nstrauss · January 4, 2021 20:04
diff --git a/PPPC_KEXT_MDM.txt b/PPPC_KEXT_MDM.txt
 # Approved PPPC MDM overrides aggregated list
 /Library/Application Support/com.apple.TCC/MDMOverrides.plist

 # KEXT policies database
 sudo sqlite3 /private/var/db/SystemPolicyConfiguration/KextPolicy

 # Approved by MDM
 SELECT team_id, bundle_id, allowed FROM kext_policy_mdm;

 # Approved locally
 SELECT team_id, bundle_id, allowed FROM kext_policy;

 # Available table column names
 sqlite> PRAGMA table_info(kext_policy_mdm);
 0|team_id|TEXT|0||1
 1|bundle_id|TEXT|0||2
 2|allowed|BOOLEAN|0||0
 3|payload_uuid|TEXT|0||0

 sqlite> PRAGMA table_info(kext_policy);
 0|team_id|TEXT|0||1
 1|bundle_id|TEXT|0||2
 2|allowed|BOOLEAN|0||0
 3|developer_name|TEXT|0||0
 4|flags|INTEGER|0||0

 # View loaded third party kexts
 kextstat | grep -v com.apple # Catalina and earlier
 kmutil showloaded | grep -v com.apple # Big Sur and later

 # View TCC entries at DB location /Library/Application Support/com.apple.TCC/TCC.db. Requires Terminal with Full Disk Access.
 sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db
 select * from access;

 # Available table column names - rest of the tables returned with `.tables` were empty when tested
 sqlite> PRAGMA table_info(access);
 0|service|TEXT|1||1
 1|client|TEXT|1||2
 2|client_type|INTEGER|1||3
 3|allowed|INTEGER|1||0
 4|prompt_count|INTEGER|1||0
 5|csreq|BLOB|0||0
 6|policy_id|INTEGER|0||0
 7|indirect_object_identifier_type|INTEGER|0||0
 8|indirect_object_identifier|TEXT|0||4
 9|indirect_object_code_identity|BLOB|0||0
 10|flags|INTEGER|0||0
 11|last_modified|INTEGER|1|CAST(strftime('%s','now') AS INTEGER)|0
	# Approved PPPC MDM overrides aggregated list
	/Library/Application Support/com.apple.TCC/MDMOverrides.plist

	# KEXT policies database
	sudo sqlite3 /private/var/db/SystemPolicyConfiguration/KextPolicy

	# Approved by MDM
	SELECT team_id, bundle_id, allowed FROM kext_policy_mdm;

	# Approved locally
	SELECT team_id, bundle_id, allowed FROM kext_policy;

	# Available table column names
	sqlite> PRAGMA table_info(kext_policy_mdm);
	0\|team_id\|TEXT\|0\|\|1
	1\|bundle_id\|TEXT\|0\|\|2
	2\|allowed\|BOOLEAN\|0\|\|0
	3\|payload_uuid\|TEXT\|0\|\|0

	sqlite> PRAGMA table_info(kext_policy);
	0\|team_id\|TEXT\|0\|\|1
	1\|bundle_id\|TEXT\|0\|\|2
	2\|allowed\|BOOLEAN\|0\|\|0
	3\|developer_name\|TEXT\|0\|\|0
	4\|flags\|INTEGER\|0\|\|0

	# View loaded third party kexts
	kextstat \| grep -v com.apple # Catalina and earlier
	kmutil showloaded \| grep -v com.apple # Big Sur and later

	# View TCC entries at DB location /Library/Application Support/com.apple.TCC/TCC.db. Requires Terminal with Full Disk Access.
	sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db
	select * from access;

	# Available table column names - rest of the tables returned with `.tables` were empty when tested
	sqlite> PRAGMA table_info(access);
	0\|service\|TEXT\|1\|\|1
	1\|client\|TEXT\|1\|\|2
	2\|client_type\|INTEGER\|1\|\|3
	3\|allowed\|INTEGER\|1\|\|0
	4\|prompt_count\|INTEGER\|1\|\|0
	5\|csreq\|BLOB\|0\|\|0
	6\|policy_id\|INTEGER\|0\|\|0
	7\|indirect_object_identifier_type\|INTEGER\|0\|\|0
	8\|indirect_object_identifier\|TEXT\|0\|\|4
	9\|indirect_object_code_identity\|BLOB\|0\|\|0
	10\|flags\|INTEGER\|0\|\|0
	11\|last_modified\|INTEGER\|1\|CAST(strftime('%s','now') AS INTEGER)\|0