mirror of
https://github.com/fleetdm/fleet
synced 2026-05-01 10:27:35 +00:00
94aa81e42d
For #28343 Connects to #28343 Removing Apple MDM profile validation checks for com.apple.MCX keys (dontAllowFDEDisable and dontAllowFDEEnable) due to customer feedback. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
31 lines
1 KiB
Go
31 lines
1 KiB
Go
package mobileconfig
|
|
|
|
import "github.com/micromdm/plist"
|
|
|
|
type FDEFileVaultOptionsProfileContent struct {
|
|
PayloadContent []FDEFileVaultOptionsPayload `plist:"PayloadContent"`
|
|
}
|
|
type FDEFileVaultOptionsPayload struct {
|
|
PayloadType string `plist:"PayloadType"`
|
|
DestroyFVKeyOnStandby *bool `plist:"DestroyFVKeyOnStandby"`
|
|
}
|
|
|
|
// ContainsFDEFileVaultOptionsPayload returns true if the payload contains any FileVault options.
|
|
// https://developer.apple.com/documentation/devicemanagement/fdefilevaultoptions
|
|
// Fleet users are not allowed to upload such payloads because Fleet fully manages disk encryption (FileVault).
|
|
func ContainsFDEFileVaultOptionsPayload(contents []byte) (bool, error) {
|
|
if len(contents) == 0 {
|
|
return false, nil
|
|
}
|
|
var prof FDEFileVaultOptionsProfileContent
|
|
err := plist.Unmarshal(contents, &prof)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
for _, p := range prof.PayloadContent {
|
|
if p.PayloadType == FleetCustomSettingsPayloadType && p.DestroyFVKeyOnStandby != nil {
|
|
return true, nil
|
|
}
|
|
}
|
|
return false, nil
|
|
}
|