Hello,
I am working on a network security and DLP (Data Loss Prevention) solution. A core requirement of our architecture is the ability to modify network traffic payloads in-flight (e.g., stripping sensitive data or altering packets). So, the only way to implement this is via the NETransparentProxyProvider which allows us to handle, evaluate, and modify network flows (NEAppProxyFlow).
However, because this is such a powerful mechanism, my primary goal is to ensure the absolute stability of the operating system. I want to minimize the risk of interfering with core Apple services. When evaluating a flow, I have access to NEFlowMetaData, specifically properties like sourceAppUniqueIdentifier and sourceAppAuditToken.
Could you please assist me with the following questions:
- Is there a recommended list of Apple system Application IDs (Bundle IDs) or executable names that should be strictly bypassed (ignored) by the Network Extension to maintain system integrity?
- Since system daemons can change between OS releases, are there any programmatic best practices or specific rules to dynamically identify core OS traffic that must not be intercepted?
- Are there any specific network ports or protocols that Apple strongly recommends excluding from NENetworkRule matches at the proxy provider configuration level to ensure daemons like apsd or mDNSResponder function correctly?
Thank you in advance.