We build system extension with ES framework. And register AUTH_OPEN,AUTH_CREATE and other event types. After test, it can get file system events successfully. For example, we use system extension to monitor the Finder process, it will show us all the file operations we did by Finder App.
But for the DesktopServicesHelper process, the ES seems can not get all file events which DesktopServiceHelper actually did: We paste 10 files to a directory, the ES can monitor 2 files AUTH_CREATE in the new folders, it lost 8 file events.
Our Test Log:
默认 17:27:35.294079+0800 DesktopServicesHelper Read options: 1 -- URL: private -- purposeID: com.apple.desktopservices.copyengine -- claimID: 0709A049-AFEF-4618-8A61-3417F686ACDA
默认 17:27:35.298715+0800 DesktopServicesHelper Claim 0709A049-AFEF-4618-8A61-3417F686ACDA granted in client
默认 17:27:35.298743+0800 DesktopServicesHelper Claim 0709A049-AFEF-4618-8A61-3417F686ACDA invoked in client
默认 17:27:35.311764+0800 DesktopServicesHelper Read options: 1 -- URL: private -- purposeID: com.apple.desktopservices.copyengine -- claimID: 952CC31D-A23F-4C4D-8005-FD4245B29CFB
默认 17:27:35.318353+0800 DesktopServicesHelper Claim 952CC31D-A23F-4C4D-8005-FD4245B29CFB granted in client
默认 17:27:35.318423+0800 DesktopServicesHelper Claim 952CC31D-A23F-4C4D-8005-FD4245B29CFB invoked in client
默认 17:27:35.624607+0800 DesktopServicesHelper Read options: 1 -- URL: private -- purposeID: com.apple.desktopservices.copyengine -- claimID: A6AA8D96-2697-4D74-BD9C-3A0A1B0BC7FA
默认 17:27:35.625058+0800 DesktopServicesHelper Received claim A6AA8D96-2697-4D74-BD9C-3A0A1B0BC7FA
默认 17:27:35.625154+0800 DesktopServicesHelper Claim A6AA8D96-2697-4D74-BD9C-3A0A1B0BC7FA granted in server
默认 17:27:35.625638+0800 DesktopServicesHelper Claim A6AA8D96-2697-4D74-BD9C-3A0A1B0BC7FA invoked in client
默认 17:27:35.625833+0800 DesktopServicesHelper Claim A6AA8D96-2697-4D74-BD9C-3A0A1B0BC7FA was revoked
默认 17:27:35.626065+0800 DesktopServicesHelper Read options: 1 -- URL: private -- purposeID: com.apple.desktopservices.copyengine -- claimID: 5BD5A74D-35C2-4C02-A9A4-6ACE5780AFE1
默认 17:27:35.626308+0800 DesktopServicesHelper Received claim 5BD5A74D-35C2-4C02-A9A4-6ACE5780AFE1
默认 17:27:35.626526+0800 DesktopServicesHelper Claim 5BD5A74D-35C2-4C02-A9A4-6ACE5780AFE1 granted in server
默认 17:27:35.626739+0800 DesktopServicesHelper Claim 5BD5A74D-35C2-4C02-A9A4-6ACE5780AFE1 invoked in client
默认 17:27:35.626794+0800 DesktopServicesHelper Claim 5BD5A74D-35C2-4C02-A9A4-6ACE5780AFE1 was revoked
默认 17:27:35.627051+0800 DesktopServicesHelper Read options: 1 -- URL: private -- purposeID: com.apple.desktopservices.copyengine -- claimID: 5B93CA4D-3A8A-4A35-A322-9E83E861F4EE
默认 17:27:35.627577+0800 DesktopServicesHelper Received claim 5B93CA4D-3A8A-4A35-A322-9E83E861F4EE
默认 17:27:35.627657+0800 DesktopServicesHelper Claim 5B93CA4D-3A8A-4A35-A322-9E83E861F4EE granted in server
默认 17:27:35.627806+0800 DesktopServicesHelper Claim 5B93CA4D-3A8A-4A35-A322-9E83E861F4EE invoked in client
默认 17:27:35.627952+0800 DesktopServicesHelper Claim 5B93CA4D-3A8A-4A35-A322-9E83E861F4EE was revoked
默认 17:27:35.628140+0800 DesktopServicesHelper Read options: 1 -- URL: private -- purposeID: com.apple.desktopservices.copyengine -- claimID: F62C2FCE-F3F3-4C5B-8D2C-61B07E5C3300
默认 17:27:35.628437+0800 DesktopServicesHelper Received claim F62C2FCE-F3F3-4C5B-8D2C-61B07E5C3300
默认 17:27:35.628555+0800 DesktopServicesHelper Claim F62C2FCE-F3F3-4C5B-8D2C-61B07E5C3300 granted in server
默认 17:27:35.629003+0800 DesktopServicesHelper Claim F62C2FCE-F3F3-4C5B-8D2C-61B07E5C3300 invoked in client
默认 17:27:35.629106+0800 DesktopServicesHelper Claim F62C2FCE-F3F3-4C5B-8D2C-61B07E5C3300 was revoked
默认 17:27:35.630939+0800 DesktopServicesHelper Read options: 1 -- URL: private -- purposeID: com.apple.desktopservices.copyengine -- claimID: 62238E4D-9120-4846-834A-7EFA5C6E67D3
默认 17:27:35.631118+0800 DesktopServicesHelper Received claim 62238E4D-9120-4846-834A-7EFA5C6E67D3
默认 17:27:35.631212+0800 DesktopServicesHelper Claim 62238E4D-9120-4846-834A-7EFA5C6E67D3 granted in server
默认 17:27:35.631412+0800 DesktopServicesHelper Claim 62238E4D-9120-4846-834A-7EFA5C6E67D3 invoked in client
默认 17:27:35.631483+0800 DesktopServicesHelper Claim 62238E4D-9120-4846-834A-7EFA5C6E67D3 was revoked
默认 17:27:35.639940+0800 com.sangfor.dev.SfService.Extension [com.sangfor.dev.SfService.Extension] [D] [JUST FOR 2020] [-[MessageCommonHandler handleEvent:]] file: /Users/jiangsen/Desktop/test/20202020/destination/vmware_desktop 17.26.54/caches by process name: DesktopServicesHelper, process path: /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Resources/DesktopServicesHelper, Event is 44, pid is 64552, started pid is 0
默认 17:27:35.640408+0800 com.sangfor.dev.SfService.Extension [com.sangfor.dev.SfService.Extension] [D] [JUST FOR 2020] [-[MessageCommonHandler handleEvent:]] file: /Users/jiangsen/Desktop/test/20202020/destination/vmware_desktop 17.26.54/caches/screenshots by process name: DesktopServicesHelper, process path: /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Resources/DesktopServicesHelper, Event is 44, pid is 64552, started pid is 0
==
Only last two events of DesktopServicesHelper was reported by ES system extension
Post
Replies
Boosts
Views
Activity
Hi Team,
We have build a developer ID level signed package with notarize successfully, we test the package on macOS12, it run succeed. But the same package we installed on macOS13, it failed and report our process named "XTService" crashed.
The Crash log is:
Library not loaded: @rpath/FMDB.framework/Versions/A/FMDB
"/Applications/XTApp.app/Contents/Resources/bin/XTService.app/Contents/Frameworks/FMDB.framework/Versions/A/FMDB' (code signature invalid in <90A347C8-9899-351A-818A-20984EFD00B5> '/Applications/XTApp.app/Contents/Resources/bin/XTService.app/Contents/Frameworks/FMDB.framework/Versions/A/FMDB' (errno=1) sliceOffset=0x00034000, codeBlobOffset=0x00029420, codeBlobSize=0x00005050)"
I use the codesign tool to check the FMDB file strictly, it shows it's valid on the disk. So I think the issue may in system level, and it have some relation with this thread https://developer.apple.com/forums/thread/128435 (which issue in IOS)
PS:
My Xcode was signed with paid account, and the package perform normal on macOS12
I use CocoaPods to manage the 3rd party libraries, and I ensure the signature is correct