Why BigSur restart my app after waking up from sleep? And then cannot find my certificate...

App & System Services Core OS
Eddie Hua OP
Created Jun ’21
Replies 4
Boosts 0
Views 512
Participants 1

My app checks the certificate exists in the keychain periodically. (Use API 'SecItemCopyMatching')

Usually after my macbook wakes up, system will restart my app. Then my app cannot load the certificate. => SecItemCopyMatching always return errSecItemNotFound(-25300)

Until I restart it again by myself.

I remembered that the UEM Deploy my app had a similar situation before. My app launched after Deploy, SecItemCopyMatching always return errSecItemNotFound until I restart it myself.

There are 2 questions:

  1. Under what circumstances, Big Sur will restart a running App?
  2. Why App started by the system cannot find the Certificate in the Keychain?
Environment: BigSur @ M1 MacBook AIR
Build : XCode 12.2
Replies  4
Boosts  0
Views  512
Participants  1
Eddie Hua OP
Jun ’21

Supplement

0
Eddie Hua OP
Jun ’21

Supplement:

  • My application includes MacApp(UI) and XPC Daemon.
  • MacApp and XPC Daemon will be restarted by the system at the same time.

I did more tests:

[Test A] Manually unload XPC Daemon

After a long time, XPC Daemon is still activated by system. When Daemon is restarted, MacApp will also be restarted by the system...

Then MacApp can’t found the certificate.😢

[Test B] Create another App, only timed query certificate.

It will not be restarted, so the certificate can be found.✅

0
Eddie Hua OP
Jun ’21

Supplement 2:

I use the following API to get the keychain search list. When my app is restarted by the system, "Domain User Search List" is empty. So I can't find Certificate.

CFArrayRef debugSearchList = NULL;
OSStatus debugStatus = SecKeychainCopySearchList(&debugSearchList);
LOGD(@"[DEBUG] %d CopySearchList = %@", debugStatus, debugSearchList);

CFArrayRef searchList = NULL;
OSStatus statusDomainUser = SecKeychainCopyDomainSearchList(kSecPreferencesDomainUser, &searchList);
LOGD(@"Copy kSecPreferencesDomainUser SearchList (%d) = %@", statusDomainUser, searchList);

Normal

[DEBUG] 0 CopySearchList = (
    "<SecKeychain 0x7f99b7d28280 [0x7fff8076db70]>",
    "<SecKeychain 0x7f99b7d289b0 [0x7fff8076db70]>",
    "<SecKeychain 0x7f99b7d291f0 [0x7fff8076db70]>"
)

Copy kSecPreferencesDomainUser SearchList = (
    "<SecKeychain 0x7f99b7d28280 [0x7fff8076db70]>"
)

Restarted by the system

[DEBUG] 0 CopySearchList = (
    "<SecKeychain 0x7fac7f529190 [0x7fff8076db70]>",
    "<SecKeychain 0x7fac7f5298c0 [0x7fff8076db70]>"
)

Copy kSecPreferencesDomainUser SearchList = (
)
0
Eddie Hua OP
Jul ’21

After I check system log, found that "relaunch issue" is caused by UEM/MDM.

=> The 'mdmclient' reinstalls my application, scripts will kill the running program.

<<MDM reinstall>> 	15:00:18.512454 mdmclient	Processing install phase 1 for…
<<Relaunch App>>	15:00:26.596707 MobileIron Authenticate	void checkArguments(NSArray<NSString *> *__strong)
<<Relaunch Daemon>> 	15:00:26.626379 MiDaemon	int main(int, const char **) [DAEMON] main (without UI)

◻️◻️◻️◻️◻️◻️◻️◻️◻️

Another issue - 「App started by the system cannot find the Certificate in the Keychain」

I still don’t know why, but found a solution.

Just use 'SecKeychainOpen' to open the user keychain file (~/Library/Keychains/login.keychain-db), and it can be used normally.

0
Why BigSur restart my app after waking up from sleep? And then cannot find my certificate...
First post date Last post date
 
 
Q