Hello!Hello could anybody tell me plase, what the `destinationOptions:` and `sourceOptions:` in `-[NSPersistentStoreCoordiantor replacePersistentStoreAtURL:destinationOptions:withPersistentStoreFromURL:sourceOptions:storeType:error:]` for?Does they matter at all in the case the destination store doesn't exist?Thanks in advance,Aleksandr Skobelev

Hi! I'm trying to run SampleEndpointApp (https://developer.apple.com/documentation/endpointsecurity/monitoring_system_events_with_endpoint_security) on my machine with SIP disabled, but have no success in that. In system logs I can see the following messages: ... taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] com.example.apple-samplecode.SampleEndpointApp.Extension: Unsatisfied entitlements: com.apple.developer.endpoint-security.client ... taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] Disallowing: com.example.apple-samplecode.SampleEndpointApp.Extension ... amfid: /Library/SystemExtensions/B0C9A0DC-E8C6-46B9-804D-BEA0A1E5B362/com.example.apple-samplecode.SampleEndpointApp.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointApp.Extension signature not valid: -67671 ... kernel: mac_vnode_check_signature: /Library/SystemExtensions/B0C9A0DC-E8C6-46B9-804D-BEA0A1E5B362/com.example.apple-samplecode.SampleEndpointApp.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointApp.Extension: code signature validation failed fatally: When validating /Library/SystemExtensions/B0C9A0DC-E8C6-46B9-804D-BEA0A1E5B362/com.example.apple-samplecode.SampleEndpointApp.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointApp.Extension ...kernel: proc 5040: load code signature error 4 for file "com.example.apple-samplecode.SampleEndpointApp.Extension" As far as I understand it wants that my signature I used to sign the app and extension doesn't have proper entitlement? But https://developer.apple.com/system-extensions/ says: "…you can test system extensions on your Mac by temporarily turning off System Integrity Protection." So in theory I should be able to run ES extension on my machine. I'm on BigSur 11.3 if that matters. Could you please help me to understand what I could do improperly and how to fix that? Thanks in advance, Aleksandr

Hi all! I'm writing an enpoint security daemon, which is packed in an application bundle with embedded.provisionfile in its Contents folder. This daemon can be successfully loaded and started with launchctl on Big Sur with SIP disabled, but fails to run when SIP is enabled. The os log from kernel contains the following messages: (Sandbox) sandboxd rejected approval request from esservice for kTCCServiceSystemPolicyAllFiles(null): denied (EndpointSecurity) Task has not been granted user permission to connect Could anybody please explain me what could be the reason for this kind of messages? Is it a sign that something wrong with my provision profile file or something else? Thanks in advance, Aleksandr

Hello everybody! I'm working on EndpointSequirity client and noticed that when I copy a file to an external flash card with FAT16 or exFAT file systems the ES_EVENT_TYPE_NOTIFY_CREATE event and the very first ES_EVENT_TYPE_NOTIFY_WRITE one have some fake value for st_ino field in their stat structures. For FAT it is 999999999, and for exFAT it is 1. Starting from the second write notification the stat structure gets a real inode number. It does not happen for APFS file system. Could someone please tell me this known behavior, and point me to a place where it is documented? For which other file systems can this also happen? Thanks in advance, Aleksandr Skobelev

The ES_EVENT_TYPE_AUTH_CREATE event can be fired either for a regular file or for a directory. Currently there is no such kind of information in the event structure. Is there any way to find out what exactly the kind of the object is being created right in the ES_EVENT_TYPE_AUTH_CREATE handler? Thanks in advance, Aleksandr Skobelev

HI! I've compiled a command line utility written in plain C on macOS Monterey on macBook m1 pro. The compilation command is just following: clang -std=gnu11 -Wall -o my_run_ht run_ht.c ht.c It compiles fine but when I try running it, it is aborted with the following message: dyld[8385]: dyld cache '/System/Library/dyld/dyld_shared_cache_arm64e' not loaded: syscall to map cache into shared region failed dyld[8385]: Library not loaded: /usr/lib/libSystem.B.dylib Referenced from: /Users/sasha/Src/my/ht/run_ht Reason: tried: '/usr/lib/libSystem.B.dylib' (no such file), '/usr/local/lib/libSystem.B.dylib' (no such file) What is more strange that I can compile and run other command line utilities. So I'm quite puzzled and have no idea what is the reason for that and how to fix it. Could anybody please help me with this? Thanks in advance.

SMAppService.statusForLegacyPlist() stops working in macOS Sonoma 14.5 beta. It always returns .notFound even if the service is installed, runs and the main app is able to connect it through XPC. It used to work fine before. The service LaunchDaemons plist contains the following keys: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AssociatedBundleIdentifiers</key> <string>xxxx</string> <key>KeepAlive</key> <true/> <key>Label</key> <string>xxxx.helper</string> <key>MachServices</key> <dict> <key>xxxx.helper.xpc</key> <true/> <key>xxxx.helper.xpcgate</key> <true/> </dict> <key>ProgramArguments</key> <array> <string>/Library/Application Support/yyyy/xxxx/zzzz/xxxx.helper</string> </array> </dict> </plist> Is this a bug in the beta version of Mac OS or a deliberate change that requires some kind of response from our side? Thanks in advance, Aleksandr Skobelev

Hello! I'm trying to generate a protocol dependent for another one using Swift macros. The implementation looks like the following: @attached (peer, names: suffixed (Dependent),prefixed (svc)) public macro dependableService() = #externalMacro (module: "Macros", type: "DependableServiceMacro") public struct DependableServiceMacro: PeerMacro { public static func expansion (of node: AttributeSyntax, providingPeersOf declaration: some DeclSyntaxProtocol, in context: some MacroExpansionContext) throws -> [DeclSyntax] { guard let baseProto = declaration.as (ExtensionDeclSyntax.self) else { return [] } let nm = baseProto.extendedType.trimmedDescription let protoNm = nm + "Dependent" let varNm = "svc" + nm let protoDecl: DeclSyntax = """ protocol \(raw: protoNm) : ServiceDependent { var \(raw: varNm) : \(raw: nm) { get set } } """ return [protoDecl] } } When I try using it in my code like this @dependableService extension MyService {} the macro correctly expands to the following text: protocol MyServiceDependent : ServiceDependent { var svcMyService : MyService { get set } } However, the compiler gives me the error: error: declaration name 'MyServiceDependent' is not covered by macro 'dependableService' protocol MyServiceDependent : ServiceDependent { ^ Do I understand correctly, that for some reason the compiler cannot deduce the name of the generated protocol based on the name of the extensible protocol, despite the presence of the names: suffixed(Dependent) attribute in the macro declaration? Could anybody please tell me what I'm doing wrong here? Thanks in advance