I'm working on a web browser App that's distributed via the App Store. This app renders web pages using WKWebView.
Our users are requesting a way for us to allow them to play videos in Picture in Picture. After some investigation, we noticed that in order to allow PiP videos in our browser in the sandboxed environment, we need to add the com.apple.PIPAgent entitlement under the com.apple.security.temporary-exception.mach-lookup.global-name option.
We tried to submit our app with this entitlement, but unfortunately, we were rejected:
Guideline 2.4.50) - Performance
We've determined that one or more temporary entitlement exceptions requested for this app are not appropriate and will not be granted:
com.apple.security.temporary-exception.mach-lookup.global-name
com.apple.P|PAgent
We would like to have access to this entitlement so we can offer PiP to our users.
We already created a radar about this as well: FB13814428
Additionally, we have another radar (FB13557716) regarding allowing the usage of a private flag _allowsPictureInPictureMediaPlayback, which would also be required to enable us to use PiP.
Is there any way in which we can currently enable PiP? Would opening a TSI help here?
Post
Replies
Boosts
Views
Activity
I'm working on a VPN App that uses a NEPacketTunnelProvider system extension.
On my computer, when sending out the first OSSystemExtensionRequest requesting that the extension is installed / activated, a system alert is shown to the user informing them that the extension installation was blocked. This is fine.
Each time the user starts the process again (for whatever reason) we're sending out a new OSSystemExtensionRequest.
And this is where it gets strange:
On my computers (I've tried on my development and personal one) the previous request is immediately cancelled with a OSSystemExtensionErrorRequestSuperseded error and a new alert is shown.
For everyone else trying this out, the previous request is not being cancelled at all and it seems like requests are silently piling up. Newly-sent requests do trigger the delegate's requestNeedsUserApproval(_:). But because they're piling up users are not shown a new system alert, breaking the UX.
I guess I could evaluate if there's an existing request to avoid sending out a new one, but this is only supported in macOS 12+ through (propertiesRequest(forExtensionWithIdentifier:queue:)).
My questions:
Which of the above is the correct behaviour?
Why could it be that only I am seeing a different behaviour?
I'm implementing a VPN using the Network Extension Framework.
I've recently noticed that our VPN was sometimes reporting to be connected, but when I checked my IP address it would be my public one. This was a drastic change of behavior that didn't seem to be associated with any specific change we have done recently.
Originally I was trying to debug this issue in our App, but then I noticed that another VPN I'm using that's directly set up through System Settings in macOS (Ventura 13.5), and that is not running any of our code, is showing the same behavior.
In this case the VPN was set up through System Settings as an IKEv2 VPN, so there's no 3rd party vendor code running - just macOS doing its thing.
Both times I had this issue, the only thing that would fix it was rebooting the computer.
When checking netstat -nr -f inet I noticed that the order of the default routes changed when the issue got resolved:
When the VPN was connected but being ignored, the topmost route was en0, and the second route was ipsec.
When the VPN was connected and working fine, the topmost route was ipsec, and the second route was en0.
The same routing difference was visible for our own VPN network extension.
Any thoughts about how I can debug this further?
Given that this is not affecting only our VPN, but is also affecting an unrelated VPN managed by macOS it feels like it may be a macOS bug, but I'm not sure how to validate for that.
After changing our main method to become async, with a logic that looks like the following:
static func main() async throws {
// A special startup case that does something in the background and kills the app
if someCondition {
try await someAsyncCode()
exit(0)
}
_ = NSApplicationMain(CommandLine.argc, CommandLine.unsafeArgv)
}
we started seeing several crashes that start like this:
... etc
30 AppKit _DPSNextEvent
31 AppKit -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
32 AppKit -[NSApplication run]
33 AppKit NSApplicationMain
34 MyApp (1) suspend resume partial function for static AppMain.main() (<compiler-generated>:0)
35 MyApp
[crash.txt](https://developer.apple.com/forums/content/attachment/33f37f09-32be-465b-a2e2-7312fab10597)
(1) await resume partial function for specialized thunk for @escaping @convention(thin) @async () -> () (<compiler-generated>:0)
36 libswift_Concurrency.dylib completeTaskAndRelease(swift::AsyncContext*, swift::SwiftError*)
I realize there's not a lot of detail and I'm willing to expand on the code and the errors if needed, but I'm wondering if anyone has seen this type of issue after making their main method async.
I'm having some trouble getting a Login Item to launch at all.
Both the main App and the Login Item are Sandboxed. I'm launching the Login Item with the following call:
try SMAppService.loginItem(identifier: agentBundleID).register()
The call does not fail in any way, and the subsequent status of the login item is "registered", but the login item does not launch.
Then I do:
-> launchctl list | grep myapp
- 78 teamid.com.myorg.myapp.agent.debug
and
-> launchctl error 78
78: Function not implemented
and
-> launchctl list teamid.com.myorg.myapp.agent.debug
{
"EnableTransactions" = true;
"LimitLoadToSessionType" = "Aqua";
"MachServices" = {
"teamid.com.myorg.myapp.agent.debug" = mach-port-object;
};
"Label" = "teamid.com.myorg.myapp.agent.debug";
"OnDemand" = true;
"LastExitStatus" = 19968;
"Program" = "teamid.com.myorg.myapp.agent.debug";
};
The LastExitStatus 19968 doesn't tell me a lot. Just that launch services probably is not being able to find my login item for some reason.
Is there anything I can do to try and narrow this down to something I can fix?
I have a different target for our DeveloperID App and Agent (same code different targets), and that combination works just fine. The plist produced is very similar.
Background
I'm working on an App that can manage its own VPN tunnel. The app uses a sysex Network Extension for Developer ID builds and an apex for App Store builds.
I'm observing the VPN's status through NEVPNStatusDidChangeNotification notifications, and starting and stopping it directly from the main App through a NETunnelProviderManager.
The next step is to create a status bar menu within a Login Item / Agent app, so that we have a VPN menu that stays visible even if our main app is closed.
The documentation I'm reading seems to point to the fact that I can only observe NEVPNStatusDidChangeNotification notifications and start / stop the VPN from the main App.
My not-so-ideal solution
For observing VPN status changes I'm considering posting distributed notifications from my NEPacketTunnelProvider.
For controlling the VPN I'm considering launching a hidden copy of my main app using NSWorkspace.shared.open.
Question
Neither of these look like clean approaches to me, so I'm wondering if there's a recommended approach for what I'm trying to do.
Additional notes
I considered having the Login Item own the VPN and using XPC to let the main app access it, but if the user decides to turn off my login item, the main app would be unable to interact with the VPN.
I considered doing it the other way around, but my login item can't rely on the main app being open at all times.
I'm trying to implement a multi column layout for a hex editor using TextKit2. I'm using the sample App named "LayoutTextWithTextKit2" as my starting point, but I'm struggling to understand what the best approach could be to implement it.
My doubts are:
Is it a good idea to use a text element for a single line in a single column? I'm basing my text element on NSTextParagraph.
Following my previous question, is there any way to layout these text elements horizontally in a single line, instead of having the layout engine automatically lay them out in a vertical stack?
Where is the correct location where I can override the positioning for each text element manually if I wanted to not base my elements in NSTextParagraph? Would this be a good idea?
I apologize for the many questions, but my basic problem is that it's not clear to me if I'm missing something that's obvious, and there's a simple way to address my troubles. Any guidance towards that goal, even beyond my questions above, will be appreciated.
I'm attaching an image showing two fragments that I'd like to be laid out horizontally in the same line, for reference.