Skip to content

[feature/confidential-configurability] Option to exempt actions from auto-disallow #1489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[feature/confidential-configurability] Option to exempt actions from auto-disallow #1489

wants to merge 4 commits into from

Conversation

felix-schwarz
Copy link
Contributor

Description

Adds a new MDM option confidential.exempted-actions to exempt one or more actions from being automatically disallowed when enabling Confidential Protection.

Example to allow the open in action:

<key>confidential.exempted-actions</key>
<array>
	<string>com.owncloud.action.openin</string>
</array>

Related Issue

https://github.com/owncloud/enterprise/issues/7296

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

felix-schwarz and others added 2 commits August 25, 2025 18:36
@felix-schwarz
- ConfidentialManager:
4694d34 
	- add new class method to return the array of actions automatically disallowed when confidential protection is turned on
	- add new exempted actions setting (OCClassSettingsKeyConfidentialExemptedActions)
	- adapt disallowedActions to remove exempt actions, thereby allowing them
	- .h: fix ObjC property definitions
	- replace calls to ConfidentialManager with self where favorable
	- classSettingsMetadata: replace strings with symbols
	- .. and other code and style improvements
- doc/CONFIGURATION.json: run automatic MDM documentation re-creation after addition of new options
@felix-schwarz @github-actions
Configuration documentation updated
00dd35b
@felix-schwarz felix-schwarz self-assigned this Aug 25, 2025
@felix-schwarz felix-schwarz requested review from hosy and jesmrec August 25, 2025 16:52
@jesmrec
Copy link
Contributor

jesmrec commented Sep 12, 2025
edited
Loading

QA checks

Based in the plist published in https://github.com/owncloud/enterprise/issues/7296#issuecomment-3279484072

  • No confidential.exempted-actions block
  • confidential.exempted-actions block
    • With no entries
    • With <string>com.owncloud.action.openin</string> entry
    • <string>com.owncloud.action.openin</string> and <string>com.owncloud.action.copy</string> entries
    • With more entries (check which ones)

@jesmrec
Copy link
Contributor

jesmrec commented Sep 12, 2025
edited
Loading

(1)

NOTE: Don't check it yet... i realised that Cut operation is banned in the tested Branding.plist

The action <string>com.owncloud.action.cutpasteboard</string> does not seem to work. I've tested different actions to be exempted:

<string>com.owncloud.action.openin</string>
<string>com.owncloud.action.markup</string>
<string>com.owncloud.action.copy</string>
<string>com.owncloud.action.cutpasteboard</string>

cutpasteboard is the only one that does not work individually. That's probably not related with the work done here, but, adding the following snippet to the Branding.plist file:

<key>confidential.exempted-actions</key>
<array>
         <string>com.owncloud.action.openin</string>
         <string>com.owncloud.action.markup</string>
         <string>com.owncloud.action.copy</string>
         <string>com.owncloud.action.cutpasteboard</string>
</array>

the exemptions are not applied together. If i remove the cutpasteboard from the array:

<key>confidential.exempted-actions</key>
<array>
         <string>com.owncloud.action.openin</string>
         <string>com.owncloud.action.markup</string>
         <string>com.owncloud.action.copy</string>
</array>

those three are applied ✅ . So, something about cutpasteboard is not correct somewhere.

@felix-schwarz could you take a look?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Matthias-Huehne-Kiteworks Matthias-Huehne-Kiteworks Matthias-Huehne-Kiteworks approved these changes

@hosy hosy Awaiting requested review from hosy

@jesmrec jesmrec Awaiting requested review from jesmrec

At least 2 approving reviews are required to merge this pull request.

Assignees

@felix-schwarz felix-schwarz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@felix-schwarz @jesmrec @Matthias-Huehne-Kiteworks @DeepDiver1975