xcode/iOS: support serial number collection via MDM on iOS (#11429)

Fixes tailscale/corp#18366. This PR provides serial number collection on iOS, by allowing system administrators to pass a `DeviceSerialNumber` MDM key which can be read by the `posture` package in Go. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
2024-06-14 10:59:40 -07:00
parent bd2a6d5386
commit e8ca30a5c7
4 changed files with 32 additions and 3 deletions
--- a/posture/serialnumber_ios.go
+++ b/posture/serialnumber_ios.go
@ -0,0 +1,25 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package posture
+
+import (
+	"fmt"
+
+	"tailscale.com/types/logger"
+	"tailscale.com/util/syspolicy"
+)
+
+// GetSerialNumbers returns the serial number of the iOS/tvOS device as reported by an
+// MDM solution. It requires configuration via the DeviceSerialNumber system policy.
+// This is the only way to gather serial numbers on iOS and tvOS.
+func GetSerialNumbers(_ logger.Logf) ([]string, error) {
+	s, err := syspolicy.GetString("DeviceSerialNumber", "")
+	if err != nil {
+		return nil, fmt.Errorf("failed to get serial number from MDM: %v", err)
+	}
+	if s != "" {
+		return []string{s}, nil
+	}
+	return nil, nil
+}