Post

Replies

Boosts

Views

Activity

endpoint security framework in multithread applications
Hello, I am going to use endpoint security framework in my application. Unfortunately, I have not found any clear cut explanation about how to use endpoint security in multithread applications. Can we say the handler block (es_handler_block_t), which is the parameter of es_new_client(), is running in separate thread? Does es_new_client() create new thread? Should I synchronize a handler block and the code which calls es_delete_client()? Should I protect the handler block by mutex? Thank you in advance.
5
0
950
Feb ’24
notification about change visible window
Hello, I am trying to get a notification about change visible (top) window on Desktop. I am using NSWorkspaceDidActivateApplicationNotification notification and it works fine except situation of minimize current active application. Nothing is posted in notification center if active window is minimized. Are there any way to get some notification about change top window which is currently displayed on Desktop? Thank you in advance for your help!
0
0
381
Feb ’24
filtering network data in multi thread
Hello, I need to implement filtering network data which is based on Network Extension (network content filter) Let's say I have rule which leads to monitoring several data flows in parallel. Are there any way to handle each data flow in separate thread? (number of threads is equal to number of analyzed flow) If one flow is paused by pauseVerdict, will the filter data provider recieve new data chunks in handleInboundDataFromFlow for other flows? Are there any possibility to change data flow on a fly? Thank you in advance.
3
0
416
Jul ’24
get image icon of running applications in daemon
I need to get image icon of running applications in daemon. I have found the method iconForFile. [[NSWorkspace sharedWorkspace] iconForFile: bundlePath]; However, as far as I know, the framework AppKit is not daemon-safe. https://developer.apple.com/library/archive/technotes/tn2083/_index.html So, the only way which I see is to get icon file path via parsing Info.plist. However, the icon is not defined for some system app, e.g.: /System/Applications/Calendar.app /System/Applications/System Settings.app Are there any way to get icons of system application in daemon code? Is it safe to use NSBundle in daemon code? Thank you in advance.
2
0
467
Jul ’24
FAILED TO REGISTER PROCESS WITH CPS/CoreGraphics in WindowServer
Time to time I see the error 'FAILED TO REGISTER PROCESS WITH CPS/CoreGraphics in WindowServer' if CGImageForProposedRect is called immediately after start: https://developer.apple.com/documentation/appkit/nsimage/1519861-cgimageforproposedrect _RegisterApplication(), FAILED TO REGISTER PROCESS WITH CPS/CoreGraphics in WindowServer, err=-50 This error appears only one time during start. What does this error mean? Thank you in advance!
9
0
559
Aug ’24
matching dictionary to find particular IOUSBInterface
Hello, I am trying to get value of InterfaceClass for particular USB Device. I modified matching dictionary and added the property locationID property. CFMutableDictionaryRef matchingDictionary = IOServiceMatching(kIOUSBInterfaceClassName); if (!matchingDictionary) { return -1; } int32_t locationID = 0xffff; CFNumberRef cfLocationID = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &locationID); CFDictionaryAddValue(matchingDictionary, CFSTR(kUSBHostPropertyLocationID), cfLocationID); CFRelease(cfLocationID); io_service_t ioService = IOServiceGetMatchingService(kIOMasterPortDefault, matchingDictionary); if (!ioService) { return -1; } CFNumberRef cfInterfaceClass = (CFNumberRef)IORegistryEntrySearchCFProperty(ioService, kIOServicePlane, CFSTR(kUSBHostMatchingPropertyInterfaceClass), kCFAllocatorDefault, kNilOptions); ... Unfortunately nothing is found and ioService is NULL. What can be wrong here? Thank you in advance!
2
0
427
Aug ’24
block all USB devices
Hello, I am working on app which must prevent attaching any USB devices to Mac due to security. Unfortunately I have not found any direct way to implement such blocking: Looks like IOKit does not allow to block USB (at least in user space) ES_EVENT_TYPE_AUTH_IOKIT_OPEN (Endpoint Security) does not prevent using USB device if I send response ES_AUTH_RESULT_DENY for "AppleUSBHostDeviceUserClient" I have found several similar problems on forum but no any solution: https://developer.apple.com/forums/thread/671193 (https://developer.apple.com/forums/thread/756573 https://developer.apple.com/forums/thread/741051 What is the easiest way to implement such blocking? Thank you in advance!
6
0
551
Aug ’24
get properties of device in kIOTerminatedNotification handler
Hello, I am facing with misunderstanding how to read usb device properties correctly. The notification 'kIOTerminatedNotification' is delivered after an IOService has been terminated. Can I use IORegistryEntryCreateCFProperties() to get properties of terminated device? I am asking because I/O Registry is a dynamic database that captures the connections of all driver and nub objects currently active. Howerver, can we say that terminated device is still active? If IORegistryEntryCreateCFProperties() can not be used, are there any other way? (e.g. using Device Interface) Thank you in advance!
0
0
171
Oct ’24