Thanks Quinn!I will be opening a DTS Code Level support. But before that, I have few unknown questions that I would like to discuss so as to have more context regarding the problem before seeking DTS.When I use 0x7fffffff as an authorized_flags value for es_respond_flags_result(,,,) - It works perfectly with caching set to true. I found this flag as part of the thread opened by Bill_Chui (https://forums.developer.apple.com/thread/133635). Surprisingly, setting this authorized flag to 0x7fffffff (or INT_MAX) makes caching with ES_EVENT_TYPE_AUTH_OPEN work without a glitch! I have few queries around this:1. Is 0x7fffffff the correct flag that we need to set while responding to ES_EVENT_TYPE_AUTH_OPEN ?2. Afaik, setting authorized flag 0x7fffffff with es_respond_flags_result, typically means authorizing the file open events with all intended flags. In this case, if a user opens a file with Read-Only mode and ES client authorizes the file open event with 0x7fffffff and caching the event result - does it mean that ES client will grant the subsequent Read-Only file events will all set of permissible flags ?3. What is being cached here as part of event result - If I authorize a file open with 0x7fffffff, does ES subsystem cache all the subsequent events with 0x7fffffff ?I would like to get answers to these three queries before I raise a DTS so that I could have a better idea about the problem/unknows here. Which would also be helpful for Apple to understand what exactly I'm trying to achieve with my app.PS: I am working with SIP and AMFI disabled (sudo nvram boot-args="amfi_get_out_of_my_way=0x1”). I'm afraid I might hit the case which is mentioned here https://forums.developer.apple.com/thread/133635 after I test my app with SIP enabled and production signed. I wonder if I need to raise a separate DTS for this hang issue.
Topic:
Privacy & Security
SubTopic:
General
Tags: