Thanks eskimo, hope the day Apple supports the function like file filter will come soon...
Thanks for your detailed reply @eskimo . Now I'm finding a way to begin the adventurous and exciting journe of VFS development.
Since there is rare document about VFS, do you think it's a good idea to borrow from the implementation of Linux 3rd file system FUSE?
If I were to port Linux FUSE to VFS, what would be the biggest challenges and differences?
Thanks for your reply, there is really rare document about it.
File Provider is not enough to meet my requirement. To develop a kernel/user hybrid file system maybe a good way, at least I have the full control of my file system.
It's really painful to do VFS development on macOS :(
I am developing a file encryption and decryption software on Mac. The main function of this software is to set up a special folder, and all files in this folder will be automatically decrypted when opened. After the files are copied out of this folder, the files need to remain encrypted. I achieve such a folder by mounting a MacFUSE-based file system.
But after I copied the file out of the special folder, I found that the copied content was plain text. I think this may be caused by the cache of the Mac system. In order to prevent the decrypted content from being copied, I wanted to hook the vnode write operation and replace the copied decrypted content with the encrypted content.
I borrowed the method from this link
MacOSX-FileSystem-Filter to hook the read and write operations of vnode. The core idea of this hook method is,
// assumtion is - the vnode layout is as follows
// <some fields that are irrelevant for us>
// int (**v_op)(void *); /* vnode operations vector */
// mount_t v_mount; /* ptr to vfs we are in */
// void * v_data; /* private data for fs */
So after I got the vnode object from Kauth, then do some pointer movement to replace the vnode operations vector int (**v_op)(void *); , thus I can hook the vnode operations.
Post not yet marked as solved
After some research, I know that there is some relationship between the DesktopServicesHelper process and the copy operation, so I tried don't decrypt the file when system process DesktopServicesHelper trying to open the encrypted file. But it still does not work, the Mac system seems to directly hand over the cache data to the DesktopServicesHelper process, then DesktopServicesHelper creates a new file in the copy target path with decrypted data.
After several days research, finally I found a way to hide contents of the folder.
Just use the Endpoint system extension, and deny all ES_EVENT_TYPE_AUTH_READDIR when the msg->event.readdir.target->path.data is my folder path.
Although this makes it impossible for me to see these files under my filesystem, but I can still use file system API such as open(), createFile() to do some operations on the files.
Post not yet marked as solved
You should post your question in English, otherwise others won't know what are you saying.
