Post

Replies

Boosts

Views

Activity

Reply to How to program programatically hide file and folder from Finder
After several days research, finally I found a way to hide contents of the folder. Just use the Endpoint system extension, and deny all ES_EVENT_TYPE_AUTH_READDIR when the msg->event.readdir.target->path.data is my folder path. Although this makes it impossible for me to see these files under my filesystem, but I can still use file system API such as open(), createFile() to do some operations on the files.
Mar ’24
Reply to Deny Mac system using cached data when copy
After some research, I know that there is some relationship between the DesktopServicesHelper process and the copy operation, so I tried don't decrypt the file when system process DesktopServicesHelper trying to open the encrypted file. But it still does not work, the Mac system seems to directly hand over the cache data to the DesktopServicesHelper process, then DesktopServicesHelper creates a new file in the copy target path with decrypted data.
Mar ’24
Reply to How to get the new created vnode since kauth_listen_scope is invalid now
I am developing a file encryption and decryption software on Mac. The main function of this software is to set up a special folder, and all files in this folder will be automatically decrypted when opened. After the files are copied out of this folder, the files need to remain encrypted. I achieve such a folder by mounting a MacFUSE-based file system. But after I copied the file out of the special folder, I found that the copied content was plain text. I think this may be caused by the cache of the Mac system. In order to prevent the decrypted content from being copied, I wanted to hook the vnode write operation and replace the copied decrypted content with the encrypted content. I borrowed the method from this link MacOSX-FileSystem-Filter to hook the read and write operations of vnode. The core idea of ​​this hook method is, // assumtion is - the vnode layout is as follows // <some fields that are irrelevant for us> // int (**v_op)(void *); /* vnode operations vector */ // mount_t v_mount; /* ptr to vfs we are in */ // void * v_data; /* private data for fs */ So after I got the vnode object from Kauth, then do some pointer movement to replace the vnode operations vector int (**v_op)(void *); , thus I can hook the vnode operations.
Apr ’24
Reply to Can the Endpoint Security Extension communicate with a regular app
There's no need to display a UI to guide the user in making a choice. We'll decide whether to allow opening a file based on its path or some other meta datas, following the policy configuration. When ES detects that a file is about to be opened, it needs to communicate with my Mac app, and the app will use the configured policy to determine if the user can open or deny access to the file. So, we need to find a way for ES and the Mac app to communicate effectively. I attempted creating a local CFMessagePort on the app side, but ES couldn't obtain the remote CFMessagePort. The CFMessagePortCreateRemote always return nil.
Jul ’24