Caching sourceAppAuditToken

Inside my NEFilterDataProvider, I am retrieving the code signature informations from socketFlow.sourceAppAuditToken (thanks to the good advice of Eskimo).


This takes a little bit of time though. Is it reasonable to cache the sourceAppAuditToken ?


I am thinking of keeping a dictionary that would map the sourceAppAuditToken to their String identifier. Is it reasonable, or is it insecure to do so?


Separately, I have seen that socketFlow.description contains a lot of really useful information, including bundleId, etc.

How is that bundleId computed? (there is an insecure way : just retrieving it from the Info.plist, and a secure way: retrieving it from the code signature). Also, is there a better way to access this information that parsing the socketFlow.description string itself?

I am thinking of keeping a dictionary that would map the

sourceAppAuditToken
to their
String
identifier. Is it reasonable … ?

Yes.

Separately, I have seen that

socketFlow.description
contains …

The

description
property is intended for debugging and logging purposes only. You should never depend on the format of the string it returns. This can change without warning, resulting in problems like the one discussed here.

It’s unfortunate that our documentation fails to make this sufficiently clear (r. 54383819). The best discussion of this is the one you’ll find in the

CFCopyDescription
docs, which says:

You can use this function for debugging Core Foundation objects in your code. Note, however, that the description for a given object may be different in different releases of the operating system. Do notcreate dependencies in your code on the content or format of the information returned by this function.

The only thing that needs tweaking here in the addition of an “unless otherwise documented”. Some types do guarantee that their description will conform to a specific format.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

ok, thank you!

Caching sourceAppAuditToken
 
 
Q