Post

Replies

Boosts

Views

Activity

How to get endpoint-security distribution entitlements?
I get message Hello, Your request to use Endpoint Security was approved for Development only. You will need to enable two capabilities for your Bundle ID. Click Identifiers in the sidebar, then select the Mac App ID that you will use for Endpoint Security. Under Capabilities, enable System Extension. Under Additional Capabilities, enable Endpoint Security. Click Save in the top-right of the page, review the alert that appears, and confirm if you accept the changes. Then generate a new Development provisioning profile for your App ID by clicking Profiles in the sidebar and the Add button (+) in the upper-left corner. Once your profile has been created, you'll need to configure your Xcode project for manual code signing. If your Xcode project doesn't already have an entitlements file, create a new property list file and change its extension from .plist to .entitlements. Add the keys and values of the entitlements used in your project to the .entitlements file, then follow the rest of the Xcode manual signing process. For troubleshooting, see Technote 2415 Entitlements Troubleshooting and Debugging Entitlement Issues. If you need additional support, visit the Apple Developer Forums or submit a Technical Support Incident. Best regards, Apple Developer Relations i created a distribution profile,but no endpoint-security entitlement in it. how do i get a distribution profile with endpoint-security entitlement.
6
1
3k
Sep ’22
How to trigger SimpleFirewall.SimpleFirewallExtension.FilterDataProvider.handleNewFlow
i use the: https://developer.apple.com/documentation/networkextension/filtering_network_traffic I want to study networkextension framework.i already installed the SimpleFirewallExtension systemeextension, and i have the entitlements, but i don't know how to trigger the handleNewFlow function. What should I do to trigger this function?
1
0
821
Sep ’22
PacketTunnelProvider DNS analysis
I use PacketTunnelProvider create a client. The DNS service is configured. After the Provider object is started, the DNS traffic is sent to the DNS server through the tun, but no corresponding output is displayed. NSArray<NSString *> *dnsServers = @[@"30.30.30.30",@"8.8.8.8",@"8.8.4.4"];   NEDNSSettings *dnsSettings = [[NEDNSSettings alloc] initWithServers:dnsServers];   dnsSettings.matchDomains = @[@""];   tunnelNetworkSettings.DNSSettings = dnsSettings; wireshark capture the utun7 virtual network adapter
0
0
705
Oct ’22
Block ES_EVENT_TYPE_AUTH_CLONE event response, but NSFileManager copyItemAtPath: can still copy new files
I implemented a method to monitor the testfile copy activity and reject it using ES_EVENT_TYPE_AUTH_CLONE. The copy code used is as follows: NSFileManager *fileManager = [NSFileManager defaultManager]; NSError *error = nil; NSString *sourcePath = self.CopyFilePath.stringValue; NSString *destinationPath = [sourcePath stringByAppendingFormat:@"(Code copy file)"]; BOOL success = [fileManager copyItemAtPath:sourcePath toPath:destinationPath error:&error]; if (success) { NSLog(@"File copy successful"); } else { NSLog(@"File copy failure:%@", error.localizedDescription); } This code fires the ES_EVENT_TYPE_AUTH_CLONE event, and I treat the auth event as ES_AUTH_RESULT_DENY, but still create a new file testfile(Code copy file) How to prevent through code [fileManager copyItemAtPath: sourcePath toPath: destinationPath error: & error]; Implementation of the file copy
7
0
2.3k
May ’23
In macOS 10.15, double-click to start an app. ES_EVENT_TYPE_AUTH_EXEC event location where the app is located.
I encountered such a problem, when I am in macOS 10.15 this part, through monitoring ES_EVENT_TYPE_AUTH_EXEC ESF framework, if I double click on the start/Users/test/Downloads/test. The app, The path of test.app corresponding to message->event.exec.target-> Path. data in the ES_EVENT_TYPE_AUTH_EXEC event is under /private/var/folders. This prevents me from blocking the test.app startup in the /Users/test/Downloads/ directory through string matching.
1
0
840
Jun ’23
The nsxpc interface is not invoked
Hello, I encountered such a problem, the scenario is like this: I have a launchctl startup daemon called xpcserver.app, which uses NSXPC to start an xpc Server. There is a Client program that links to the nsxpc service of this xpcserver.app, and when I establish the connection, I call an interface implemented by xpcserver named setName:(nsstring*)name. I was sure that my xpcserver implemented the corresponding interface, but when the client called the interface to pass the value, it triggered the error "unrecognized selector sent to instance". When I restarted the client, the call to the interface successfully implemented the function. May I ask why? Using the NSXPC started service, hope to solve, thank you
3
0
729
Sep ’23
app crash at com.apple.root.default-qos Dispatch queue
I implemented a multithreaded app, but there was a thread-related crash in the app, I don't understand why this happened, the corresponding stack trace is as follows. Thread 15 Crashed:: Dispatch queue: com.apple.root.default-qos 0 libsystem_kernel.dylib 0x1a849ad98 __pthread_kill + 8 1 libsystem_pthread.dylib 0x1a84cfee0 pthread_kill + 288 2 libsystem_c.dylib 0x1a840a340 abort + 168 3 libc++abi.dylib 0x1a848ab08 abort_message + 132 4 libc++abi.dylib 0x1a847a950 demangling_terminate_handler() + 336 5 libobjc.A.dylib 0x1a8370320 _objc_terminate() + 144 6 libc++abi.dylib 0x1a8489ea4 std::__terminate(void (*)()) + 20 7 libc++abi.dylib 0x1a8489e40 std::terminate() + 64 8 libdispatch.dylib 0x1a830c1c8 _dispatch_client_callout + 40 9 libdispatch.dylib 0x1a831da04 _dispatch_root_queue_drain + 680 10 libdispatch.dylib 0x1a831e104 _dispatch_worker_thread2 + 164 11 libsystem_pthread.dylib 0x1a84cc324 _pthread_wqthread + 228 12 libsystem_pthread.dylib 0x1a84cb080 start_wqthread + 8
3
0
1.3k
Sep ’23
The NSXPC API passed NSDictionary data, and a crash occurred
I implemented an NSXPC for inter-process data transfer, and the data transferred is NSDictionary. However, a crash occurred during transmission. The corresponding crash logs are as follows Thread 16 Crashed:: Dispatch queue: xpc.test.queue 0 libobjc.A.dylib 0x1945a24d0 objc_retain + 16 1 Foundation 0x1956b7764 -[NSDictionary(NSDictionary) encodeWithCoder:] + 604 2 Foundation 0x195686d9c -[NSXPCEncoder _encodeObject:] + 520 3 Foundation 0x19568c154 _NSXPCSerializationAddInvocationWithOnlyObjectArgumentsArray + 120 4 Foundation 0x19568c000 -[NSXPCEncoder _encodeInvocationObjectArgumentsOnly:count:typeString:selector:isReply:into:] + 212 5 Foundation 0x195684f98 -[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:] + 1448 6 Foundation 0x19568d584 -[NSXPCConnection _sendSelector:withProxy:arg1:] + 132 7 Foundation 0x19568d4a8 _NSXPCDistantObjectSimpleMessageSend1 + 68 8 TestDemo 0x1041e9308 0x104184000 + 414472 9 libdispatch.dylib 0x1945565f0 _dispatch_call_block_and_release + 32 10 libdispatch.dylib 0x1945581b4 _dispatch_client_callout + 20 11 libdispatch.dylib 0x19455f8a8 _dispatch_lane_serial_drain + 668 12 libdispatch.dylib 0x194560404 _dispatch_lane_invoke + 392 13 libdispatch.dylib 0x19456ac98 _dispatch_workloop_worker_thread + 648 14 libsystem_pthread.dylib 0x194718360 _pthread_wqthread + 288 15 libsystem_pthread.dylib 0x194717080 start_wqthread + 8 want to know if there is any way to check if NSDictionary data is transferable, NSDictionary data is generated dynamically, and the assignment method used is Info[@ "baseInfo"] = ***. Is this method necessary to determine whether *** is not nil?
1
0
651
Oct ’23
NSXPC
I have another NSXPC problem, and the problem goes like this NSXPC server implements an interface -(void) callbackWithInfo:(NSDictionary*)log reply:(void (^)(bool))action; The NSXPC client implements a method that will call the interface in a loop and perform a timeout operation. If the server returns to the interface and does not call the action after 1s, the client will perform subsequent operations. The callbackWithInfo interface is then called again, and the cycle continues. client code: The general structure is as follows while(true){ dispatch_semaphore_t semaphore = dispatch_semaphore_create(0); dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ [serverProxy callbackWithInfo:InfoDic reply:^(bool action) { if(flag != NO){ flag = action; } }]; dispatch_semaphore_signal(semaphore); }); if(dispatch_semaphore_wait(semaphore, dispatch_time(DISPATCH_TIME_NOW, self.waitTime *NSEC_PER_MSEC)) != 0){ NSLog(@"flag: %d", flag); } sleep(0.1); } If the action callback is not invoked on the server, the number of FDS on the client increases. As a result, the process cannot open the file, or too much program context information is generated. As a result, the NSXPC interface fails to be invoked. Now I can not operate on the server side, how can the client side implement the code to ensure that the action will not be punished, and the fd will not increase.
2
0
689
Oct ’23
Two esf processes conflict
Here's the scenario: I have two processes on my computer, named A and B. Both processes are monitored by the ESF, and both processes monitor the same ESF events, such as ES_EVENT_TYPE_AUTH_EXEC and ES_EVENT_TYPE_AUTH_OPEN. If processes A and B run at the same time, will event conflict occur? In ESF event processing, is there any way to achieve full event listening and keep cpu usage low
1
0
700
Nov ’23
endpoint security app crash
I have implemented an app to monitor computer events according to ESF framework, but a crash will appear, and the crash content is Time Awake Since Boot: 800000 seconds Time Since Wake: 2594 seconds System Integrity Protection: enabled Crashed Thread: 0 Exception Type: EXC_CRASH (SIGKILL) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace ENDPOINTSECURITY, Code 2 I can't find it. Why is this happening. Can you tell me under what circumstances such a crash would occur.
2
0
662
Dec ’23
Memory Overhead Issues with ESF Framework During High Volume of NOTIFY Events
I refer to Google's ESF project code to handle NOTIFY events, but after my notifyQueue is set to QOS_CLASS_BACKGROUND, the process memory gets larger when a lot of events occur. Is there any way to fix this without affecting performance The code is as follows: notifyQueue = dispatch_queue_create("notify",dispatch_queue_attr_make_with_qos_class(DISPATCH_QUEUE_CONCURRENT_WITH_AUTORELEASE_POOL,QOS_CLASS_BACKGROUND, 0)); if (msg->action_type == ES_ACTION_TYPE_NOTIFY) { es_message_t *copied_msg = [self copy_message:msg]; if (!copied_msg) { return; } dispatch_async(self->_notifyQueue, ^{ @autoreleasepool { [self handle:copied_msg]; [self free_message:copied_msg]; } }); }
4
0
871
Dec ’23