cmdReporter Wiki

Open navigation

Defining Sensitive Data

SensitiveApplications

DLPExecutableNames

  • Array of strings with the executable names of applications. Any data created by an application with a matching process name will be considered sensitive.
  • example: /Applications/Xcode.app/Contents/MacOS/Xcode

DLPSigningIdentifiers

  • Array of strings with the app signing identifier of applications. Any data created by an application with a matching signing ID will be considered sensitive.
  • Example: com.microsoft.Word
  • Example command to obtain app ID for this preference:
    • codesign -dv /Applications/Microsoft\ Word.app | grep Identifier

DLPTeamIdentifiers

  • Array of strings with the team signing identifier of applications. Any data created by an application with a matching team signing ID will be considered sensitive.    
  • Example: UBF8T346G9
  • Example command to obtain team ID for this preference:
    • codesign -dv /Applications/Microsoft\ Word.app | grep TeamIdentifier

SensitiveUTIs

  • Array of strings with the Uniform Type Identifier (UTI) of types of files to always consider sensitive irrespective of the application used to modify or create them.
  • Example: org.openxmlformats.wordprocessingml.document
  • Example command to obtain UTIs for a given file
    • mdls -name kMDItemContentTypeTree /path/to/file
    • Results are listed most to least specific when running this command.
      • "com.apple.quicktime-movie" could be used to track .mov files
      • "public.movie" could be used to track any video file
      • "public.audiovisual-content" could be used to track any audio or video file.
      • "public.data" could be used to track any file containing data on the system (not recommended) 
  • Note: cmdReporter does not rely on spotlight indexing

SensitivePaths

  • Array of strings with the full path to folder(s) that should be considered sensitive. Any file contained in these folders will be considered sensitive.
  • Example /Volumes/Data/


Example Plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>SensitivePaths</key>
    <array>
        <string>/Volumes/Data/SensitiveData/</string>
        <string>/Volumes/CompanyData/SensitiveData/</string>
    </array>
    <key>SensitiveApplications</key>
    <dict>
        <key>DLPExecutableNames</key>
        <array>
            <string>/System/Applications/Calculator.app/Contents/MacOS/Calculator</string>
            <string>/Applications/Xcode.app/Contents/MacOS/Xcode</string>
        </array>
        <key>DLPSigningIdentifiers</key>
        <array>
            <string>com.apple.TextEdit</string>
        </array>
        <key>DLPTeamIdentifiers</key>
        <array>
            <string>VEKTX9H2N7</string>
        </array>
    </dict>
    <key>SensitiveUTIs</key>
    <array>
        <string>org.openxmlformats.wordprocessingml.document</string>
    </array>
</dict>
</plist>


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.