I have requested an Endpoint Security entitlement through this form:https://developer.apple.com/contact/request/system-extension/How can I see that my request is done?How can I check that I am able to use this entitlement?Is it should be listed in my App ID Configuration Capabilities?
I am playing with endpoint security. I trying to implement block/allow user to read/write files on a USB media drive. I made my ep utility as launchctl daemon. I found that some applications couldn't start until I mute those processes for ep_client.
Moreover, some system processes couldn't start until I mute messages from them. And even more, if my utility autoruns on system start, the clock on the top right corner of the screen may be absent. The Terminal app couldn't restore its state, it hangs on start.
Actually, I came to that, my EP daemon should listen to very few processes. Those processes that can read/write files on USB media, and do it by user request. Or under user control.
When KAUTH was not deprecated, I did it right in the kernel extension: if the vnode path is NOT on a removable drive, return DEFER at the beginning of callback.
My question is:
What processes are pure system?
What system processes can read/write files for user or under user control?
Does, for example, /usr/libexec/nsurlsessiond can download a file for user to the USB media?
Post not yet marked as solved
What if "session:canSendMessageWithCompletionHandler:" method has to take a couple of seconds to make a decision?
User may be confused when he click "Send" button and nothing is happen at once.
Is there a legal way to make "Send" button disabled during MEComposeSessionHandler work?
Or may be there another way to show some progress that my mail extension is working? May be it is possible to show modal window?
Hello.
How does excludedNetworkRules work?
Can I setup such rules that allow me to catch everything except specified ports (AirDrop for example)?
I found that if my extension start with these rules:
[Extension ....]: provider set tunnel configuration to
tunnelRemoteAddress = <9-char-str>
includedNetworkRules = (
{
matchRemoteEndpoint = 0.0.0.0:80
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
{
matchRemoteEndpoint = 0.0.0.0:81
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
{
matchRemoteEndpoint = 0.0.0.0:8080
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
{
matchRemoteEndpoint = 0.0.0.0:443
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
{
matchRemoteEndpoint = 0.0.0.0:25
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
{
matchRemoteEndpoint = 0.0.0.0:587
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
{
matchRemoteEndpoint = 0.0.0.0:465
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
{
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
)
excludedNetworkRules = (
{
matchRemoteEndpoint = 0.0.0.0:8770
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
{
matchRemoteEndpoint = 0.0.0.0:8770
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
)
isFullyTransparent = YES
Note that rules contains wildcard rule:
{
matchRemotePrefix = 0
matchProtocol = <3-char-str>
matchDirection = <8-char-str>
appliesToLoopback = NO
},
Airdrop is not working.
I see in logs that connection is delivered to my extension, and it rejects it.:
(1899100530): New flow: NEFlow type = stream, app = com.apple.sharingd, name = 69e95d47-5e35-45d9-a0cf-252f226ec444.local, fe80:d::6c5b:6bff:fecc:e0a.0 <-> fe80::fc46:29ff:feaa:24ab.8770, filter_id = , interface = awdl0
(1899100530): Delivering to client
[Extension ....]: Calling handleNewFlow with TCP com.apple.sharingd[{length = 20, bytes = 0x890032e8aa2f6d927360921d19502b76ecd24700}] remote: fe80::fc46:29ff:feaa:24ab%awdl0.8770 interface awdl0
[Extension .....]: provider rejected new flow TCP com.apple.sharingd[{length = 20, bytes = 0x890032e8aa2f6d927360921d19502b76ecd24700}] remote: fe80::fc46:29ff:feaa:24ab%awdl0.8770 interface awdl0
(1899100530): Dropping the director
(1899100530): Destroying, client tx 0, client rx 0, kernel rx 0, kernel tx 0
If I specify exact ports to catch, Airdrop is working.
Could you help me, please?
Post not yet marked as solved
Steps to reproduce: In XCode, create a new Command Line Tool Project.
Fill the main.cpp file with this code:
cpp
#include csignal
#include iostream
namespace
{
volatile std::sig_atomic_t gSignalStatus;
}
void signal_handler(int signal)
{
gSignalStatus = signal;
}
int main()
{
// Install a signal handler
std::signal(SIGINT, signal_handler);
std::cout "SignalValue: " gSignalStatus '\n';
std::cout "Sending signal " SIGINT '\n';
std::raise(SIGINT);
std::cout "SignalValue: " gSignalStatus '\n';
}
Actual output:
SignalValue: 0
Sending signal 2
SignalValue: 0
Expected output:
SignalValue: 0
Sending signal 2
SignalValue: 2
Is it possible to drag and drop files from my application, NSTableView instance to "Security & Privacy" Preferences pane?
What type of data should be in pasteboard?
I tried NSPasteboardTypeFileURL, but it not acceptable by the pane.
I wrote a C++ command-line tool by using XCode.My tool crashes sometimes, with a crash report being generated.How can I include Version of my command-line tool in crash report?Now the Version is always 0.
DanilKorotenko.