I have a need to do a coverage test for the networkextension function code implemented by the system extension, but I don't know how to implement this method.
For example, how do you use gtest or how do you use xctest to achieve these capabilities?
If you know, please let me know. Thanks
Post
Replies
Boosts
Views
Activity
I tried to use XCTest to test my own project that uses EndpointSecurity, but when I created the esClient I got an error:ES_NEW_CLIENT_RESULT_ERR_NOT_PRIVILEGED, indicating that it was not root.
This makes it impossible for me to do coverage tests for the ESClient application. Is there any way I can implement this ESClient test? If so, how should I use it? The project is a macOS program, if I use gcov, but I find I can't get coverage. Using __gcov_flush will indicate that there is no symbol
#if !TARGET_IPHONE_SIMULATOR
NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
NSString *documentsDirectory = [paths objectAtIndex:0];
setenv("GCOV_PREFIX", [documentsDirectory cStringUsingEncoding:NSUTF8StringEncoding], 1);
setenv("GCOV_PREFIX_STRIP", "13", 1);
#endif
extern void __gcov_flush(void);
__gcov_flush();
#endif
I have an ESF Client process, and this process handles AUTH event in one multi-thread, at this time, if the Client process exits abnormally, will the AUTH event not be handled, thus causing the system to freeze
I refer to Google's ESF project code to handle NOTIFY events, but after my notifyQueue is set to QOS_CLASS_BACKGROUND, the process memory gets larger when a lot of events occur. Is there any way to fix this without affecting performance
The code is as follows:
notifyQueue = dispatch_queue_create("notify",dispatch_queue_attr_make_with_qos_class(DISPATCH_QUEUE_CONCURRENT_WITH_AUTORELEASE_POOL,QOS_CLASS_BACKGROUND, 0));
if (msg->action_type == ES_ACTION_TYPE_NOTIFY) {
es_message_t *copied_msg = [self copy_message:msg];
if (!copied_msg) {
return;
}
dispatch_async(self->_notifyQueue, ^{
@autoreleasepool {
[self handle:copied_msg];
[self free_message:copied_msg];
}
});
}
In the ESF framework, if I set up a process through audit token mute. Will the creation and corresponding child processes of this process also be mute mute.
mute process A.
process A creates a child process B.
Whether the child process B is mute?
I have implemented an app to monitor computer events according to ESF framework, but a crash will appear, and the crash content is
Time Awake Since Boot: 800000 seconds
Time Since Wake: 2594 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace ENDPOINTSECURITY, Code 2
I can't find it. Why is this happening.
Can you tell me under what circumstances such a crash would occur.
Here's the scenario:
I have two processes on my computer, named A and B.
Both processes are monitored by the ESF, and both processes monitor the same ESF events, such as ES_EVENT_TYPE_AUTH_EXEC and ES_EVENT_TYPE_AUTH_OPEN.
If processes A and B run at the same time, will event conflict occur?
In ESF event processing, is there any way to achieve full event listening and keep cpu usage low
I have another NSXPC problem, and the problem goes like this
NSXPC server implements an interface -(void) callbackWithInfo:(NSDictionary*)log reply:(void (^)(bool))action;
The NSXPC client implements a method that will call the interface in a loop and perform a timeout operation. If the server returns to the interface and does not call the action after 1s, the client will perform subsequent operations. The callbackWithInfo interface is then called again, and the cycle continues.
client code:
The general structure is as follows
while(true){
dispatch_semaphore_t semaphore = dispatch_semaphore_create(0);
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
[serverProxy callbackWithInfo:InfoDic reply:^(bool action) {
if(flag != NO){
flag = action;
}
}];
dispatch_semaphore_signal(semaphore);
});
if(dispatch_semaphore_wait(semaphore, dispatch_time(DISPATCH_TIME_NOW, self.waitTime *NSEC_PER_MSEC)) != 0){
NSLog(@"flag: %d", flag);
}
sleep(0.1);
}
If the action callback is not invoked on the server, the number of FDS on the client increases. As a result, the process cannot open the file, or too much program context information is generated. As a result, the NSXPC interface fails to be invoked.
Now I can not operate on the server side, how can the client side implement the code to ensure that the action will not be punished, and the fd will not increase.
I implemented an NSXPC for inter-process data transfer, and the data transferred is NSDictionary.
However, a crash occurred during transmission.
The corresponding crash logs are as follows
Thread 16 Crashed:: Dispatch queue: xpc.test.queue
0 libobjc.A.dylib 0x1945a24d0 objc_retain + 16
1 Foundation 0x1956b7764 -[NSDictionary(NSDictionary) encodeWithCoder:] + 604
2 Foundation 0x195686d9c -[NSXPCEncoder _encodeObject:] + 520
3 Foundation 0x19568c154 _NSXPCSerializationAddInvocationWithOnlyObjectArgumentsArray + 120
4 Foundation 0x19568c000 -[NSXPCEncoder _encodeInvocationObjectArgumentsOnly:count:typeString:selector:isReply:into:] + 212
5 Foundation 0x195684f98 -[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:] + 1448
6 Foundation 0x19568d584 -[NSXPCConnection _sendSelector:withProxy:arg1:] + 132
7 Foundation 0x19568d4a8 _NSXPCDistantObjectSimpleMessageSend1 + 68
8 TestDemo 0x1041e9308 0x104184000 + 414472
9 libdispatch.dylib 0x1945565f0 _dispatch_call_block_and_release + 32
10 libdispatch.dylib 0x1945581b4 _dispatch_client_callout + 20
11 libdispatch.dylib 0x19455f8a8 _dispatch_lane_serial_drain + 668
12 libdispatch.dylib 0x194560404 _dispatch_lane_invoke + 392
13 libdispatch.dylib 0x19456ac98 _dispatch_workloop_worker_thread + 648
14 libsystem_pthread.dylib 0x194718360 _pthread_wqthread + 288
15 libsystem_pthread.dylib 0x194717080 start_wqthread + 8
want to know if there is any way to check if NSDictionary data is transferable, NSDictionary data is generated dynamically, and the assignment method used is Info[@ "baseInfo"] = ***. Is this method necessary to determine whether *** is not nil?
I implemented a multithreaded app, but there was a thread-related crash in the app, I don't understand why this happened, the corresponding stack trace is as follows.
Thread 15 Crashed:: Dispatch queue: com.apple.root.default-qos
0 libsystem_kernel.dylib 0x1a849ad98 __pthread_kill + 8
1 libsystem_pthread.dylib 0x1a84cfee0 pthread_kill + 288
2 libsystem_c.dylib 0x1a840a340 abort + 168
3 libc++abi.dylib 0x1a848ab08 abort_message + 132
4 libc++abi.dylib 0x1a847a950 demangling_terminate_handler() + 336
5 libobjc.A.dylib 0x1a8370320 _objc_terminate() + 144
6 libc++abi.dylib 0x1a8489ea4 std::__terminate(void (*)()) + 20
7 libc++abi.dylib 0x1a8489e40 std::terminate() + 64
8 libdispatch.dylib 0x1a830c1c8 _dispatch_client_callout + 40
9 libdispatch.dylib 0x1a831da04 _dispatch_root_queue_drain + 680
10 libdispatch.dylib 0x1a831e104 _dispatch_worker_thread2 + 164
11 libsystem_pthread.dylib 0x1a84cc324 _pthread_wqthread + 228
12 libsystem_pthread.dylib 0x1a84cb080 start_wqthread + 8
I started a daemon app with esf function through launchctl. I wanted to get the sample information of the daemon app through sample, but the program would restart, which was not a crash.
// shell command
sample pid -file ~/Downloads/test.txt
Hello, I encountered such a problem, the scenario is like this:
I have a launchctl startup daemon called xpcserver.app, which uses NSXPC to start an xpc Server. There is a Client program that links to the nsxpc service of this xpcserver.app, and when I establish the connection, I call an interface implemented by xpcserver named setName:(nsstring*)name. I was sure that my xpcserver implemented the corresponding interface, but when the client called the interface to pass the value, it triggered the error "unrecognized selector sent to instance". When I restarted the client, the call to the interface successfully implemented the function.
May I ask why? Using the NSXPC started service, hope to solve, thank you
I encountered such a problem, when I am in macOS 10.15 this part, through monitoring ES_EVENT_TYPE_AUTH_EXEC ESF framework, if I double click on the start/Users/test/Downloads/test. The app, The path of test.app corresponding to message->event.exec.target-> Path. data in the ES_EVENT_TYPE_AUTH_EXEC event is under /private/var/folders. This prevents me from blocking the test.app startup in the /Users/test/Downloads/ directory through string matching.
I want to create a feature that monitors which USB devices my computer is using and lets me know what they are. If the USB storage device is connected to my MacOS device, I want to prevent it from being used.
Is it possible to implement such a method using ESF framework? Or is there another way to do this?
I implemented a method to monitor the testfile copy activity and reject it using ES_EVENT_TYPE_AUTH_CLONE.
The copy code used is as follows:
NSFileManager *fileManager = [NSFileManager defaultManager];
NSError *error = nil;
NSString *sourcePath = self.CopyFilePath.stringValue;
NSString *destinationPath = [sourcePath stringByAppendingFormat:@"(Code copy file)"];
BOOL success = [fileManager copyItemAtPath:sourcePath toPath:destinationPath error:&error];
if (success) {
NSLog(@"File copy successful");
} else {
NSLog(@"File copy failure:%@", error.localizedDescription);
}
This code fires the ES_EVENT_TYPE_AUTH_CLONE event, and I treat the auth event as ES_AUTH_RESULT_DENY, but still create a new file testfile(Code copy file)
How to prevent through code
[fileManager copyItemAtPath: sourcePath toPath: destinationPath error: & error];
Implementation of the file copy