usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Profiles with multiple disabled Pref Panes keys not detected #221

New Issue
Closed
opened 2026-01-19 18:29:42 +00:00 by michael · 1 comment
michael commented 2026-01-19 18:29:42 +00:00
Owner
Copy Link

Originally created by @K1jaff on GitHub.

Summary

Detections items such as sysprefs_siri_prefpane_disable as not detected if they are included with other pref pane disables, this is because the grep command looks at the whole string which includes a , separator between values:

DisabledPreferencePanes com.apple.preferences.speech com.apple.preferences.wallet

=

DisabledPreferencePanes =

(

"com.apple.preferences.speech",

"com.apple.preferences.wallet"

);

Steps to reproduce

Implement Custom Jamf Profile to preference domain com.apple.systempreferences with multiple values

DisabledPreferencePanes com.apple.preferences.speech com.apple.preferences.wallet

Operating System version

macOS 12.6

What is the current bug behavior?

com.apple.preferences.speech is not detected but com.apple.preferences.wallet is detected.

What is the expected correct behavior?

All strings in the array are detected

Relevant logs and/or screenshots

```<key>sysprefs_siri_prefpane_disable</key>
<dict>
	<key>finding</key>
	<true/>
</dict>```

)```




### Possible fixes
``` result_value=$(/usr/bin/profiles -P -o stdout |  sed 's/,//g' | /usr/bin/grep -c 'com.apple.preferences.speech' | /usr/bin/awk '{ if ($1 >= 2) {print "1"} else {print "0"}}' 
)```
Originally created by @K1jaff on GitHub. ### Summary Detections items such as sysprefs_siri_prefpane_disable as not detected if they are included with other pref pane disables, this is because the grep command looks at the whole string which includes a , separator between values: <dict> <key>DisabledPreferencePanes</key> <array> <string>com.apple.preferences.speech</string> <string>com.apple.preferences.wallet</string> </array> </dict> = DisabledPreferencePanes = ( "com.apple.preferences.speech", "com.apple.preferences.wallet" ); ### Steps to reproduce Implement Custom Jamf Profile to preference domain com.apple.systempreferences with multiple values <dict> <key>DisabledPreferencePanes</key> <array> <string>com.apple.preferences.speech</string> <string>com.apple.preferences.wallet</string> </array> </dict> ### Operating System version macOS 12.6 ### What is the current *bug* behavior? com.apple.preferences.speech is not detected but com.apple.preferences.wallet is detected. ### What is the expected *correct* behavior? All strings in the array are detected ### Relevant logs and/or screenshots ```<key>sysprefs_siri_prefpane_disable</key> <dict> <key>finding</key> <true/> </dict>``` ```result_value=$(/usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'com.apple.preferences.speech' | /usr/bin/awk '{ if ($1 >= 2) {print "1"} else {print "0"}}' )``` ### Possible fixes ``` result_value=$(/usr/bin/profiles -P -o stdout | sed 's/,//g' | /usr/bin/grep -c 'com.apple.preferences.speech' | /usr/bin/awk '{ if ($1 >= 2) {print "1"} else {print "0"}}' )```
michael commented 2026-01-19 18:29:42 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

This is fixed in the OS branches. Please check out the Monterey branch

@robertgendler commented on GitHub: This is fixed in the OS branches. Please check out the `Monterey` branch
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#221
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?