Code Requirements for macOS PPPC profiles

When deploying Coro to macOS endpoint devices through a mass-deployment solution, administrators can remotely manage automatic approval for app permissions on target devices. This enables silent deployment across many devices and avoids users having to manually approve permissions for the Coro app to function.

Coro provides guides dedicated to deployment through several common tools, such as Jamf Pro and Microsoft Intune. For more general use, this article provides the Code Requirements needed for creating profiles delivered to devices through Privacy Preference Policy Control (PPPC).

note

Deployment tools and solutions might vary in how profiles are configured and implemented. Refer to the documentation for your solution to see how to implement PPPC in your scenario.

An administrator typically requires the following pieces of data to set up a permissions profile through PPPC:

  • Team ID
  • Bundle ID
  • Code Requirement

Coro's Team ID is E3P52EVK39.

Use the following Code Requirement for each Bundle ID to silently approve required app permissions when deploying Coro to your devices:

  • Bundle ID: net.coro.endsec.Coro :
    Copy
    Copied
    anchor apple generic and identifier "net.coro.endsec.Coro" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
  • Bundle ID: net.coro.endsec.CoroService :
    Copy
    Copied
    anchor apple generic and identifier "net.coro.endsec.CoroService" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
  • Bundle ID: net.coro.endsec.TrafficService :
    Copy
    Copied
    anchor apple generic and identifier "net.coro.endsec.TrafficService" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)

Displaying the code used by the Coro app on an installed device

To view the code used by the Coro app bundles on an installed macOS device, execute the following commands in the Terminal app:

Important

Execute these commands only on devices that have Coro installed with all the requirements already approved.

Copy
Copied
codesign -dv /Applications/Coro\ Endpoint\ Protection.app
Copy
Copied
codesign -dr - /Applications/Coro\ Endpoint\ Protection.app
Copy
Copied
codesign -dr - /Applications/Coro\ Endpoint\ Protection.app/Contents/Library/SystemExtensions/net.coro.endsec.CoroService.systemextension
Copy
Copied
codesign -dr - /Applications/Coro\ Endpoint\ Protection.app/Contents/Library/SystemExtensions/net.coro.endsec.TrafficService.systemextension