Skip to content

Manifest Format

Jump to bottom Edit New page
Ari Leviatan edited this page Oct 19, 2023 · 60 revisions

Index

Manifest Format

The payload manifest files are using Apple's Preference Manifest format to describe the payloads and their keys.

The following keys from the Preference Manifest format are used for the payload manifest files.

Key Type Payload Key Description
pfm_conditionals Array of Dictionaries False True Indicates the conditions whether this key should be required.
See: Conditions.
pfm_default Any False True The key's default value.
Important: Must be the same type as the key's pfm_type.
pfm_description String Required True Description of the key or payload.
pfm_domain String Required False Domain of the payload, will be set as the PayloadType.
pfm_exclude Array of Dictionaries False True Indicates the conditions whether this key should be included in the payload.
See: Conditions.
pfm_format String False True A regular expression that the value must match.
pfm_format_version Integer Required False The preference manifest format version.
pfm_name String False Required1 The name of the key.
pfm_repetition_max Integer False True The maximum number of items allowed in an array.
pfm_repetition_min Integer False True The minimum number of items allowed in an array.
pfm_require String False True Indicates whether this key is required to be present in the payload.

Supported values:
  • always = The key is always required
  • always-nested = The key is always required even if it is in a nested dictionary. (Format 2)
  • push = The key is only required when installed via an MDM.
    		•
    pfm_required Boolean False True Indicates whether this key is required to be present in the payload. If set to true it's equal to pfm_require=always.
    pfm_range_list Array of Any False True An array of legal values for this key.
    Important: The array must be the same type as the key's pfm_type.
    pfm_range_max Integer or Float False True The maximum value for this key.
    Important: Must be the same type as the key's pfm_type.
    pfm_range_min Integer or Float False True The minimum value for this key.
    Important: Must be the same type as the key's pfm_type.
    pfm_subkeys Array of Dictionaries True True This key describes keys nested under the current key.
    pfm_targets Array of Strings True True The scope where the key or payload is valid.

    Supported values:
  • user
  • user-managed
  • system
  • system-managed.

    Default value is: user.
    		•
    pfm_title String Required True The title of the key or payload.
    pfm_type String False Required The data type of the value for this key.
    pfm_version Integer Required False Version of the manifest file.

    1 Required on all keys except for keys which are immediate subkeys of an array.

    Conditions

    The pfm_conditionals key must contain a dictionary with the following key-value pairs:

    Key Type Required Description
    pfm_target_conditions Array of Dictionaries True Specifies conditions that this key has a dependency with.
    pfm_require String False Specifies how the key will be required if the conditions are met. Supported values: always or push.

    The pfm_target_conditions key must contain an array of dictionaries with the following key-value pairs:

    Key Type Required Description
    pfm_contains_any Array of Any False Evaluates whether the target key value is set to any value from this key.
    Important: The array must be the same type as the target key's pfm_type.
    pfm_n_contains_any Array of Any False Evaluates whether the target key value is NOT set to any value from this key.
    Important: The array must be the same type as the target key's pfm_type.
    pfm_n_range_list Array of Any False Evaluates whether the target key value does NOT match the value of this key.
    Important: The array must be the same type as the target key's pfm_type.
    pfm_present Boolean False Evaluates whether the target key exists in the exported payload.
    pfm_range_list Array of Any False Evaluates whether the target key value matches the value of this key.
    Important: The array must be the same type as the target key's pfm_type.
    pfm_target String True The target key to evaluate. For nested keys, the key names can be separated by a dot "."
    pfm_value_empty Boolean True Evaluates whether the target key has an empty value in the exported payload.

    For examples, see: Example Conditions

    Extended Manifest Format

    The following keys are used to extend the manifest format to describe settings and situations not covered by the original set of keys.

    Key Type Payload Key Description
    pfm_allowed_file_types Array of Strings False True File extensions or UTIs allowed when using a file as value for a Data key.
    pfm_app_deprecated String False True Version of the Application that started deprecating the key or payload.
    pfm_app_max String False True The last version of the Application that supported the key or payload.
    pfm_app_min String False True Version of the Application that started supporting the key or payload.
    pfm_app_url String True False URL to the Application homepage.
    pfm_default_copy String False True KeyPath to another key which value to copy as the default for this key. More info.
    pfm_date_allow_past Boolean False True ProfileCreator: If set to true this key will allow the date picker to select dates in the past.
    pfm_date_style String False True ProfileCreator: This key can be used to alter the style of the date picker.
    Supported values: dateAndTime or time.

    If no value is set, dateAndTime is used.
    pfm_description_extended String False True An extended and more descriptive text used to for example clarify ambiguous behaviour or add more context.
    pfm_description_reference String False True The exact description string from the documentation.
    pfm_documentation_url String True True URL to additional documentation for the key or payload.
    pfm_enabled Boolean False True If the key should be included in the payload content by default.
    pfm_excluded Boolean False True If the key should be excluded from the exported payload.
    pfm_hidden String False True If the key or container should be hidden from the user by default.
    Supported values: all or container
    pfm_icon Data True False Bsse64 encoded data of an image resource that is 64x64 pixels.
    pfm_interaction String Required False How payload settings will interact when multiple payloads of the same type are installed on a device.
    Supported values:

  • combined
  • exclusive
  • undefined

    Apple Documentation
    • pfm_ios_deprecated String True True Version of iOS that started deprecating the key or payload.
    pfm_ios_max String True True Version of iOS that stopped supporting the key or payload.
    pfm_ios_min String True True Version of iOS that started supporting the key or payload.
    pfm_last_modified Date Required False Date the manifest was last modified.
    pfm_macos_deprecated String True True Version of macOS that started deprecating the key or payload.
    pfm_macos_max String True True Version of macOS that stopped supporting the key or payload.
    pfm_macos_min String True True Version of macOS that started supporting the key or payload.
    pfm_note String True True A note to emphasize or bring something specific to the user's attention about the key.
    pfm_n_platforms Array of Strings False True Platforms that don't support the key or payload.
    pfm_platforms Array of Strings Required True Platforms that support the key or payload.
    pfm_range_list_allow_custom_value Boolean False True ProfileCreator: Will allow the user to either select a value from a popUp list or enter a custom value.

    Note: This key is ignored if pfm_type_inputis set.
    pfm_range_list_titles Array of Strings False True Titles matching the values in the pfm_range_list key.

    Important: If this key is used together with pfm_range_list it must contain equal number of items.

    ProfileCreator: This key can be used to show a radio button to represent a boolean value if the following is true:

  • The key pfm_type is set to boolean
  • No pfm_range_list is set.
  • This key contains exactly 2 values.
    		•
    pfm_segments Dictionary False True ProfileCreator: This key can be used show a segmented control.

  • The keys in the dictionary will be set as the segment titles.
  • The value is an array of strings where each string is the KeyPath for each key to show under the selected segment.
    		•
    pfm_sensitive Boolean False True Indication that the value for this key might be sensitive and that encrypting the profile might be neccessary to protect the value.
    pfm_subdomain String True False Identifier used to allow a payload domain (pfm_domain) to be split in multiple files.

    If this is not set, multiple files with the same domain will be read as duplicates and overwrite each other.

    Useful for domains that have multiple uses like com.apple.MCX and .GlobalPreferences. See Subdomains.
    pfm_substitution_variables Dict True True Dictionary where the keys are available substitution variables and their value is a Substitution Variables Dictionary.
    pfm_supervised Boolean True True Requires the device to be supervised for this key or payload to work.
    Note: Supervision is not available on macOS, see pfm_user_approved.
    pfm_type_input String False True ProfileCreator: The data type of the input value for this key.

    This is used when it makes sense for the user to input another value type than the pfm_type specifies. Example.

    See also: pfm_value_processor.
    pfm_tvos_deprecated String True True Version of tvOS that started deprecating the key or payload.
    pfm_tvos_max String True True Version of tvOS that stopped supporting the key or payload.
    pfm_tvos_min String True True Version of tvOS that started supporting the key or payload.
    pfm_unique Boolean Required False Indicates if multiple payloads of this type can be installed on a device. true = one payload; false = multiple payloads
    pfm_user_approved Boolean True True Requires the device to be user approved, or enrolled using DEP for this key or payload to work.
    pfm_value_copy String False True KeyPath to another key which value to copy as the value for this key.

    ProfileCreator: This will disable user input for this key.
    pfm_value_decimal_places Integer False True Only available for pfm_type: float.

    Number of decimal places to be used when setting and exporting the value.
    pfm_value_inverted Boolean False True Only available for pfm_type: boolean.

    Indicates that the user entered value should be inverted.

    This key is used when the pfm_title or pfm_description is worded in such a way that the value must be inverted to work as expected for the key.
    pfm_value_import_processor String False True ProfileCreator: Name of the value import processor to use when converting an item dropped on the cellview to valid settings.

    Note: This enables drag n drop for cellviews that doesn't normally use it.

    See also: pfm_allowed_file_types
    pfm_value_info_processor String False True ProfileCreator: Name of the value info processor to use when displaying the information for a Data value.
    pfm_value_placeholder Any False True Placeholder value for the key. Placeholder value is never included in the exported payload, it's only used to show an example value. If pfm_default is used for a preference, this will override any value supplied by pfm_value_placeholder. As such, this key should only be used when a pfm_default value is not defined.
    pfm_value_processor String False True ProfileCreator: Name of the value processor to use when converting a user entered value to the exported value.
    pfm_value_unique Boolean False True ProfileCreator: When used in a payload subkey that has pfm_type or pfm_type_input set to array, the items in the array must be unique. This key should be used as part of the pfm_subkeys, not the array preference itself.
    pfm_value_unit String False True Unit that the value represents. Example: milliseconds, hours, characters etc.
    pfm_view String False True ProfileCreator: The view used to represent the payload key.

    These are the supported view override values:

  • slider

    • Note: This key is not needed for most payload keys and should not be included unless you need to change the default view.
    pfmx_comment String True True Author comments about the manifest and its preferences. Not intended for user-facing content. Introduced to replace conventional XML comments as they do not persist under plist automation tools.

    Substitution Variables Dictionary

    The pfm_substitution_variables dictionary key-values:

    Key Type Required Description
    pfm_description String False Description of the substitution value.
    pfm_value_placeholder String False Example substition value for the substitution variable.
    pfm_substitution_source String False Source of the substitution value.

    Supported values: local or mdm.

    Extended Conditions

    The pfm_target_conditions array of dictionaries is extended with the following key-value pairs:

    Key Type Required Description
    pfm_domain String False The domain for the target key to evaluate. If not set, the payload domain is used.

    Example Conditions & Exclusions

    1. This condition sets the key to always be required when exported for macOS.
    <key>pfm_conditionals</key>
<array>
    <dict>
        <key>pfm_require</key>
        <string>always</string>
        <key>pfm_target_conditions</key>
        <array>
            <dict>
                <key>pfm_platforms</key>
                <array>
                    <string>macOS</string>
                </array>
            </dict>
        </array>
    </dict>
</array>
    1. This condition sets the key to be required when delivered by an MDM when the key VPNType has value: VPN.
    <key>pfm_conditionals</key>
<array>
    <dict>
        <key>pfm_require</key>
        <string>push</string>
        <key>pfm_target_conditions</key>
        <array>
            <dict>
                <key>pfm_target</key>
                <string>VPNType</string>
                <key>pfm_range_list</key>
                <array>
                    <string>VPN</string>
                </array>
            </dict>
        </array>
    </dict>
</array>
    1. This condition sets the key always to be required when the key BurnSupport of domain com.apple.DiscRecording has value: off or authenticate .
    <key>pfm_conditionals</key>
<array>
    <dict>
        <key>pfm_require</key>
        <string>always</string>
        <key>pfm_target_conditions</key>
        <array>
            <dict>
                <key>pfm_domain</key>
                <string>com.apple.DiscRecording</string>
                <key>pfm_target</key>
                <string>BurnSupport</string>
                <key>pfm_contains_any</key>
                <array>
                    <string>off</string>
                    <string>authenticate</string>
                </array>
            </dict>
        </array>
    </dict>
</array>
    1. This condition sets the key always to be required when the key AcceptEAPTypes contained within the EAPClientConfiguration dictionary has value: 21.
    <key>pfm_conditionals</key>
<array>
    <dict>
        <key>pfm_require</key>
        <string>always</string>
        <key>pfm_target_conditions</key>
        <array>
            <dict>
                <key>pfm_contains_any</key>
                <array>
                    <integer>21</integer>
                </array>
                <key>pfm_target</key>
                <string>EAPClientConfiguration.AcceptEAPTypes</string>
            </dict>
        </array>
    </dict>
</array>
    1. This exclusion will leave the associated key out of the profile if key IsHotspot is set to false AND key PFC_InterfaceSelector does not have value: Hotspot2.
    <key>pfm_exclude</key>
<array>
    <dict>
        <key>pfm_target_conditions</key>
        <array>
            <dict>
                <key>pfm_range_list</key>
                <array>
                    <false/>
                </array>
                <key>pfm_target</key>
                <string>IsHotspot</string>
            </dict>
            <dict>
                <key>pfm_n_range_list</key>
                <array>
                    <string>Hotspot2</string>
                </array>
                <key>pfm_target</key>
                <string>PFC_InterfaceSelector</string>
            </dict>
        </array>
    </dict>
</array>

    More Info About Manifest Preferences

    pfm_default_copy

    This key was added to support copying a value from a key in another payload. This is most helpful & applicable with keys in payloads which depend on unique identifiers (UUIDs) for identity and certificate payloads.

    This was introduced in the Mail and Exchange payloads such that when an identification payload is added to a profile which already has an Exchange or Mail payload the necessary UUID value is automatically copied.

    Table Reference Guide

    This is a description of the table columns in the manifest format tables.

    Key
    String used as the key in the manifest.

    Type
    Value type for the key.

    Payload
    If the key is supported on the payload level.

    False    Not supported at the payload level.  
True     Supported at the payload level.  
Required Required at the payload level.

    Key
    If the key is supported on the key level.

    False    Not supported at the key level.  
True     Supported at the key level.  
Required Required at the key level.
    Add a custom footer

    Creating Manifests

    Updating Manifests

    Reference

    ProfileCreator GUI

    Clone this wiki locally