Application Bundle Filter

This type of filter identifies application bundles for macOS systems.

create

Prior to Privilege Manager v10.7.1, the value of the Bundle Name field required the inclusion of the .app extension (e.g. Console.app). The Bundle Name field should have an entry like console.app or photos.app to correctly apply the filter. If it is not present, the filter will fail to properly match. With Privilege Manager v10.7.1, the presence of the .app extension is properly calculated during policy processing.

Pre-10.7.1 Example

The bundle name should appear when creating the filter.

Bundle Name

Parameters

  • Bundle Name

  • Bundle Path

    • Include subdirectories

The following bundle properties can be used to identify an application bundle in an Application Bundle filter. These properties are found in the info.plist for the application on macOS systems.

  • App Category
  • Bundle Identifier
  • Bundle Name
  • Bundle Version
  • Bundle Version (short)
  • Executable File
  • Info String
  • Min System Version

The Bundle Name field is separate from the Bundle Name in the property list. If you have the Bundle Name field populated and it doesn't match the binary being executed, the filter will fail to match and not process the property list values in the Info.plist file. If an app is discovered as a new loaded resource and assigned to a policy, a filter is created and pre-populated based on the information pulled from the info.plist file.

example

Info.plist Example for Photos

Copy 
<key>CFBundleExecutable</key>
<string>Photos</string>
<key>CFBundleHelpBookFolder</key>
<string>Photos.help</string>
<key>CFBundleHelpBookName</key>
<string>com.apple.Photos.help</string>
<key>CFBundleIconFile</key>
<string>AppIcon</string>
<key>CFBundleIconName</key>
<key>CFBundleIdentifier</key>
<string>com.apple.Photos</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>

Using RegEx in Bundle Path

The Bundle Path parameter supports RegEx. The RegEx must be surrounded by parenthesis and will be compared against the lowercase file path, for example "(/applications/.*)". When a RegEx is used for the Bundle Path, Include subdirectories is automatically disabled.

Validation error messages are provided when the

  • Basic path is missing the leading /.

  • RegEx path is missing the opening (.

  • RegEx path is missing leading the (/.

  • RegEx path is missing the closing ).

    alt