The payload that configures the system policy.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
Requirement Requirement The policy requirement. This key must follow the syntax described in [Code Signing Requirement Language](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/RequirementLang/RequirementLang.html#//apple_ref/doc/uid/TP40005929-CH5). | string | optional | — | ✓Yes | macOS (10.8+) |
Comment Comment This string appears in the System Policy UI. If it's missing, `PayloadDisplayName` or `PayloadDescription` is entered into this field before the rule is added to the System Policy database. | string | optional | — | ✓Yes | macOS (10.8+) |
Priority Priority The rule's priority. | real | optional | — | ✓Yes | macOS (10.8+) |
Expiration Expiration The expiration date for rules being processed. | date | optional | — | ✓Yes | macOS (10.8+) |
OperationType OperationType The type of operation. | string | optional | operation:execute | ✓Yes | macOS (10.8+) |
LeafCertificate LeafCertificate The single leaf certificate for the app that is in the allow list. | data | optional | — | ✓Yes | macOS (10.8+) |
