Post

Replies

Boosts

Views

Activity

Get Process ID (pid) from NEFilterFlow & sourceAppAuditToken
Dear all,In macOS Catalina we have the new NetworkExtension framework that can filter network trafic on a computer.In my usecase I need the PID of the process that is the originator of the network flow. I'm aware that PID are not a reliable way to identify a process (since PIDs can be reused), but in my usecase only PID can identify what I need.In handleNewFlow(_ flow: NEFilterFlow) we can get the sourceAppAuditToken (flow.sourceAppAuditToken), where sourceAppAuditToken is a Data type. Is there a way to convert this sourceAppAuditToken to a PID value?I'm also aware of getting the signature of the process (eventually the Bundle ID) with SecCodeCopySigningInformation / kSecCSDynamicInformation, but again in my usecase it does not help.A way to do this is to call "netstat" and look for the local port in the output and get the PID from there, but sometimes this is not very reliable.Any ideas how to do this?Regards,Alex
9
1
4.6k
Dec ’19
ShieldActionDelegate handle action extra options or authentication
Hello, Is it possible to make a FaceID authentication (LAContext) inside the ShieldActionDelegate extension in the func handle(action: ShieldAction...) callback? Or is it possible to open the host app to do this authentication for us? Right now using LAContext.evaluatePolicy (with FaceID) gives this error: User interaction required. And there is no API to open the host app. Or any other ideas how to have some extra options/operations in the handle caller? Thank you
0
0
854
Jun ’22
ShieldActionDelegate authentication or actions
Hello, Is it possible to make a FaceID authentication (LAContext) inside the ShieldActionDelegate extension in the func handle(action: ShieldAction...) callback? Or is it possible to open the host app to do this authentication for us? Right now using LAContext.evaluatePolicy (with FaceID) gives this error: User interaction required. And there is no API to open the host app. Or any other ideas how to have some extra options/operations in the handle caller? Thank you
0
0
1.4k
Jun ’22
Face ID: user interaction is required
Hello, When locking an app using Family Controls, inside the ShieldActionDelegate's handle(action:..) call (where we decide what to do with the shielded app) there is no way to call Face ID (LAContext). The error is: User interaction is required. I understand why this is the case, but is there any other way around this? Sometimes handle(action:) inside ShieldActionDelegate needs authentication or more details from the user in order to decide if the app should be unlocked. Thank you.
0
0
880
Jun ’22
VNGeneratePersonSegmentationRequest slow on Intel MacBooks
Hello I have a very simple feature that tries to remove the background from a web camera video stream using VNGeneratePersonSegmentationRequest and VNImageRequestHandler. let personSegmentationRequest = VNGeneratePersonSegmentationRequest() personSegmentationRequest.qualityLevel = .balanced let imageRequestHandler = VNImageRequestHandler(ciImage: ciImage) // a frame from the camera try? imageRequestHandler.perform([personSegmentationRequest]) guard let result = personSegmentationRequest.results?.first else { return nil } On Mac computers with M1 processors works great (60 fps without any issue). The same code/app on MacBook Pro Intel i7 2.7GHz and AMD Radeon the performance is only 10 fps, much lower. Any thoughts? Thank you
2
0
1.7k
Jun ’22
Changing Screen Time Passcode does not protect apps with Screen Time enabled
Hello, The purpose of "Screen Time Passcode" under Settings/Screen Time is to protect Screen Time preferences and it is asked every time the user updates Downtime, App Limits, Content & Privacy Restrictions and so on. But the private passcode is not requested if the user disables Screen Time for a particular app (only Face ID or phone passcode is requested, but not the private Screen Time passcode). I think this is a mistake, I think the purpose of a private Screen Time passcode is to protect all settings, including apps that use this API, right? Is there any solution to this? Thank you.
4
4
3.0k
Sep ’22
Safari 17 App Extensions (macOS Sonoma) API changes
Hello, In the latest macOS Sonoma and Safari 17 update, Safari App Extensions that were previously running without any issues (for years) suddenly stopped working. Digging a little into the source code and debugger, I found out that basic API calls do not work anymore, for example: SFSafariApplication.getActiveWindow { (window) in ... } or the async version: let window = await SFSafariApplication.activeWindow() getActiveWindow callback is never called and let window = await ... waits forever. Is there anything updated in the security model of Safari 17 that I should be aware of? Or any API updates. I repeat, the extensions worked for 5 years without any issue and also work perfectly in Safari 16 and macOS Ventura. Thank you.
1
0
923
Oct ’23
Copy folder progress (File Provider)
Hello, I have a quick question. In my File Provider based Mac application, if the user copies a folder to his computer, the "download" progress indicator near the folder name (the one from Finder) is showing only if the user entered the folder before. If the user did not enter the folder before and copies the folder, the progress indicator is showing always zero and jumps to 100% after the copy operation is over. Any thought on this? Thank you.
0
0
519
Dec ’23
Slow NSFileProviderEnumerator
Hello, I'm having some problems in implementing a File Provider based app. NSFileProviderEnumerator is very slow for many files (over 2000 files). I'm using pagination like this: observer.didEnumerate(paged_files) // page size is usually 200 let nextPage = NSFileProviderPage((page + 1).description.data(using: .utf8)!) observer.finishEnumerating(upTo: nextPage) and observer.finishEnumerating(upTo: nil) when finished all pages. But after calling "observer.finishEnumerating(upTo: nil)" it still takes a lot of time (20-30 seconds) until all files are listed in Finder. Any tips? Thank you.
2
1
664
Dec ’23
NSFileProviderReplicatedExtension: Download triggered after upload
Hello, I have another quick question. I'm using NSFileProviderReplicatedExtension to create a macOS File Provider app to access remote files directly in Finder. When I copy a file to a remote folder (managed by File Provider) "createItem(basedOn itemTemplate: NSFileProviderItem, fields: NSFileProviderItemFields ....)" is triggered and this is fine. But immediately after the file is upload fetchContents(for itemIdentifier: NSFileProviderItemIdentifier, version ...)" is also triggered. Is this expected? Downloading again the file after upload requires some time and it's not the best experience for the user if he is in a hurry. Is there any way to prevent this? Thank you.
1
1
607
Dec ’23
NSFileProviderReplicatedExtension stopped calling fetchContents
Hello all, When copying a lot of files using NSFileProviderReplicatedExtension (more than 2000 files) to the a local storage, fetchContents is called for each file, but usually after around 2000 files, fetchContents is not called anymore. No errors, no invalidate() called, no cancelations, no log messages, just silence. Is there any explanation or solution for this behaviour? I want the extension to provide all files until the end. By the way, if the transfer fails, but you double click on the local folder a "Finish Copying" option is presented and after that fetchContents for the remaining files is called (which is good). Thank you.
0
1
447
Jan ’24
invalidate() called during operations
Hello, I had a strange bug in a File Provider app and I found out that the problem was that NSFileProviderEnumerator's invalidate() was called during an operation (a download or even a file enumeration operation from the server). The files are stored on a server and while fetchContent is called and the extension waits for the server to send the file (or enumerate a long list of files), invalidate() is called. And after some time the extension is re-initialised. I know that the extension can be deallocated by the OS from time to time, but why during an operation? If a do a cleanup inside invalidate() I will lose references to my downloads or operations. Any thoughts on this? Is there any way to prevent this? Thank you.
0
0
461
Jan ’24
Access of removable volumes from file provider on macOS Sequoia
Hello, I developed a file provider extension that can access files from multiple locations. With the new macOS Sequoia I cannot access files from volumes, here is the error from Console: Refusing TCCAccessRequest for service kTCCServiceSystemPolicyRemovableVolumes from extension Sub:{com.app.ext}Resp:{TCCDProcess: identifier=com.app.ext-Driver, pid=26706, auid=501, euid=501, binary_path.... Driver}, extension point disallows prompting I added "Privacy - Removable Volumes Usage Description" values for both the main app and extension Info.plist, I click Allow on the alert, but still I receive this error message. Any solution? Thank you.
3
0
467
Sep ’24