SimpleFirewall example has a project for the App associated System Extension.When launched the SimpleFirewall APP, then Start button the Extension get launched. But before that if I try to debug using process name, set a breakpoint using usual break point setting, it does not work, since debugger still wait for the process to be launched.How do you debug using debugger ?
Post
Replies
Boosts
Views
Activity
Can we use both client and server for the entitlement(s) of a System Extension ?
Context::When I was trying to test out the EP security using the only command line example from Omar ( not apple provided code ), I see that code needs network.client entitilement. Also I noticed that it in true sense a client trying to get information fro EP Sec system extension ( insdie Apple's code).My question is, in real product environment, can this client code be in another System Extension ? Or it has to be as client side to EP Sec Extension ?If I have to guess, I think it should not matter !!!Thanks,Prokash
After I updated to the latest OS 10.15.3 (19D76) and Xcode Version 11.3 (11C29) I see few problems ---Before this update ( and now) I'm using SimpleFirewall workspace from Apple WWDC source.Before I was debugging the System Extension using attach from Xcode. But now I can not. Attach just waiting waiting waiting ...But the system extension process started running. The way I was running is thru the SimpleFirewallApp, and when I click Start, the extension becomes alive ( launched ).After updating to latest os ( including Xcode), I notice quite a bit of changes in behaviors ...1) We did not have a main.swift in Application, now it needs it2) System Extension now need an entry inside info.plist about Principal Class or some key.3) Even after I kill Extension process, it comes back and running ( this particular, is all good, but if I replace /Library/SystemExtensions/<SomeHashedDirName>/<OurExtension>. I hope it picks up this. __The pain point is that if no application is actively referring to it ( i.e. Client side - SimpleFirewall), a kill should kill and stop relaunching. May be this is because I'm trying to add the EP sec example ( command line obj-c code from Okram ).Q1:I'm sure there is some cache somewhere so how could I stop the extension being launched again, when there is no refrence ?Q2:How to find out ( or resolve ) the debug issue -- why can't I attach, then start the App that would eventually launch the System Extension ??On a running Extension ( using pid ) I can attach, but it does not hit any break points. Pausing in this case give some sort of system scheduler threads ( no other threads ) ---TIAThanks,Prokash
Seeing the followng on CONSOLE when the extension is repeatedly crashing ( when system tries to load )com.forcepoint.SimpleFirewallExtension: Unsatisfied entitlements: com.apple.developer.endpoint-security.clientOf course, the Firewall extension is based on (network server side) network extension. Since I need an EP sec extension, looks like some conflict that it can not be an extension client ( while it is already an extension serverf ) ... NOT SURE though.What is the right way to CRUFT an EP sec module ???Thanksprokash
I'm trying to integrate some basic Ep sec functionality to see what is/are available ...By now we all know there is no template to create such extension using Xcode.So I was trying to get command line EP sec code that works when ( csr disabled, and run from root ). Otherwise it would not work - as we stand today.Now if I try to execute this from Simple Firewall App that launches the system extension, it fails on root permission ( even if I launch the App from command line root permission ) the reason being the lldb debug server launches it when I attached a debugger and wait for its instantiation.SO, when can we expect that those restrictions ( CSR, and root permission going to be lifted out ) ??Thanks,Prokash
Hi,
I've an Application Bundled and signed from the Xcode signature options ( runtime hardening is disabled ). The Application has a provisioning profile with Apple.
We do have dylibs on different workspace/projet that we include in the Framework, library dependencies on link modules.
We tried to disable library-validation using the Xcode option switch. But it always fails with CODESIGNING, Code 0x2
Following is the code signature of the Bundled App -
Identifier=com.forcepoint.ep.ESDaemonBundle
Format=app bundle with Mach-O thin (x8664)
CodeDirectory v=20200 size=1312 flags=0x0(none) hashes=33+5 location=embedded
VersionPlatform=1
VersionMin=659200
VersionSDK=659204
Hash type=sha256 size=32
CandidateCDHash sha256=6036f59a3467b84e3195fb59424a08fd0c738716
CandidateCDHashFull sha256=6036f59a3467b84e3195fb59424a08fd0c738716b6414171f908486a4e33446b
Hash choices=sha256
CMSDigest=6036f59a3467b84e3195fb59424a08fd0c738716b6414171f908486a4e33446b
CMSDigestType=2
Page size=4096
CDHash=6036f59a3467b84e3195fb59424a08fd0c738716
Signature size=4657
Authority=Developer ID Application: WEBSENSE, INC. (C489D5E8E8)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Aug 18, 2020 at 11:18:30 AM
Info.plist entries=19
TeamIdentifier=C489D5E8E8
Sealed Resources version=2 rules=13 files=1
Internal requirements count=1 size=224
Following is the library signature --
Executable=/Users/mani/GITS/epm-f1e/build/libMsgCom.dylib
Identifier=libMsgCom
Format=Mach-O thin (x8664)
CodeDirectory v=20200 size=553 flags=0x0(none) hashes=13+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=db2c196b6d8bdf469968679e7f94a85a5750bea1
CandidateCDHashFull sha256=db2c196b6d8bdf469968679e7f94a85a5750bea1f550b6acedbb1c3d26865545
Hash choices=sha256
CMSDigest=db2c196b6d8bdf469968679e7f94a85a5750bea1f550b6acedbb1c3d26865545
CMSDigestType=2
CDHash=db2c196b6d8bdf469968679e7f94a85a5750bea1
Signature size=4657
Authority=Developer ID Application: WEBSENSE, INC. (C489D5E8E8)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Aug 18, 2020 at 10:21:51 AM
Info.plist=not bound
TeamIdentifier=C489D5E8E8
Sealed Resources=none
Internal requirements count=1 size=204.
Any help would be much appreciated.
Any links or books that explains all of these would be great too !
Thanks much,
Prokash
Folks,
We had a kext, where I handled KAUTHVNODEREADATTRIBUTES using VNODE listener to capture CD/DVD activities.
Context:: We used to get an unique event for KAUTHVNODEREADATTRIBUTES, when a file / doc is copied to CDROM ( and the system creates an Alias )...
When I map this to ESEVENTTYPEAUTHGETATTRLIST, I get about 8 or so events in this auth type. File attributes are 1 or 0, except one more value ( it looks like pid )
How am I going to map to a single event?
The action we want to take is once per file/doc. But where can we get some detail about these events ( of same event type ), so we can isolate one from other ...
TAI,Pro
Folks,
I've a EP Security module, its embedded inside an app for provisioning and other entitlements.
The binary inside ~/Content/MacOS is launched using launchctl and *.plist.
Being a root enabled ( and debug disabled ) process, How can we instrument and analyze the performance such a daemon?
TIA,
prokash
Is csrutil broken now ?
Was trying to disable it, to clean up some SystemExtensions from the file system... It went okay. But reboot does not let me login....
Its spins ...
If I try to put back to enable ( Cmd + R key ) it does not get to recovery mode. So I can not get back to where I was
Folks,
Is there a way to have SimpleMailPlugin.mailbundle loaded on Big Sur ?
Incompatible Plug-ins Disabled
Mail has disabled the following plug-ins:
DataSecurityPlugin.mailbundle
Contact the makers of these plug-ins for versions that are compatible with Mail 14.0.
On 11.3 and 11.4 I see some of the log entries are missing when using os_log(Default, "....");
Wondering if there is a configuration param I should use.
Also does it matter, if I have my own serial and concurrent queues ( 'm not worried about the sequence of the print, just that will it print into log , so some form of $ low collect I can use)
Thanks,
Prokash
Uploading package to notarization service....2021-05-19 15:22:16.163 altool[2746:1769840] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called
2021-05-19 15:22:17.261 altool[2746:1769831] * Error: Unable to notarize app.
2021-05-19 15:22:17.261 altool[2746:1769831] * Error: code -1011 (Failed to authenticate for session: (
"Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-22938 \"Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com\" UserInfo={NSLocalizedRecoverySuggestion=Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com, NSLocalizedDescription=Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com, NSLocalizedFailureReason=App Store operation failed.}"
) Unable to upload your app for notarization.)
Upload failed, please review the error log printed above
Not clear, what went wrong , in this process
Folks,
I've a bare bone XPC Service, built with Xcode 12.x.
I can get it work under Xcode interactive debugger. But from command line I get the Illegal instruction.
A similar project with XPC client don't see the problem.
Any help ?
Eventually it would be part of launchctl based daemon
TIA
-P
Folks I'm trying to handle a linking problem coming out of linking a command line app to a c++ based library. But if I defined those methods inline with the class definition, no problem is there ...
Problem shows --
Ld Build/Products/Debug/COMM_Srv normal x86_64
cd /Users/prokash.sinha/mysrc/C++/COMM_Srv
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang++ -target x86_64-apple-macos11.3 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk -L/Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Products/Debug -L/Users/prokash.sinha/mysrc/C++/COMM-BUS/Build/Products/Debug -F/Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Products/Debug -filelist /Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Intermediates.noindex/COMM_Srv.build/Debug/COMM_Srv.build/Objects-normal/x86_64/COMM_Srv.LinkFileList -Xlinker -object_path_lto -Xlinker /Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Intermediates.noindex/COMM_Srv.build/Debug/COMM_Srv.build/Objects-normal/x86_64/COMM_Srv_lto.o -Xlinker -export_dynamic -Xlinker -no_deduplicate -stdlib=libc++ -v -lCOMM-BUS -Xlinker -dependency_info -Xlinker /Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Intermediates.noindex/COMM_Srv.build/Debug/COMM_Srv.build/Objects-normal/x86_64/COMM_Srv_dependency_info.dat -o /Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Products/Debug/COMM_Srv
Apple clang version 12.0.5 (clang-1205.0.22.11)
Target: x86_64-apple-macos11.3
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
"/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld" -demangle -lto_library /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/libLTO.dylib -dynamic -arch x86_64 -platform_version macos 11.3.0 11.3 -syslibroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk -o /Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Products/Debug/COMM_Srv -L/Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Products/Debug -L/Users/prokash.sinha/mysrc/C++/COMM-BUS/Build/Products/Debug -filelist /Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Intermediates.noindex/COMM_Srv.build/Debug/COMM_Srv.build/Objects-normal/x86_64/COMM_Srv.LinkFileList -object_path_lto /Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Intermediates.noindex/COMM_Srv.build/Debug/COMM_Srv.build/Objects-normal/x86_64/COMM_Srv_lto.o -export_dynamic -no_deduplicate -lCOMM-BUS -dependency_info /Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Intermediates.noindex/COMM_Srv.build/Debug/COMM_Srv.build/Objects-normal/x86_64/COMM_Srv_dependency_info.dat -lc++ -lSystem /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/12.0.5/lib/darwin/libclang_rt.osx.a -F/Users/prokash.sinha/mysrc/C++/COMM_Srv/Build/Products/Debug
Undefined symbols for architecture x86_64:
"TCPStream::s_send(char*, long)", referenced from:
_main in main.o
"TCPStream::receive(char*, long)", referenced from:
_main in main.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
nm on the lib --
bash-3.2$ nm Products/Debug/libCOMM-BUS.dylib | grep TCPStream
0000000000003710 T __ZN9TCPStream6s_sendEPcl
00000000000037a0 T __ZN9TCPStream7receiveEPcl
0000000000003660 T __ZN9TCPStreamC1EiP11sockaddr_un
00000000000035a0 T __ZN9TCPStreamC2EiP11sockaddr_un
00000000000036f0 T __ZN9TCPStreamD1Ev
0000000000003690 T __ZN9TCPStreamD2Ev
Constructor and Destructor defines are fine in the cpp file. The s_send and receive methods are not like one or two liners, so was trying to put them in C++ implementation files.
Is there something more I need in terms of linking ?
TIA
-P