mac OS popup "(null) Would Like to Filter Network Content"

App & System Services Drivers
Robert_Developer OP
Created Jun ’20
Replies 16
Boosts 0
Views 6.2k
Participants 4

Hi guys,


I have a firewall project, where I used SimpleFirewall as a template. I created the project from scratch and the firewall works, but during configuration of network filter, macOS shows popup


"(null) Would Like to Filter Network Content"


In SimpleFirewallSample this message shows


"SimpleFirewall Would Like to Filter Network Content"


Obviously name of the app is missing. I've done the following:

* checked entitlements - setup correctly

* nothing missing in Info.plist (Bundle Name, Bundle Dispaly Name, etc), filterManager.localizeDescription is set.

* I went through dozens if not hundreds of build settings

* I changed window title in the MainMenu.xib to precisely match App bundle name

* I tried to set up filter configuration from App bundle instead of common framework I use (I thought perhaps NEFilterProviderConfiguration constructor or saveToPreferences() function perhaps checks which bundle calls it and then system checks code signing).

* Tried localization for Base and EN

* I verified that Filter config in System Preferences in Network uses name of our app and I checked that if I change filterManager.localizedDescription, it correctly changes in those system settings.

* you name it - I have done it


The only clue I found in sysem log is this message


default15:22:56.895864+0200MyAppSaving configuration MyApp with existing signature (null)


The only difference is that I implemented most of the firewall functionality in a framework, so that it could be reused and app bundle links to this framework. Currently I link against this framework from app bundle and system extension using "Embed & Sign". I cannot use other options, because in that case app cannot communicate with extension. Anyway I created clone of Apple's SimpleFirewall and modified it to use common framework with precise settings as in our project and that works correctly.


Nothing appears to be working and I cannot get rid of "(nul)" in the popup message in our project.


Does anybody know how from which source macOS popup loads this value?

Thanks.

Robert


Replies  16
Boosts  0
Views  6.2k
Participants  4
DTS Engineer OP
Apple
Jun ’20

Have you tested this an a clean machine?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Robert_Developer OP
Jun ’20

Yes. I'm using virtual machine. Although we are not restoring it all the time, I use clean up steps for extensions:


systemextesnionsctl uninstall <TeamId> <BundleId>

systemextesnionsctl reset


Sometimes, to quickly test the popup, I just go to System Preferences -> Network and delete my filter configuration.

It should simply verify bundle signature. Although I'm using developer certificate, dev.cert worked with SimpleFirewall sample and it could display correctly the app name.


Even completely deleting DerivedData does not help.

0
DTS Engineer OP
Apple
Jun ’20

Hmmm, tricky. With regards the message you mentioned earlier, 

Saving configuration MyApp with existing signature (null)
, the missing value is not supposed to be the app name but rather an 
NSData
value related to your signature. This is a cache value so I don’t think that it being 
nil
indicates anything particular wonky.

Beyond that, I’ve got nothing. I think your best bet is to open a DTS tech support incident so that I, or my colleague Matt, can dig into this in detail.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Robert_Developer OP
Jun ’20
It looks like it fixed itself for me and the popup now shows name of the app instead of (null). Although other devs still see this when they build the project. If I give them my build and they run it on their machines, the app also shows correct app name in the popup. It's something with their development provisioning profile. We are on the same team and using the same bundle ids, so Xcode should be able to sign the app the same way.

I'm thinking that perhaps by changing some project settings, like app group id and reverting back, I triggered regenertion of provisioning profile and that may have fixed it for me. But so far nothing fixes it for other devs - clearing extensions, clearing dervied data, tweaking project settings, rebooting machine, rebuilding. We are on the same Xcode version 11.5.

Not sure if DTS ticket can help, if it now works for me, but not for others.
0
DTS Engineer OP
Apple
Jun ’20
If one of your other developers takes your binary and re-signs it with their profile and signing identity, what behaviour do you see?

Share and Enjoy

Quinn “The Eskimo!” @ DTS @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

WWDC runs Mon, 22 Jun through to Fri, 26 Jun. During that time all of DTS will be busy with conference duties.
0
Robert_Developer OP
Jun ’20
Another dev said, it started working correctly and popup now shows App name when he builds and signs the app.
However it stopped working for me after I removed copy of the app from /Applications folder. I investigated and found the following:

  • When running the app from Debug folder (build by Xcode in DerivedData), the popup shows "(null)" instead of the app name.

  • When I copy the app to /Applications, then the popup shows up correct app name.

  • When I leave the app in /Applications, but run the instance from Debug folder, it shows correct app name.

So it looks like macOS popup probably gets the correct app name only if the app with the same bundle id is present in the /Applications folder. That's the case even if you start the app from a completely different location and the app is signed by another developer (dev still must be part of the same team), macOS security looks for the app in /Applications folder. It very likely also checks signature there, because some logs related to signature errors disappeared (if I was looking correctly).

You can completely clean up your app in DerivedData, delete filter configuration from System Preferences -> Network, you can completely clean up System Extesnions, yet when building the app and running from Debug folder (running directly from Xcode) the macOS popup shows correct app name as long as another copy (even very old build) exists in /Applications folder.

Removing the app from /Applications folder then breaks the popup again.
Obviously users are not going to keep deleting filter configuration and they must run apps with extensions from /Application folder, so it's not an issue with officially released apps in real-world setup, but you see what developers have to go through and how much time they waste on issues like this one (several days in fact, not to mentioned guys who tried to test if it works on their machine).

0
Robert_Developer OP
Jun ’20
BTW isn't it a security risk, if the extension is being checked in /Applications folder instead of the location where the app actually starts? What if a rougue app is downloaded from the internet for example to Downloads folder and is allowed by user to run? If the app uses the same bundle id as a legitimate security app (perhasp it could, if it's not released through app store and is not notarized), is macOS going to check the signature of the app or it's extension in /Applications folder?

0
DTS Engineer OP
Apple
Jun ’20
Well, that’s interesting, and definitely bugworthy IMO.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
Robert_Developer OP
Jun ’20
I will definitely file a bug, because today we found that even having the app in a separate instance in DerivedData (when having cloned yet another instance of repository and building the same project with Xcode from the second location) the mac security appears to check wrong location and not the one, which we launched.
It's possible that when allowing extension to load for the first time, the system simply rememebers that location and always checks that despite running a new instance from a different location.
Most surprising was that moving app bundle to Trash didn't fix the problem. The system probably fixes the links to point to Trash. We had to empty the Trash to finally get the system to check signature of the extension in the bundle we were running.
0
Robert_Developer OP
Jun ’20
Filed a bug https://feedbackassistant.apple.com/feedback/7827478

0
Jack_Martin OP
Apr ’21
@Robert_Developer I cannot read your feedback and what's the next?
0
DTS Engineer OP
Apple
Apr ’21

I cannot read your feedback

Right. In general you can only access bug reports that you filed (1).

I took a look at Robert_Developer’s bug (FB7827478) and it remains unresolved. However, I do have a hint to share with you, namely that this seems to be triggered by ‘rogue’ copies of the app lurking elsewhere on your system. If you’re experiencing this problem, try it again on a clean system (I use a VM for this sort of testing). Or if you don’t have access to a clean system, try deleting (not just moving to the trash) all but the main copy of your app that’s installed in the Applications folder.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

(1) Or your team. See Sharing Feedback with Your Team on Developer Bug Reporting.
0
Jack_Martin OP
Apr ’21
@eskimo Thanks for ur reply, and I will see what I can do.
0
just_a_robot OP
Mar ’22

hi, @eskimo @Jack_Martin @Robert_Developer What is the final result about this problem, I'm also troubled by this problem. and my macos is 10.15.7

0
DTS Engineer OP
Apple
Mar ’22

Did you run the test I suggested in my previous post?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
mac OS popup "(null) Would Like to Filter Network Content"
First post date Last post date
 
 
Q