Post

Replies

Boosts

Views

Activity

The curious case of the "IOKit Driver" Xcode target.
Firstly, I realise that Kexts are deprecated. And for my needs, user-space IOKit from an application might be more than I’ll ever need, but I can’t help ensuring I’ve got all my ducks in a row while I’m designing an app. I noticed in the above Kext deprecation notice that it’s more about specific APIs that are deprecated rather than the kext mechanism itself (no mention of IOKit kernel APIs there). Along with the fact that a reboot would be required and various other policy changes. While reading up on System Extensions and the various newer tools, DriverKit, Endpoint Security etc, I’ve noticed there’s no mention of this “IOKit Driver” target/deliverable in the Xcode template chooser. It looks like, from the requirements, that DriverKit is aimed at hardware manufacturers, with a need to request the DriverKit entitlement for development. With respect to Apple’s internal Kext deprecation roadmap, how safe is it to build a product that relies on using an IOKit Driver and are there any requirements similar to DriverKit? Would a developer need to request an entitlement? If I developed an app using user-space IOKit and, for illustration purposes let’s say I also included an IOKit Driver in the app bundle. If I used the IOKit API, including header file constants only (no digging around in the IORegistryExplorer for non-public keys), as Apple intends them to be used, would this fall foul of any App Store rules that anyone is aware of? Put another way, would making use of an IOKit Driver disqualify my app from being distributed via the App Store, similar to an Endpoint Security extension? As an aside, there are a lot of API in the ES Framework that could be used to build apps that have nothing to do with Endpoint Security. File system related apps for example. It’s a shame there isn’t an enhanced middle ground between FSEvents and Endpoint Security framework.
3
0
184
2w
Endpoint Security sysex in a User Agent installer?
Firstly, I want to keep my GUI app available for download on the Mac App Store, which means I need to provide the Endpoint Security functionality in some other executable, such as a daemon. I'm going to use a User Agent for user-aware background processing. Instead of the typical use of adding an Endpoint Security system extension to a macOS app, could I instead add the sysex to my User Agent bundle? I like the benefits of coupling the sysex to the client that will interact with it, and this would also allow me to not have to worry about managing a daemon. I could simply provide the User Agent in a downloadable installer signed with my Developer ID certificate.
1
0
267
Nov ’24
GUI + XPC Service App Architecture Performance
Let's image that someone wants to use a background service to keep track of FSEvents activity, at the file level (a firehose, some might say). I choose this example, to indicate the volume and rate of data transmission in question. I'm not creating a front-end for FSEvents data, but my background service may generate data at a similar pace. The service runs off of user defined document/s that specify the FSEvent background filtering to be applied. Those that match get stored into a database. But filters can match on almost all the data being emitted by FSEvents. The user decides to check on the service's activity and database writes by launching a GUI that sends requests to the background service using XPC. So the GUI can request historic data from a database, but also get a real-time view of what FS events the service is busy filtering. So it's a client-server approach, that's concerned with monitoring an event stream over XPC. I understand XPC is a request/response mechanism, and I might look into using a reverse connection here, but my main concern is one of performance. Is XPC capable of coping with such a high volume of data transmision? Could it cope with 1000s of rows of table data updates per second sent to a GUI frontend? I know there are streaming protocol options that involve a TCP connection, but I really want to stay away from opening sockets.
7
0
683
Jun ’24
Custom SF Symbols for Box Drawing?
I'm trying to find out of SF Symbols is the correct tool for job I have in mind. I'm wanting to create custom box drawing symbols, like those in the unicode block. Box drawing requires the lines from one symbol to connect to the lines of an adjacent symbol. Does SF Symbols allow for this connecting of symbols, or does it create some padding restriction around each symbol, preventing lines from connecting to one another?
0
0
555
Apr ’24
Anti-Piracy measures for Mac App Store apps?
As an indy developer, it's prohibitive to start developing backend receipt validation services. Is there anything else in Apple's technologies that we can use to verify whether the person who is using my app, has paid for it? The first thing I thought of when Apple rolled out Sign in with Apple ID, was hopefully, it would include some API that would allow me to ask a simply question: did this Apple ID pay for my app? As an indy developer, this is the one feature that would keep my paid app on the Mac App Store. Anyone have any good suggestions for solving this as an indy developer?
7
0
1.1k
Apr ’24
Background processing options for Mac App Store apps?
I'm busy designing my app's functionality and really would like to provide some features that rely on background processing after the user has logged in. A Login Item seems ideal for this use case. I appreciate the lengths Apple go to, to communicate the complex technologies involved in app development, including the planning of macOS apps. I haven't found any information in the planning and design (admittedly under HIGs) documentation on whether it's possible to provide some background processing element along with an app destined for the Mac App Store. Perhaps it's not mentioned for a reason? However, it would be really useful to background processing dealt with up-front, especially under planning, because it has a huge impact on how one moves forward with product design. Especially when you're an indy developer with limited time and resources. I can't, for the life of me, find where I previously read that daemons and agents weren't allowed to be shipped with a Mac App Store app, because of the Sandbox requirements. It was probably a reply by Eskimo somewhere in the forums. Does the same apply to Login Items? The bulk of the Login Item documentation is in the documentation archive, most of which was written before the existence of the app stores, so I couldn't find any answers there. I previously believed that an app destined for the Mac App Store could only include a single binary, that of the main app itself. Although I've seen the recent article on including a command line utility binary in the distribution too. Also, if my understanding of code signing is correct, apps distributed via an app store are signed by Apple, and thus can't communicate via XPC with a binary signed and distributed via a Developer ID. Or is there some workaround there that might get me closer to my goal?
5
0
722
Apr ’24
Privileged Mach Service only replies when attached to debug
I've been following the Even Better Authorization Sample to a degree, and I've successfully deployed a privileged helper service that is definitely launched by my app on-demand. For now, it's launched by an XPC service (I need the process isolation) that returns the privileged helpers service endpoint.If I then try to call any of the APIs on the privileged remote service from within my app, they simply disappear into the ether, never to be returned or heard from again. So my app is left in this hung state.I've made some progress after I discovered that you can attach to the PID to debug it as root in Xcode. When I did that, it seemed like the debugger took me through the process's main() function and the init of the service itself. Which I thought was odd considering the process was already running. After that, I launched my app in Xcode to debug it, and calls to the privileged process worked perfectly and returned exactly what I was expecting. Plus all the os.log streams showed exactly what they should. Previously nothing was output via the logging system.So I guess my questions are:1) Why does the debugger take me through the process's main() and the init of the service when I attach to the already running privileged process? Does that indicate that something is not right, or not happening as it should while its running on its own?2) I'm guessing its a permissions thing as trying to attach as myself to debug I get an SIP message: "Process attach denied, possibly because System Integrity Protection is enabled and process does not allow attaching." I assumed (I know, stupid idea) that because I'd specified that my XPC process had permission to add and remove this helper tool, that it would also be allowed to attach to it. I'm guessing not. Which leaves me wondering, how do I attach to this process with SIP in the way? 3) How can I possibly debug why the privileged process won't process requests while Xcode is not attached to it for debugging?Any advice or help would be greatly appreciated. Thanks.
3
0
976
May ’20
Can't deploy framework to /Library/Frameworks
I'm trying to deploy a framework to /Library/Frameworks but I'm not sure if I'm dealing with a permissions issue or build configuration issue, or something else.In the framework target's Deployment section I've set:Deployment Location: YesDSTROOT: /INSTALL_PATH: /Library/FrameworksSkip Install: NoI get the following error when building for running:SymLink /Library/Frameworks/MyKit.framework/Versions/Current A (in target 'MyKit' from project 'MyKit') cd /Users/rayascott/Developer/bitbucket/MyApp/MyAppSpace/Projects/MyKit /bin/ln -sfh A /Library/Frameworks/MyKit.framework/Versions/Currenterror: unable to create symlink at '/Library/Frameworks/MyKit.framework/Versions/Current' (in target 'MyKit' from project 'MyKit')Nothing is deployed to /Library/Frameworks/.I've given Xcode full disk access, but I'm guess that's not enough for it to access system folders. Am I better off with a zsh script and sudo from the command line to deploy this? I do really need to place it there, as I have a priviledged helper tool that needs to access this framework.On a side note: how would a user of my app be able to deploy this framework to /Library/Frameworks if they aren't an Administrator? Would I then have to deploy to ~/Library/Frameworks? But I see that's discouraged. How does everyone else get this working in for a deployed release build? Thanks.
2
0
1.6k
May ’20
Working with init that takes a 32 element tuple?
I'm busy working with the Authorization Services APIs and came across an initializer for the type AuthorizationExternalForm that takes a 32 element tuple of UInt8s.init(bytes: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8))Ref here: https://developer.apple.com/documentation/security/authorizationexternalform/1396798-initIs there a shortcut to converting the contents of Data to that without explicitly referencing each element in a byte array?
3
0
856
May ’20
XPC Mach Services from App Bundle?
Is it possible to include an XPC Service target in my app bundle that is designed to run as a mach service with the launchd username set to root? I know, it sounds like a terrible idea, but I've done some reading, and I'm learning about Authorisation Services and the EvenBetterAuthorizationSample project.The idea is to have a privledged helper be accessible from other processes such as a command line tool or menubar app. What are the other settings besides Application for the XPC ServiceType in the Info.plist. The ServiceType key isn't even documented in the Daemons and Services Programming Guide. The other thing I'm hoping to acheive is to lanuch the same XPC service code as two seperate launchd services. One as root and one as the logged-in user.
7
0
2.4k
May ’20
Importing XCTest into a framework target
Is it by design that we are not able to succesfully load the XCTest framework into our own framework targets?I can add it to my framework target's list of linked frameworks, and import it into a source code file, and even build my project successfully, but after it's built, Xcode will display a red error inline at the import site with the message "Failed to load module 'XCTest'". My framework target even builds if I refer to an XCTest type in my code.I got to this point because I was trying to use XCTPerformanceMetric(rawValue: ""). The call works in my test target, but in a framework target it tells me the rawValue version of the constructor does not exist. Of course, as i type this, I'm still receiving the load module error, but now the compiler doesn't complain if I use the rawValue constructor. Can anyone enlighten me? Thanks.
2
0
1.3k
Apr ’20
XCTest overriding defaultMetrics not working for me.
I'm trying to get a handle on XCTest performance measurement, but they don't seem to work the way I understand them (which is very possibly incorrect).There are:defaultMetrics: [XCTMetric]- "Subclasses of XCTestCase can override this property to change the default metrics."- which includes: XCTClockMetric, XCTCPUMetric, XCTMemoryMetric, et al.and:defaultPerformanceMetrics: [XCTPerformanceMetric] - "Subclasses of XCTestCase can override this method to change the behavior of measure(_:)."- which includes the sole: wallClockTime: XCTPerformanceMetricIf I override: override class var defaultMetrics: [XCTMetric] { return [XCTMemoryMetric(), XCTCPUMetric(), XCTClockMetric()] }and call:self.measure(work)All I see in the report is Duration and Time.Yet if I pass an array of metrics in,self.measure(metrics: [XCTMemoryMetric(), XCTCPUMetric(), XCTClockMetric()], block: work)it works and displays CPU Cycles and Memory Physical etc.Shouldn't the measure() method use the defaults I've specified? Also, if I've overridden defaultPerformaceMetrics(), those metrics are only displayed if I don't pass XCTMetrics to measure(metrics:). Ultimately, what I want is a report that displays the XCTMetrics I specify as well as the XCTPerformanceMetrics. I know there are other perf metrics beyond just wallClockTime.
0
0
717
Apr ’20
Export using Drag & Drop to Finder?
I have this idea for my document-based app that I'm not sure is possible, so I'm hoping someone with experience can shed some light on this for me. Imagine I've got an NSDocument but it's actually represented as a package, a folder on disk. Let's call this folder-based document a Project document. Inside the Project document's package folder I've got, for all intents and purposes, BLOBs. These BLOBs are represented in the app's GUI as dragable UI elements. Is it possible to code my app so that, when a user drags and drops one of these UI elements representing a BLOB into the Finder, a new Project document is created and the BLOB is placed inside this newly created package? The BLOBs can't exist outside of a Project document package, so if I want to export a BLOB it needs to be wrapped inside a Project document.The BLOBs aren't of a known standard type such as an image file format or video file format. They are of a custom format that's only meaningful within the context of my app. Does anyone know if this is possible?
5
0
1.2k
Apr ’20
Forum area of legal questions?
Where do we post questions of a legal nature? I know these are more technical forums, but as developer's we can still have quite a lot of questions regarding what is and isn't permissable. My interest stems from a question I have regarding the use of (AppKit's) NSRunningApplication's icon property that returns an image of that third party app's icon. Does this mean we are allowed to display these app icons in our app if you can justify its usage is valid and beneficial to the user of your app?
1
0
661
Apr ’20
AECreateAppleEvent from Swift issues.
I'm tyring to send an AppleEvent using the C API's from Swift. I know I can use the Foundation types, but I want to learn about Swift / C interop at the same time. If someone could help me understand why this AppleEvent isn't sending and I'm getting a -1701 (No AEDesc Found) error, I'd be extremely grateful. The problem is a) I'm new to C interop and b) I don't know which AEDesc the error is actually referring too and c) if I'm using the C API correctly. I'm trying to open TextEdit. let textEditID = "com.apple.TextEdit" let textEditIDC = textEditID.cString(using: .utf8)! let textEditPtr : UnsafeMutablePointer<[CChar]> = UnsafeMutablePointer<[CChar]>.allocate(capacity: textEditIDC.count) textEditPtr.initialize(to: textEditIDC) let ds : AEDataStorage = AEDataStorage(OpaquePointer(textEditPtr)) let address : AEAddressDesc = AEAddressDesc(descriptorType: typeApplicationURL, dataHandle: ds) let addrPtr = UnsafeMutablePointer<AEAddressDesc>.allocate(capacity: 1) addrPtr.initialize(to: address) let eventPtr : UnsafeMutablePointer<AppleEvent>? = UnsafeMutablePointer<AppleEvent>.allocate(capacity: 1) let replyPtr : UnsafeMutablePointer<AppleEvent>? = UnsafeMutablePointer<AppleEvent>.allocate(capacity: 1) var error = AECreateAppleEvent(kCoreEventClass, kAEOpenApplication, addrPtr, Int16(kAutoGenerateReturnID), AETransactionID(kAnyTransactionID), eventPtr) os_log(.debug, log: .default, "AECreateAppleEvent: %d", error) var ae = eventPtr?.pointee let addrDescPtr : UnsafeMutablePointer<AEDesc> = UnsafeMutablePointer<AEDesc>.allocate(capacity: 1) error = AEGetAttributeDesc(eventPtr, keyAddressAttr, typeApplicationBundleID, addrDescPtr) os_log(.debug, log: .default, "AEGetAttributeDesc: %d", error) let status = AESendMessage(eventPtr, replyPtr, Int32(kAEWaitReply), 900) os_log(.debug, log: .default, "send event rc: %d", status)
4
0
1.3k
Apr ’20