>
-			<string>9.3</string>
-			<key>pfm_platforms</key>
-			<array>
-				<string>iOS</string>
-			</array>
-			<key>pfm_name</key>
-			<string>SafariPasswordAutoFillDomains</string>
 			<key>pfm_description_extended</key>
 			<string>Opening a document originating from a managed Safari web domain causes iOS to treat the document as managed for the purpose of Managed Open In.
 				
@@ -224,6 +212,18 @@ Trailing slashes will be ignored.
 If a ManagedWebDomain string entry contains a port number, only addresses that specify that port number will be considered managed. Otherwise, the domain will be matched without regard to the port number specified. For example, the pattern *.apple.com:8080 will match http://site.apple.com:8080/page.html but not http://site.apple.com/page.html, while the pattern *.apple.com will match both URLs.
 Managed Safari Web Domain definitions are cumulative. Patterns defined by all Managed Web Domains payloads will be used to match a URL request.
 SafariPasswordAutoFillDomains definitions are cumulative. Patterns defined by all SafariPasswordAutoFillDomains payloads will be used to determine if passwords can be stored for a given URL.</string>
+			<key>pfm_description_reference</key>
+			<string>Optional. An array of URL strings. Supported in iOS 9.3 and later; not supported in macOS. Users can save passwords in Safari only from URLs matching the patterns listed here. Regardless of the iCloud account that the user is using, if the device is not supervised, there can be no whitelist. If the device is supervised, there may be a whitelist, but if there is still no whitelist, note these two cases:
+• IfthedeviceisconfiguredasSharediPad, no password can be saved.
+• IfthedeviceisnotconfiguredasShared iPad, all passwords can be saved.</string>
+			<key>pfm_ios_min</key>
+			<string>9.3</string>
+			<key>pfm_name</key>
+			<string>SafariPasswordAutoFillDomains</string>
+			<key>pfm_platforms</key>
+			<array>
+				<string>iOS</string>
+			</array>
 			<key>pfm_subkeys</key>
 			<array>
 				<dict>
@@ -271,6 +271,8 @@ SafariPasswordAutoFillDomains definitions are cumulative. Patterns defined by al
 			<key>pfm_subkeys</key>
 			<array>
 				<dict>
+					<key>pfm_name</key>
+					<string>CrossSiteTrackingPreventionRelaxedDomainItemM</string>
 					<key>pfm_title</key>
 					<string>Domain</string>
 					<key>pfm_type</key>

diff --git a/Manifests/ManifestsApple/com.apple.security.acme.plist b/Manifests/ManifestsApple/com.apple.security.acme.plist
@@ -13,10 +13,13 @@
 	<key>pfm_ios_min</key>
 	<string>16.0</string>
 	<key>pfm_last_modified</key>
-	<date>2022-09-06T09:11:27Z</date>
+	<date>2023-04-18T11:08:07Z</date>
+	<key>pfm_macos_min</key>
+	<string>13.1</string>
 	<key>pfm_platforms</key>
 	<array>
 		<string>iOS</string>
+		<string>macOS</string>
 		<string>tvOS</string>
 	</array>
 	<key>pfm_subkeys</key>
@@ -154,6 +157,8 @@
 			<string>The valid values for 'KeySize' depend on the values of 'KeyType' and 'HardwareBound'. See those keys for specific requirements.</string>
 			<key>pfm_name</key>
 			<string>KeySize</string>
+			<key>pfm_note</key>
+			<string>On macOS, this key is required but must have a value of 'false'.</string>
 			<key>pfm_require</key>
 			<string>always</string>
 			<key>pfm_title</key>
@@ -341,6 +346,38 @@ When 'Attest' is 'true', 'HardwareBound' must also be 'true'.</string>
 			<key>pfm_type</key>
 			<string>boolean</string>
 		</dict>
+		<dict>
+			<key>pfm_default</key>
+			<true/>
+			<key>pfm_description</key>
+			<string>Whether the private key of the identity obtained via SCEP should be tagged as "non-extractable" in the keychain.</string>
+			<key>pfm_name</key>
+			<string>KeyIsExtractable</string>
+			<key>pfm_platforms</key>
+			<array>
+				<string>macOS</string>
+			</array>
+			<key>pfm_title</key>
+			<string>Key Is Extractable</string>
+			<key>pfm_type</key>
+			<string>boolean</string>
+		</dict>
+		<dict>
+			<key>pfm_default</key>
+			<true/>
+			<key>pfm_description</key>
+			<string>If true, all apps have access to the private key.</string>
+			<key>pfm_name</key>
+			<string>AllowAllAppsAccess</string>
+			<key>pfm_platforms</key>
+			<array>
+				<string>macOS</string>
+			</array>
+			<key>pfm_title</key>
+			<string>Allow All Apps Access</string>
+			<key>pfm_type</key>
+			<string>boolean</string>
+		</dict>
 	</array>
 	<key>pfm_targets</key>
 	<array>
@@ -353,6 +390,6 @@ When 'Attest' is 'true', 'HardwareBound' must also be 'true'.</string>
 	<key>pfm_unique</key>
 	<false/>
 	<key>pfm_version</key>
-	<integer>1</integer>
+	<integer>2</integer>
 </dict>
 </plist>
diff --git a/Manifests/ManifestsApple/com.apple.servicemanagement.plist b/Manifests/ManifestsApple/com.apple.servicemanagement.plist
@@ -11,7 +11,7 @@
 	<key>pfm_format_version</key>
 	<integer>1</integer>
 	<key>pfm_last_modified</key>
-	<date>2022-11-04T02:07:23Z</date>
+	<date>2022-12-14T02:29:57Z</date>
 	<key>pfm_macos_min</key>
 	<string>13.0</string>
 	<key>pfm_platforms</key>
@@ -184,6 +184,16 @@
 							<key>pfm_type</key>
 							<string>string</string>
 						</dict>
+						<dict>
+							<key>pfm_description</key>
+							<string>An additional constraint to limit the scope of the rule that is tested after matching the RuleType/RuleValue.</string>
+							<key>pfm_name</key>
+							<string>TeamIdentifier</string>
+							<key>pfm_title</key>
+							<string>Team Identifier</string>
+							<key>pfm_type</key>
+							<string>string</string>
+						</dict>
 					</array>
 					<key>pfm_title</key>
 					<string>Rule</string>
@@ -206,6 +216,6 @@
 	<key>pfm_unique</key>
 	<true/>
 	<key>pfm_version</key>
-	<integer>1</integer>
+	<integer>2</integer>
 </dict>
 </plist>
diff --git a/Manifests/ManifestsApple/com.apple.webcontent-filter.plist b/Manifests/ManifestsApple/com.apple.webcontent-filter.plist
@@ -255,7 +255,7 @@ The search algorithm is complex and may vary from release to release, but it is
 			<key>pfm_default</key>
 			<false/>
 			<key>pfm_description_reference</key>
-			<string>If true, enables the filtering of WebKit traffic.</string>
+			<string>If 'true', enables the filtering of WebKit traffic. Either 'FilterBrowsers or 'FilterSockets' must be 'true'.</string>
 			<key>pfm_exclude</key>
 			<array>
 				<dict>
@@ -777,7 +777,7 @@ The search algorithm is complex and may vary from release to release, but it is
 			<key>pfm_default</key>
 			<false/>
 			<key>pfm_description_reference</key>
-			<string>If true, enables the filtering of socket traffic.</string>
+			<string>If 'true', enables the filtering of socket traffic. Either 'FilterBrowsers' or 'FilterSockets' must be 'true'.</string>
 			<key>pfm_exclude</key>
 			<array>
 				<dict>
@@ -825,9 +825,7 @@ The search algorithm is complex and may vary from release to release, but it is
 			<key>pfm_description</key>
 			<string>The bundle identifier string of the Filter Data Provider System Extension. This string identifies the Filter Data Provider when the filter starts running.</string>
 			<key>pfm_description_reference</key>
-			<string>The bundle identifier string of the Filter Data Provider System Extension. This string identifies the Filter Data Provider when the filter starts running. This field is required if FilterSockets is set to 1.
-
-Available in macOS 10.15 and later.</string>
+			<string>The bundle identifier string of the Filter Data Provider System Extension. This string identifies the Filter Data Provider when the filter starts running.</string>
 			<key>pfm_exclude</key>
 			<array>
 				<dict>
@@ -933,13 +931,7 @@ Available in macOS 10.15 and later.</string>
 			<key>pfm_description</key>
 			<string></string>
 			<key>pfm_description_reference</key>
-			<string>If set to 1, enables the filtering of network packets.
-
-Either FilterPackets or FilterSockets must be true for the filter to have any effect.
-
-Can be used when FilterType is Plugin.
-
-Available in macOS 10.15 and later.</string>
+			<string> If this value is 'true', the property enables the filtering of network packets. Either 'FilterPackets' or 'FilterSockets' must be 'true'. You can only use this when 'FilterType' is 'Plugin'.</string>
 			<key>pfm_exclude</key>
 			<array>
 				<dict>