feat(apple): Apply MDM changes to Configuration (#9169)

When the MDM installs a configuration payload to `dev.firezone.firezone.network-extension`, the tunnel service will now be notified of a change to its `managedDict`, applying the configuration and updating `packetTunnelProvider`'s local copy so that it'll be returned on the next configuration fetch from the UI. Related: #4505
2026-01-27 18:18:55 +00:00 · 2025-05-16 15:00:16 -07:00
parent f07aa8aa3a
commit f138d86494
2 changed files with 18 additions and 4 deletions
--- a/swift/apple/FirezoneNetworkExtension/ConfigurationManager.swift
+++ b/swift/apple/FirezoneNetworkExtension/ConfigurationManager.swift
@@ -21,16 +21,26 @@ class ConfigurationManager {
  // can cause deadlocks in rare cases.
  private var userDict: [String: Any?]

-  private var managedDict: [String: Any?] {
-    userDefaults.dictionary(forKey: managedDictKey) ?? [:]
-  }
+  private var managedDict: [String: Any?]

  private init() {
    userDefaults = UserDefaults.standard
    userDict = userDefaults.dictionary(forKey: userDictKey) ?? [:]
+    managedDict = userDefaults.dictionary(forKey: managedDictKey) ?? [:]

    migrateFirezoneId()
    Telemetry.firezoneId = userDict[Configuration.Keys.firezoneId] as? String
+
+    NotificationCenter.default.addObserver(
+      self,
+      selector: #selector(handleUserDefaultsChanged),
+      name: UserDefaults.didChangeNotification,
+      object: userDefaults
+    )
+  }
+
+  deinit {
+    NotificationCenter.default.removeObserver(self, name: UserDefaults.didChangeNotification, object: userDefaults)
  }

  // Save user-settable configuration
@@ -69,6 +79,10 @@ class ConfigurationManager {
    setFirezoneId(UUID().uuidString)
  }

+  @objc private func handleUserDefaultsChanged(_ notification: Notification) {
+    self.managedDict = userDefaults.dictionary(forKey: managedDictKey) ?? [:]
+  }
+
  private func saveUserDict() {
    userDefaults.set(userDict, forKey: userDictKey)
  }
--- a/swift/apple/FirezoneNetworkExtension/PacketTunnelProvider.swift
+++ b/swift/apple/FirezoneNetworkExtension/PacketTunnelProvider.swift
@@ -176,8 +176,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
        completionHandler?(configurationPayload)

      case .setConfiguration(let configuration):
-        self.configuration = configuration
        ConfigurationManager.shared.setConfiguration(configuration)
+        self.configuration = ConfigurationManager.shared.toConfiguration()
        completionHandler?(nil)

      case .signOut: