The NSExtension payload is designated by specifying com.apple.NSExtension as the PayloadType.
This payload specifies which NSExtensions are allowed or disallowed on a system. Extensions can be managed by bundleID in whitelists and blacklists or by a blacklist of extension points.
It is supported on macOS 10.13 and later.
In addition to the settings common to all payloads, this payload defines these keys:
Value: Optional. Array of extension identifiers for extensions that are allowed to run on the system.
Value: Optional. Array of extension identifiers for extensions that are not allowed to run on the system.
Value: Optional. Array of NSExtension extension points for extensions that are not allowed to run on the system.
If an array element within DeniedExtensionPoints is ”AllPublicExtensionPoints”, DeniedExtensionPoints will be filled with a list of extension points that the client considers to be ”public”. These are the extension points referenced in developer documentation and supported by the Xcode programming environment.
Expansion of ”AllPublicExtensionPoints” happens at evaluation time. The list of extension points may change from release to release.
This feature is intended as a way to specify ”Start with no extensions belonging to any public extension points enabled but then allow only extensions A, B, C to run”. Specifying ”AllPublicExtensionPoints” will disallow both Apple and third-party extensions within the ”public” extension points but will still allow extensions belonging to system-critical extension points to execute.