I've been discussing/harassing folks across Slack about SystemPolicyAppBundles, and have a case which Munki can hit (with thanks for Patrick and others for assisting discover).
- Be signed, notarised and have hardened runtime enabled (in some manner, struggled to recreate this with our own apps so far which have all 3).
- The app needs to have been launched at least once.
To update, you need to:
- Have a Distribution pkg (not component as munki-pkg creates), and this can either be unsigned or signed with a different identifier than the app you're looking to update.
If the above is all true, and you try to update the item from Munki, it'll fail at %97.750000.
Additionally, using the same PKG within Installer.app will prompt to allow Installer.app access to modify applications.
So far, the latest Google Chrome can trigger this.
In attempting to resolve, I granted Munki Full Disk Access via a PPPCP (we sign Munki). But this did not work.
Instead, I had to grant /usr/sbin/installer Full Disk Access (as path, with the requirement: identifier "com.apple.installer" and anchor apple and with "Validate static content" checked). This might be due to how munki is laid out on disk, vs a .app.
Now the above isn't great, but isn't the great big gaping security hole it might seem. As invoking /usr/sbin/installer via Terminal (for example), requires/prompts for SystemPolicyAppBundles enablement.
The discovery was made on beta 11, but might well have been in place prior., This was tested by myself on an Intel and a Silicon device. As well as tested by Patrick separately.
It is bizarre that this is only triggered via Distribution pkg's and not Component (other pkg types might trigger this too).