Post

Replies

Boosts

Views

Activity

Secure IPC between Apps of same App-Group
Hi, I am looking for a secure IPC between 2 apps in the same App group. Both the apps will be sandboxed. I am planning to have one "UI" app and a service App that serves the UI app. I want the communication between the apps to be secure. In this context secure means that even the user/Admin/root of the Mac cannot snoop the actual messages. I have looked at XPC as an option. But my understanding is that the messages are not encrypted and so the local user can snoop the messages using tools like XPoCe and XPCspy. Please correct me if I am wrong. http://newosxbook.com/tools/XPoCe2.html https://github.com/hot3eed/xpcspy Other option I was thinking was using socket/Rest/grpc using TCP ports and encrypt the messages. Encrypting requires certificates. So can I store private keys in keyChain or App-Group folder? This private cert stored in keychain should not be extractable by the Admin/root of the Mac as well. Please let me know if this is possible. Thanks a lot for your help.
3
0
1.3k
Jun ’21
System Extension packet-tunnel NE not starting
Hi, I am converting a working packet-tunnel Network Extension to distribute using Developer ID (system-extension). And I see that system-extension is getting registered but exiting. Please help. Thanks NOTE: SIP is disabled Static Tunnel configuration. I have gone through lot of similar questions on the forums but not able to figure out what is happening. Removed NEMachService from the Info.plist since it was forcing me to add "application-group" and this was not part of the provisioning profile. The following 2 messages in the logs seem suspicious (NetworkExtension) [com.apple.networkextension:] Signature check failed: code failed to satisfy specified code requirement(s) ***.YYY.network-extension: (NetworkExtension) [com.apple.networkextension:] [Extension ***.YYY]: IPC detached NE Entitlements: <dict> <key>com.apple.application-identifier</key> <string>TEAM_ID.***.YYY.network-extension</string> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.team-identifier</key> <string>TEAM_ID</string> <key>keychain-access-groups</key> <array> <string>TEAM_ID.*</string> </array> </dict> NE Provision profile: <key>Entitlements</key> <dict> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>dns-settings</string> </array> <key>com.apple.application-identifier</key> <string>TEAM_ID.***.YYY.network-extension</string> <key>keychain-access-groups</key> <array> <string>TEAM_ID.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>TEAM_ID</string> </dict> Logs: Please see next post. Thanks
5
0
2.5k
Nov ’20
Network Extension: Failed to save configuration Error Domain=NEConfigurationErrorDomain
Hi, I am writing a Network Extension (NEPacketTunnelProvider) app for Macos. I am currently using "Mac Developer" Code signing Identity. When running the app, I am seeing the following error on my mac when the code tries to save (NETunnelProviderManager().saveToPreferences) the packet-tunnel config. Please help. Thanks 2020-10-22 15:49:08.133266-0700 XXXXXXX[10186:214874] [] Failed to save configuration yyyyyy: Error Domain=NEConfigurationErrorDomain Code=12 "failed to make changes in SCPreferences: (null)" UserInfo={NSLocalizedDescription=failed to make changes in SCPreferences: (null)} 2020-10-22 15:49:08.133441-0700 XXXXXXX[10186:214067] [] Failed to save configuration: Error Domain=NEVPNErrorDomain Code=5 "failed to make changes in SCPreferences: (null)" UserInfo={NSLocalizedDescription=failed to make changes in SCPreferences: (null)} 2020-10-22 15:49:08.133985-0700 XXXXXXX[10186:214067] Add: Saving configuration failed: Error Domain=NEVPNErrorDomain Code=5 "failed to make changes in SCPreferences: (null)" UserInfo={NSLocalizedDescription=failed to make changes in SCPreferences: (null)}
6
0
2.4k
Oct ’20
App Not starting: Termination Reason: Namespace CODESIGNING, Code 0x1
Hi, I am writing a "Network Extension" (NEPacketTunnelProvider) app for macos. I am using "Developer ID" signing for my Macos app. But it crashes after I start it on my mac. I have already gone through the notarization. Thanks Time Awake Since Boot: 13000 seconds Time Since Wake: 11000 seconds System Integrity Protection: enabled Crashed Thread: 0 Exception Type: EXCCRASH (Code Signature Invalid) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXCCORPSENOTIFY Termination Reason: Namespace CODESIGNING, Code 0x1 kernel messages: VM Regions Near 0 (cr2):-> TEXT 0000000104aaa000-0000000104b32000 [ 544K] r-x/r-x SM=COW Thread 0 Crashed: 0 @ Z 0x000000010ddb9000 dyld_start + 0 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000 rdi: 0x0000000000000000 rsi: 0x0000000000000000 rbp: 0x0000000000000000 rsp: 0x00007ffeeb155b70 r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x0000000000000000 r11: 0x0000000000000000 r12: 0x0000000000000000 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000 rip: 0x000000010ddb9000 rfl: 0x0000000000000200 cr2: 0x0000000000000000 Logical CPU: 0 Error Code: 0x00000000 Trap Number: 0
3
0
7.5k
Oct ’20