Hi,Is there a way for a NEDNSProxyProvider to not handle a flow, without blocking the request?It NO / false is returned in -handleNewFlow:, it seems that the request is blocked.Alternatively, I could perform the DNS request using res_send (resolv.h), but if a do so, I get back the request in my proxy again…Thanks for your help
Post
Replies
Boosts
Views
Activity
Hi,Since Network Kernel Extensions are deprecated, is it possible to use their replacement (Network Extension) with a Developper ID signed app?When I try to do so, my app is terminated because of "Unsatisfied entitlements: com.apple.developer.networking.networkextension"
Hello,I attempted to create a sample app using Endpoint Security. It's working ok for ES_EVENT_TYPE_NOTIFY_OPEN events. But as soon as I attempt to use ES_EVENT_TYPE_AUTH_OPEN, Endpoint Security is freezing the mac, and it either kill my process or the user session.I've performed a sample code that is trusting processes for each notification during 30 sec, then enable blocking mode. And it fails.Is it expected?#import
#import
@import OSLog;
int main(int argc, const char * argv[]) {
@autoreleasepool {
// insert code here...
es_client_t *client = NULL;
es_new_client_result_t newClientResult =
es_new_client(&client,
^(es_client_t * client, const es_message_t * message) {
switch (message->event_type) {
case ES_EVENT_TYPE_AUTH_OPEN:
os_log( OS_LOG_DEFAULT , "EndpointSecurity : Allowing event from : %{public}s : Open %{public}s",message->process->executable->path.data, message->event.open.file->path.data);
es_respond_auth_result(client, message, ES_AUTH_RESULT_ALLOW, true); // Immediately allow events
break;
case ES_EVENT_TYPE_NOTIFY_OPEN:
os_log(OS_LOG_DEFAULT , "EndpointSecurity : trusting : %{public}s",message->process->executable->path.data);
es_mute_process(client, &message->process->audit_token);
break;
default:
os_log(OS_LOG_DEFAULT , "EndpointSecurity : unexpected event type : %i",message->event_type);
es_respond_auth_result(client, message, ES_AUTH_RESULT_ALLOW, true); // Immediately allow events
break;
}
});
// Handle any errors encountered while creating the client.
switch (newClientResult) {
case ES_NEW_CLIENT_RESULT_SUCCESS:
// Client created successfully; continue.
break;
case ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED:
panic("Extension is missing entitlement.");
break;
case ES_NEW_CLIENT_RESULT_ERR_NOT_PRIVILEGED:
panic ("Extension is not running as root.");
break;
case ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED:
// Prompt user to perform TCC approval.
// This error is recoverable; the user can try again after
// approving TCC.
return 0;
break;
case ES_NEW_CLIENT_RESULT_ERR_INVALID_ARGUMENT:
panic ("Invalid argument to es_new_client(); client or handler was null.");
break;
case ES_NEW_CLIENT_RESULT_ERR_TOO_MANY_CLIENTS:
panic ("Exceeded maximum number of simultaneously-connected ES clients.");
break;
case ES_NEW_CLIENT_RESULT_ERR_INTERNAL:
panic ("Failed to connect to the Endpoint Security subsystem.");
break;
}
// Subscribe the client to the ES_EVENT_TYPE_NOTIFY_OPEN event.
es_event_type_t eventTypes[] = { ES_EVENT_TYPE_NOTIFY_OPEN };
es_return_t subscribeResult = es_subscribe(client, eventTypes, 1);
if (subscribeResult != ES_RETURN_SUCCESS) {
panic ("Client failed to subscribe to event.");
}
dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(30 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
os_log(OS_LOG_DEFAULT , "EndpointSecurity : Started blocking mode");
es_unsubscribe_all(client);
// After 30 sec, replace ES_EVENT_TYPE_NOTIFY_OPEN by ES_EVENT_TYPE_AUTH_OPEN event.
es_event_type_t eventTypes[] = { ES_EVENT_TYPE_AUTH_OPEN };
es_return_t subscribeResult = es_subscribe(client, eventTypes, 1);
if (subscribeResult != ES_RETURN_SUCCESS) {
panic ("Client failed to subscribe to event.");
}
});
NSRunLoop *runLoop = [NSRunLoop currentRunLoop];
[runLoop run];
}
return 0;
}
Hello,
We have several reports from users that our app looses its Full Disk Access permission after reboot.
This is something we have not able to reproduce internally, but that is affecting a noticeable amount of users, running various versions of macOS: 11.7.2, 12.4, 12.6.2, 13.1, 13.2, 13.2.1, 13.3, 13.3.1.
We also noticed that we are not the only one affected by the issue:
https://community.norton.com/en/forums/resolve-repeated-norton-full-disk-access-prompt-when-you-open-norton-macos-13
https://kevinyank.com/posts/privacy-security-settings-reset/
Unfortunately, none of the workaround described in those articles seems to work for our user on the long term.
Is it an issue known by Apple? Is there a workaround?
Thanks for your help.