Post not yet marked as solved
I refer to Google's ESF project code to handle NOTIFY events, but after my notifyQueue is set to QOS_CLASS_BACKGROUND, the process memory gets larger when a lot of events occur. Is there any way to fix this without affecting performance
The code is as follows:
notifyQueue = dispatch_queue_create("notify",dispatch_queue_attr_make_with_qos_class(DISPATCH_QUEUE_CONCURRENT_WITH_AUTORELEASE_POOL,QOS_CLASS_BACKGROUND, 0));
if (msg->action_type == ES_ACTION_TYPE_NOTIFY) {
es_message_t *copied_msg = [self copy_message:msg];
if (!copied_msg) {
return;
}
dispatch_async(self->_notifyQueue, ^{
@autoreleasepool {
[self handle:copied_msg];
[self free_message:copied_msg];
}
});
}
Post not yet marked as solved
In the ESF framework, if I set up a process through audit token mute. Will the creation and corresponding child processes of this process also be mute mute.
mute process A.
process A creates a child process B.
Whether the child process B is mute?
Post not yet marked as solved
I have implemented an app to monitor computer events according to ESF framework, but a crash will appear, and the crash content is
Time Awake Since Boot: 800000 seconds
Time Since Wake: 2594 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace ENDPOINTSECURITY, Code 2
I can't find it. Why is this happening.
Can you tell me under what circumstances such a crash would occur.
Post not yet marked as solved
Here's the scenario:
I have two processes on my computer, named A and B.
Both processes are monitored by the ESF, and both processes monitor the same ESF events, such as ES_EVENT_TYPE_AUTH_EXEC and ES_EVENT_TYPE_AUTH_OPEN.
If processes A and B run at the same time, will event conflict occur?
In ESF event processing, is there any way to achieve full event listening and keep cpu usage low
Post not yet marked as solved
I have another NSXPC problem, and the problem goes like this
NSXPC server implements an interface -(void) callbackWithInfo:(NSDictionary*)log reply:(void (^)(bool))action;
The NSXPC client implements a method that will call the interface in a loop and perform a timeout operation. If the server returns to the interface and does not call the action after 1s, the client will perform subsequent operations. The callbackWithInfo interface is then called again, and the cycle continues.
client code:
The general structure is as follows
while(true){
dispatch_semaphore_t semaphore = dispatch_semaphore_create(0);
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
[serverProxy callbackWithInfo:InfoDic reply:^(bool action) {
if(flag != NO){
flag = action;
}
}];
dispatch_semaphore_signal(semaphore);
});
if(dispatch_semaphore_wait(semaphore, dispatch_time(DISPATCH_TIME_NOW, self.waitTime *NSEC_PER_MSEC)) != 0){
NSLog(@"flag: %d", flag);
}
sleep(0.1);
}
If the action callback is not invoked on the server, the number of FDS on the client increases. As a result, the process cannot open the file, or too much program context information is generated. As a result, the NSXPC interface fails to be invoked.
Now I can not operate on the server side, how can the client side implement the code to ensure that the action will not be punished, and the fd will not increase.
Post not yet marked as solved
I implemented an NSXPC for inter-process data transfer, and the data transferred is NSDictionary.
However, a crash occurred during transmission.
The corresponding crash logs are as follows
Thread 16 Crashed:: Dispatch queue: xpc.test.queue
0 libobjc.A.dylib 0x1945a24d0 objc_retain + 16
1 Foundation 0x1956b7764 -[NSDictionary(NSDictionary) encodeWithCoder:] + 604
2 Foundation 0x195686d9c -[NSXPCEncoder _encodeObject:] + 520
3 Foundation 0x19568c154 _NSXPCSerializationAddInvocationWithOnlyObjectArgumentsArray + 120
4 Foundation 0x19568c000 -[NSXPCEncoder _encodeInvocationObjectArgumentsOnly:count:typeString:selector:isReply:into:] + 212
5 Foundation 0x195684f98 -[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:] + 1448
6 Foundation 0x19568d584 -[NSXPCConnection _sendSelector:withProxy:arg1:] + 132
7 Foundation 0x19568d4a8 _NSXPCDistantObjectSimpleMessageSend1 + 68
8 TestDemo 0x1041e9308 0x104184000 + 414472
9 libdispatch.dylib 0x1945565f0 _dispatch_call_block_and_release + 32
10 libdispatch.dylib 0x1945581b4 _dispatch_client_callout + 20
11 libdispatch.dylib 0x19455f8a8 _dispatch_lane_serial_drain + 668
12 libdispatch.dylib 0x194560404 _dispatch_lane_invoke + 392
13 libdispatch.dylib 0x19456ac98 _dispatch_workloop_worker_thread + 648
14 libsystem_pthread.dylib 0x194718360 _pthread_wqthread + 288
15 libsystem_pthread.dylib 0x194717080 start_wqthread + 8
want to know if there is any way to check if NSDictionary data is transferable, NSDictionary data is generated dynamically, and the assignment method used is Info[@ "baseInfo"] = ***. Is this method necessary to determine whether *** is not nil?
Post not yet marked as solved
I implemented a multithreaded app, but there was a thread-related crash in the app, I don't understand why this happened, the corresponding stack trace is as follows.
Thread 15 Crashed:: Dispatch queue: com.apple.root.default-qos
0 libsystem_kernel.dylib 0x1a849ad98 __pthread_kill + 8
1 libsystem_pthread.dylib 0x1a84cfee0 pthread_kill + 288
2 libsystem_c.dylib 0x1a840a340 abort + 168
3 libc++abi.dylib 0x1a848ab08 abort_message + 132
4 libc++abi.dylib 0x1a847a950 demangling_terminate_handler() + 336
5 libobjc.A.dylib 0x1a8370320 _objc_terminate() + 144
6 libc++abi.dylib 0x1a8489ea4 std::__terminate(void (*)()) + 20
7 libc++abi.dylib 0x1a8489e40 std::terminate() + 64
8 libdispatch.dylib 0x1a830c1c8 _dispatch_client_callout + 40
9 libdispatch.dylib 0x1a831da04 _dispatch_root_queue_drain + 680
10 libdispatch.dylib 0x1a831e104 _dispatch_worker_thread2 + 164
11 libsystem_pthread.dylib 0x1a84cc324 _pthread_wqthread + 228
12 libsystem_pthread.dylib 0x1a84cb080 start_wqthread + 8
Post not yet marked as solved
I started a daemon app with esf function through launchctl. I wanted to get the sample information of the daemon app through sample, but the program would restart, which was not a crash.
// shell command
sample pid -file ~/Downloads/test.txt
Post not yet marked as solved
Hello, I encountered such a problem, the scenario is like this:
I have a launchctl startup daemon called xpcserver.app, which uses NSXPC to start an xpc Server. There is a Client program that links to the nsxpc service of this xpcserver.app, and when I establish the connection, I call an interface implemented by xpcserver named setName:(nsstring*)name. I was sure that my xpcserver implemented the corresponding interface, but when the client called the interface to pass the value, it triggered the error "unrecognized selector sent to instance". When I restarted the client, the call to the interface successfully implemented the function.
May I ask why? Using the NSXPC started service, hope to solve, thank you
Post not yet marked as solved
I encountered such a problem, when I am in macOS 10.15 this part, through monitoring ES_EVENT_TYPE_AUTH_EXEC ESF framework, if I double click on the start/Users/test/Downloads/test. The app, The path of test.app corresponding to message->event.exec.target-> Path. data in the ES_EVENT_TYPE_AUTH_EXEC event is under /private/var/folders. This prevents me from blocking the test.app startup in the /Users/test/Downloads/ directory through string matching.
Post not yet marked as solved
I want to create a feature that monitors which USB devices my computer is using and lets me know what they are. If the USB storage device is connected to my MacOS device, I want to prevent it from being used.
Is it possible to implement such a method using ESF framework? Or is there another way to do this?
Post not yet marked as solved
I implemented a method to monitor the testfile copy activity and reject it using ES_EVENT_TYPE_AUTH_CLONE.
The copy code used is as follows:
NSFileManager *fileManager = [NSFileManager defaultManager];
NSError *error = nil;
NSString *sourcePath = self.CopyFilePath.stringValue;
NSString *destinationPath = [sourcePath stringByAppendingFormat:@"(Code copy file)"];
BOOL success = [fileManager copyItemAtPath:sourcePath toPath:destinationPath error:&error];
if (success) {
NSLog(@"File copy successful");
} else {
NSLog(@"File copy failure:%@", error.localizedDescription);
}
This code fires the ES_EVENT_TYPE_AUTH_CLONE event, and I treat the auth event as ES_AUTH_RESULT_DENY, but still create a new file testfile(Code copy file)
How to prevent through code
[fileManager copyItemAtPath: sourcePath toPath: destinationPath error: & error];
Implementation of the file copy
I get message
Hello,
Your request to use Endpoint Security was approved for Development only.
You will need to enable two capabilities for your Bundle ID. Click Identifiers in the sidebar, then select the Mac App ID that you will use for Endpoint Security. Under Capabilities, enable System Extension. Under Additional Capabilities, enable Endpoint Security. Click Save in the top-right of the page, review the alert that appears, and confirm if you accept the changes. Then generate a new Development provisioning profile for your App ID by clicking Profiles in the sidebar and the Add button (+) in the upper-left corner.
Once your profile has been created, you'll need to configure your Xcode project for manual code signing. If your Xcode project doesn't already have an entitlements file, create a new property list file and change its extension from .plist to .entitlements. Add the keys and values of the entitlements used in your project to the .entitlements file, then follow the rest of the Xcode manual signing process.
For troubleshooting, see Technote 2415 Entitlements Troubleshooting and Debugging Entitlement Issues. If you need additional support, visit the Apple Developer Forums or submit a Technical Support Incident.
Best regards,
Apple Developer Relations
i created a distribution profile,but no endpoint-security entitlement in it.
how do i get a distribution profile with endpoint-security entitlement.
Post not yet marked as solved
I use PacketTunnelProvider create a client. The DNS service is configured. After the Provider object is started, the DNS traffic is sent to the DNS server through the tun, but no corresponding output is displayed.
NSArray<NSString *> *dnsServers = @[@"30.30.30.30",@"8.8.8.8",@"8.8.4.4"];
NEDNSSettings *dnsSettings = [[NEDNSSettings alloc] initWithServers:dnsServers];
dnsSettings.matchDomains = @[@""];
tunnelNetworkSettings.DNSSettings = dnsSettings;
wireshark capture the utun7 virtual network adapter
Post not yet marked as solved
i use the: https://developer.apple.com/documentation/networkextension/filtering_network_traffic
I want to study networkextension framework.i already installed the SimpleFirewallExtension systemeextension, and i have the entitlements, but i don't know how to trigger the handleNewFlow function.
What should I do to trigger this function?
c4m3l.