first call evaluatePolicy fails after logon

Privacy & Security General
Lex_A OP
Created Apr ’20
Replies 5
Boosts 0
Views 1.8k
Participants 2

If to call evaluatePolicy with or without biometry, it doesn't matter, the first call always fails after logon.


    LAContext *context = [[LAContext alloc] init];
    [context evaluatePolicy : LAPolicyDeviceOwnerAuthentication
            localizedReason:@"Test"
                       reply: ^(BOOL success, NSError *error) {
        if (success) {
          
        } else {
              NSLog(@"error = %@, %@", [error userInfo], [error localizedDescription]);
        }
    }];


My steps are:

1) Log in as a user with by password ( the user must be logged off before the attemp)

2) Run the code as above from an app.

3) the first call fails with the "UI activation timed out." error.

4) any futher calls work as expected.


The only workaround for me is to call evaluatePolicy twice, but that's too ugly )


Is that a known issue? Maybe there are some other workarounds?

Observing this on macOS 10.15.4 and macbook pro 16"

Replies  5
Boosts  0
Views  1.8k
Participants  2
DTS Engineer OP
Apple
Apr ’20

What’s the error 

domain
and 
code
?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Lex_A OP
Apr ’20

I represent the issue only after the logout-login sequence during the first policy call. After restart or power on, there is no issue at all.


The full error in my case is:

error = Error Domain=com.apple.LocalAuthentication Code=-1000 "UI activation timed out." 
UserInfo={NSLocalizedDescription=UI activation timed out.}


Some logs:


com.apple.LocalAuthentication default 20:04:32.912683+0300 touchIDDemo Creating LAContext new cid:1

com.apple.LocalAuthentication default 20:04:32.912785+0300 touchIDDemo runningInSystemContext = 0

com.apple.LocalAuthentication default 20:04:32.913090+0300 touchIDDemo runningInOsxRecovery = 0

com.apple.LocalAuthentication default 20:04:32.921514+0300 coreauthd Context[11:3112] created

com.apple.LocalAuthentication default 20:04:32.921539+0300 coreauthd ContextProxy[18:11] created for Context[11:3112] pid:2824 uid:501

com.apple.LocalAuthentication default 20:04:32.921648+0300 touchIDDemo LAContext[2824:1] created new cid:1

com.apple.LocalAuthentication default 20:04:32.921709+0300 touchIDDemo evaluatePolicy:2 options:{

2 = ddd;

} on LAContext[2824:1] cid:2

com.apple.LocalAuthentication default 20:04:32.921875+0300 coreauthd evaluatePolicy:2 options:{

2 = ddd;

}, uiDelegate:0 on ContextProxy[18:11] rid:25

com.apple.LocalAuthentication default 20:04:32.923186+0300 coreauthd -[InstalledAppsCache pathForPid:] 2824 -> /Users/lex/Desktop/touchIDDemo/DerivedData/touchIDDemo/Build/Products/Debug/touchIDDemo.app on <private>

com.apple.LocalAuthentication default 20:04:32.923368+0300 coreauthd -[InstalledAppsCache _localizedNameForBundle:] netiq.touchIDDemo -> touchIDDemo on <private>

com.apple.LocalAuthentication default 20:04:32.923455+0300 coreauthd netiq.touchIDDemo was determined as bundle ID for pid 2824, but will show the name of touchIDDemo

com.apple.LocalAuthentication default 20:04:32.923676+0300 coreauthd ACMRequirement:1, flags=0, state=1 -> MechanismPasscode[75]

com.apple.LocalAuthentication default 20:04:32.923866+0300 coreauthd ACMRequirement:3, flags=0, state=1 -> MechanismTouchId[76]

com.apple.LocalAuthentication default 20:04:32.923907+0300 coreauthd ACMRequirement:15, flags=0, state=1 -> MechanismWatch[77]

com.apple.LocalAuthentication default 20:04:32.923949+0300 coreauthd +[MechanismKofN mechanismWithK:ofSubmechanisms:serial:] 1, (

"MechanismPasscode[75]",

"MechanismTouchId[76]",

"MechanismWatch[77]"

), 0 on MechanismKofN

com.apple.LocalAuthentication default 20:04:32.924031+0300 coreauthd ACMRequirement:7, flags=0, state=1 -> <MechanismKofN: 0x0x7faf29411a80, k:1, submechanisms: (

"MechanismPasscode[75]",

"MechanismTouchId[76]",

"MechanismWatch[77]"

)>

com.apple.BiometricKit default 20:04:32.924097+0300 coreauthd BKDevice::extendedBioLockoutState:forUser: 0x700005622390 501 (_cid 811262039)

com.apple.BiometricKit default 20:04:32.928648+0300 coreauthd BKDevice::extendedBioLockoutState:forUser: -> 1 32 (null)

com.apple.LocalAuthentication default 20:04:32.928801+0300 coreauthd isAvailable -> Error Domain=com.apple.LocalAuthentication Code=-11 "No AppleWatch was discovered." UserInfo={NSLocalizedDescription=No AppleWatch was discovered.}

com.apple.LocalAuthentication default 20:04:32.928839+0300 coreauthd +[MechanismKofN mechanismWithK:ofSubmechanisms:serial:] 1, (

"MechanismPasscode[75]",

"MechanismTouchId[76]"

), 0 on MechanismKofN

com.apple.LocalAuthentication default 20:04:32.929059+0300 coreauthd uiMechanism: MechanismUI[80] nonUiMechanism: <MechanismKofN: 0x0x7faf29416920, k:1, submechanisms: (

"MechanismPasscode[75]",

"MechanismTouchId[76]"

)>

com.apple.LocalAuthentication default 20:04:32.929095+0300 coreauthd Started: <AuthenticationInProgress: 0x7faf29416a50 [pid:2824, uid:501, ahp:(null), started:(null)]>, replaced: (null)

com.apple.LocalAuthentication default 20:04:32.929335+0300 coreauthd -[Daemon remoteAuthenticationInProgressWithPriority:reply:] on <private>

com.apple.LocalAuthentication default 20:04:32.929375+0300 coreauthd -[AuthenticationManager remoteAuthenticationInProgressWithPriority:pid:reply:] on <private>

com.apple.LocalAuthentication default 20:04:32.929435+0300 coreauthd cancelling running authentication: <AuthenticationInProgress: 0x7ff9d9407970 [pid:2629, uid:501, ahp:1, started:2020-04-14 17:03:46 +0000]> mechanism: MechanismTouchId[119]

com.apple.LocalAuthentication default 20:04:32.929482+0300 coreauthd MechanismTouchId[119] will stop biometric operation: <BKMatchTouchIDOperation: 0x7ff9d9505260>

com.apple.BiometricKit default 20:04:32.929503+0300 coreauthd BKOperation::cancel (_cid 66071432)

com.apple.BiometricKit default 20:04:32.929548+0300 coreauthd BKOperation::cancel -> void

com.apple.LocalAuthentication default 20:04:32.929579+0300 coreauthd MechanismTouchId[119] finished with Error Domain=com.apple.LocalAuthentication Code=-4 "Suspended FUS because of another authentication." UserInfo={NSLocalizedDescription=Suspended FUS because of another authentication.}

com.apple.LocalAuthentication default 20:04:32.929747+0300 coreauthd -[AHPManager suspendAHPActivationWithError:] -> success on <private>

com.apple.LocalAuthentication default 20:04:32.929769+0300 coreauthd FUS confirmation for <LAAuthenticationHintsProvider: 0x7ff9d912fdc0> will be destroyed

com.apple.LocalAuthentication default 20:04:32.930166+0300 coreauthd FUS confirmation for <LAAuthenticationHintsProvider: 0x7ff9d912fdc0> is stopping button monitoring

com.apple.LocalAuthentication default 20:04:32.930254+0300 coreauthd FUS confirmation for <LAAuthenticationHintsProvider: 0x7ff9d912fdc0> will be destroyed

com.apple.LocalAuthentication default 20:04:32.930668+0300 coreauthd FUS confirmation for <LAAuthenticationHintsProvider: 0x7ff9d912fdc0> is stopping button monitoring

com.apple.LocalAuthentication default 20:04:32.930687+0300 coreauthd biometry is now idle, 0 blocks in queue

com.apple.LocalAuthentication default 20:04:32.930715+0300 coreauthd ContextProxy[53:53] deallocated

com.apple.LocalAuthentication default 20:04:32.930756+0300 coreauthd Context[53:3111] deallocated

com.apple.LocalAuthentication default 20:04:32.931220+0300 coreauthd -[AuthenticationInProgressToken initWithPriority:pid:] 1, 348 on <private>

com.apple.LocalAuthentication default 20:04:32.931292+0300 coreauthd registered authenticationInProgressToken: <_NSXPCDistantObject: 0x7faf2950a000>

com.apple.LocalAuthentication default 20:04:32.931324+0300 coreauthd cancelling running authentication: <AuthenticationInProgress: 0x7ff9d9407970 [pid:2629, uid:501, ahp:1, started:2020-04-14 17:03:46 +0000]> mechanism: MechanismTouchId[119]

com.apple.LocalAuthentication default 20:04:32.931334+0300 coreauthd MechanismUI[80] starting

com.apple.LocalAuthentication default 20:04:32.931374+0300 coreauthd clearing authentication: <AuthenticationInProgress: 0x7ff9d9407970 [pid:2629, uid:501, ahp:1, started:2020-04-14 17:03:46 +0000]>

com.apple.LocalAuthentication default 20:04:32.931432+0300 coreauthd -[MechanismUI _showUI] _nonUiMechanisms: <MechanismKofN: 0x0x7faf29416920, k:1, submechanisms: (

"MechanismPasscode[75]",

"MechanismTouchId[76]"

)> on <private>

com.apple.LocalAuthentication default 20:04:32.931411+0300 coreauthd Will not run idle blocks now, remote authentications in progress: (

"<AuthenticationInProgressToken 0x7ff9d6d09540 [priority:1 pid:348]>"

)

com.apple.LocalAuthentication default 20:04:32.931523+0300 coreauthd _backgroundMechanism: MechanismTouchId[76], _backgroundMechanism2: (null), _continueMechanism: (null), _fallbackMechanism: MechanismPasscode[75]

com.apple.LocalAuthentication default 20:04:32.931611+0300 coreauthd XPC error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.LocalAuthentication.DFR was invalidated from this process." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.LocalAuthentication.DFR was invalidated from this process.}

com.apple.LocalAuthentication default 20:04:32.931654+0300 coreauthd XPC error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.LocalAuthentication.DFR was invalidated from this process." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.LocalAuthentication.DFR was invalidated from this process.}

com.apple.LocalAuthentication default 20:04:32.932540+0300 coreauthd -[InstalledAppsCache pathForPid:] 2824 -> /Users/lex/Desktop/touchIDDemo/DerivedData/touchIDDemo/Build/Products/Debug/touchIDDemo.app on <private>

com.apple.LocalAuthentication default 20:04:32.932580+0300 coreauthd Activating UI via <NSXPCConnection: 0x7faf296096f0> connection to service on pid 0 named com.apple.LocalAuthentication.UI

com.apple.LocalAuthentication default 20:04:32.932729+0300 coreauthd XPC error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.LocalAuthentication.UI was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.LocalAuthentication.UI was invalidated.}

com.apple.LocalAuthentication default 20:04:32.939650+0300 coreautha LA logging set up for this process.

com.apple.LocalAuthentication default 20:04:32.940707+0300 coreautha -[LADFRController connectionInvalidated] on <private>

com.apple.LocalAuthentication default 20:04:32.941652+0300 coreauthd BKActiveOperationNotification token: 21

com.apple.LocalAuthentication default 20:04:32.941715+0300 coreauthd Will not run idle blocks now, remote authentications in progress: (

"<AuthenticationInProgressToken 0x7ff9d6d09540 [priority:1 pid:348]>"

)

com.apple.processmanager default 20:04:32.948429+0300 coreautha FRONTLOGGING: version 1

com.apple.processmanager default 20:04:32.948450+0300 coreautha Registering, pid=2828

com.apple.processmanager default 20:04:32.949444+0300 coreautha CHECKIN: pid=2828

com.apple.runningboard default 20:04:32.954849+0300 runningboardd Resolved pid 2828 to [daemon<com.apple.LocalAuthentication.UIAgent(501)>:2828]

com.apple.processmanager default 20:04:32.955159+0300 coreautha CHECKEDIN: pid=2828 asn=0x0-0x1d41d4 foreground=0

com.apple.launchservices default 20:04:32.954956+0300 launchservicesd CHECKIN:0x0-0x1d41d4 2828 com.apple.LocalAuthentication.UIAgent

com.apple.runningboard default 20:04:32.956393+0300 runningboardd [daemon<com.apple.LocalAuthentication.UIAgent(501)>:2828] This process will not be managed.

com.apple.runningboard default 20:04:32.956419+0300 runningboardd Now tracking process: [daemon<com.apple.LocalAuthentication.UIAgent(501)>:2828]

com.apple.runningboard default 20:04:32.956895+0300 runningboardd Acquiring assertion targeting daemon<com.apple.LocalAuthentication.UIAgent(501)> from originator [daemon<com.apple.coreservices.launchservicesd>:138] with description <RBSAssertionDescriptor; uielement:2828; ID: 279-138-1018; target: 2828> attributes = {

<RBSDomainAttribute: 0x7fb3f0508570; domain: com.apple.launchservicesd; name: RoleUserInteractive; sourceEnvironment: 0x0>;

}

com.apple.runningboard default 20:04:32.957046+0300 runningboardd Assertion 279-138-1018 (target:daemon<com.apple.LocalAuthentication.UIAgent(501)>) will be created as active

com.apple.runningboard default 20:04:32.957550+0300 runningboardd Acquiring assertion targeting daemon<com.apple.LocalAuthentication.UIAgent(501)> from originator [daemon<com.apple.coreservices.launchservicesd>:138] with description <RBSAssertionDescriptor; uielement:2828; ID: 279-138-1019; target: 2828> attributes = {

<RBSDomainAttribute: 0x7fb3f23057c0; domain: com.apple.launchservicesd; name: RoleUserInteractive; sourceEnvironment: 0x0>;

}

com.apple.runningboard default 20:04:32.957606+0300 runningboardd [daemon<com.apple.LocalAuthentication.UIAgent(501)>:2828] Ignoring jetsam update because this process is not memory-managed

com.apple.runningboard default 20:04:32.957884+0300 runningboardd [daemon<com.apple.LocalAuthentication.UIAgent(501)>:2828] Ignoring resume because this process is not lifecycle managed

com.apple.runningboard default 20:04:32.957803+0300 runningboardd Assertion 279-138-1019 (target:daemon<com.apple.LocalAuthentication.UIAgent(501)>) will be created as active

com.apple.runningboard default 20:04:32.958121+0300 runningboardd [daemon<com.apple.LocalAuthentication.UIAgent(501)>:2828] Set darwin role to: UserInteractive

com.apple.runningboard default 20:04:32.958339+0300 runningboardd [daemon<com.apple.LocalAuthentication.UIAgent(501)>:2828] Ignoring GPU update because this process is not GPU managed

com.apple.runningboard default 20:04:32.959125+0300 runningboardd Finished acquiring assertion 279-138-1019 (target:daemon<com.apple.LocalAuthentication.UIAgent(501)>)

com.apple.runningboard default 20:04:32.959146+0300 runningboardd Invalidating assertion 279-138-1018 (target:daemon<com.apple.LocalAuthentication.UIAgent(501)>) from originator 138

com.apple.runningboard default 20:04:32.959427+0300 runningboardd Finished acquiring assertion 279-138-1018 (target:daemon<com.apple.LocalAuthentication.UIAgent(501)>)

com.apple.TCC default 20:04:32.960861+0300 tccd -[TCCDAccessIdentity staticCode]: static code for: identifier com.apple.LocalAuthentication.UIAgent, type: 0: 0x7fe77bc3d4d0 at /System/Library/Frameworks/LocalAuthentication.framework/Support/coreautha.bundle

com.apple.TCC default 20:04:32.966909+0300 tccd -[TCCDAccessIdentity staticCode]: static code for: identifier com.apple.LocalAuthentication.UIAgent, type: 0: 0x7fe77b8352c0 at /System/Library/Frameworks/LocalAuthentication.framework/Support/coreautha.bundle

com.apple.processmanager default 20:04:32.972261+0300 coreautha Registered, pid=2828 ASN=0x0,0x1d41d4

com.apple.processmanager default 20:04:32.972418+0300 coreautha Registered, pid=2828 cgConnectionID=82d03

com.apple.processmanager default 20:04:32.973287+0300 coreautha BringForward: pid=2828 asn=0x0-0x1d41d4 bringForward=0 foreground=0 uiElement=1 launchedByLS=0 modifiersCount=0 allDisabled=0

com.apple.AppKit default 20:04:32.976047+0300 coreautha Current system appearance, (HLTB: 1), (SLS: 0)

com.apple.AppKit default 20:04:32.978091+0300 coreautha Post-registration system appearance: (HLTB: 1)

com.apple.distnoted default 20:04:32.984481+0300 distnoted register name: com.apple.xctest.FakeForceTouchDevice object: com.apple.LocalAuthentication.UIAgent token: f4267 pid: 2828

com.apple.dt.xctest default 20:04:32.987848+0300 coreautha Registering for test daemon availability notify post.

com.apple.dt.xctest default 20:04:32.987970+0300 coreautha notify_get_state check indicated test daemon not ready.

com.apple.processmanager default 20:04:32.990741+0300 coreautha SignalReady: pid=2828 asn=0x0-0x1d41d4

com.apple.processmanager default 20:04:32.991208+0300 coreautha SIGNAL: pid=2828 asn=0x0x-0x1917396

com.apple.TCC default 20:04:32.997421+0300 tccd -[TCCDAccessIdentity staticCode]: static code for: identifier com.apple.LocalAuthentication.UIAgent, type: 0: 0x7fe77b835dd0 at /System/Library/Frameworks/LocalAuthentication.framework/Support/coreautha.bundle

com.apple.AppKit default 20:04:33.006668+0300 coreautha NSApp cache appearance:

-NSRequiresAquaSystemAppearance: 0

-appearance: (null)

-effectiveAppearance: <NSCompositeAppearance: 0x6000004e0900

(

"<NSAquaAppearance: 0x6000004e0700>",

"<NSSystemAppearance: 0x6000004e0780>"

)>

com.apple.distnoted default 20:04:33.010600+0300 distnoted register name: com.apple.nsquiet_safe_quit_give_reason object: com.apple.LocalAuthentication.UIAgent token: f428e pid: 2828

com.apple.LocalAuthentication error 20:04:37.931924+0300 coreauthd showUI result: Error Domain=com.apple.LocalAuthentication Code=-1000 "UI activation timed out." UserInfo={NSLocalizedDescription=UI activation timed out.}

com.apple.LocalAuthentication default 20:04:37.932081+0300 coreauthd -[MechanismUI willFinish] on <private>

com.apple.LocalAuthentication default 20:04:37.932177+0300 coreauthd MechanismUI[80] finished with Error Domain=com.apple.LocalAuthentication Code=-1000 "UI activation timed out." UserInfo={NSLocalizedDescription=UI activation timed out.}

com.apple.LocalAuthentication default 20:04:37.932924+0300 touchIDDemo evaluatePolicy on LAContext[2824:1] cid:2 returned Error Domain=com.apple.LocalAuthentication Code=-1000 "UI activation timed out." UserInfo={BiometryType=1, NSLocalizedDescription=UI activation timed out.}

com.apple.LocalAuthentication default 20:04:37.933017+0300 coreauthd -[AuthenticationInProgressToken dealloc] on <private>

default 20:04:37.933036+0300 touchIDDemo error = Error Domain=com.apple.LocalAuthentication Code=-1000 "UI activation timed out." UserInfo={NSLocalizedDescription=UI activation timed out.}

com.apple.LocalAuthentication default 20:04:37.933332+0300 coreauthd -[AuthenticationManager _bkIsBusy] -> 0 on <private>

com.apple.LocalAuthentication default 20:04:37.933106+0300 touchIDDemo LAContext[2824:1] deallocated

0
DTS Engineer OP
Apple
Apr ’20

Can you reproduce this with a small test app? Or only with your main app?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Lex_A OP
Apr ’20

I reproduced that with a test app. The logs above are exactly from there.

I call


   LAContext *context = [[LAContext alloc] init];  
    [context evaluatePolicy : LAPolicyDeviceOwnerAuthentication  
            localizedReason:@"Test"  
                       reply: ^(BOOL success, NSError *error) {  
        if (success) {  
            
        } else {  
              NSLog(@"error = %@, %@", [error userInfo], [error localizedDescription]);  
        }  
    }];

from

(void)applicationDidFinishLaunching:(NSNotification *)aNotification

And there is nothing else in the app.

0
DTS Engineer OP
Apple
Apr ’20

I reproduced that with a test app.

Well, that’s not good (well, it’s good in some respects :-). Anyway, you should definitely file a bug about this. Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
first call evaluatePolicy fails after logon
First post date Last post date
 
 
Q