Post not yet marked as solved
Hello,
How can I get the boot args in C++ or Objective-C on macOS without launching the nvram command tool? Take -arm64e_preview_abi for example. How can I check if it exists and if it's effective now or a reboot is needed for it to take effect. Thanks!
Post not yet marked as solved
Hi, everyone!
I want to know whether I can check my app is running on a virtual machine or not. If so, how can I do that in C++ or Objective-C? The code needs to support both Intel processors and Apple Silicon. Thanks!
Leo
Post not yet marked as solved
I know with Disk Arbitration framework, I can use DARegisterDiskMountApprovalCallback to prevent external disks from mounting. The disks includes thumb drive, external hard disk, etc., but there are many types of peripherals out there, like a usb wireless receiver or a USB ethernet adapter. Is there any other framework for us to use to enable/disable peripherals based on their I/O Registry properties? Thanks!
Post not yet marked as solved
Hello,
I have a security program with a daemon process running as root user started by launchd, which scans documents on users's computer to prevent confidential data leakage. On macOS 10.15.6 adding the program to "Full Disk Access" list in System Preferences doesn't work at all. I also add the Terminal program, but that doesn't make any difference. Do I need to add my program to the root user's TCC database? And how to do that? Thanks!
Post not yet marked as solved
Hello,I have a DLP product, which includes several components running as launch daemons with root privileges. When user send a file outside, the kernel extension will notify the scan engine to detect if the file has sensitive information. After installing 10.15.4 Supplemental Update, the launch daemons cannot read files even in user's desktop folder. And there is no permission request dialog at all. I need to grant file access to launch daemons manually in System Prerefences. Is this a new change in 10.15.4 Supplemental Update? There seems to be no problem for a root process to access any file on disk before. If this requirement is enforced, how can I prompt user to grant full disk access to background daemon during installation or its first launch? BTW, all the executable and dylibs in my product are already properly signed and notarized.Thanks!
Post not yet marked as solved
I'm using Xcode 10 on MacOS Mojave to create a MacOS app. This app will be distributed outside of Mac App Store, so I let Xcode auto-sign it with Developer ID. My question is how to move the target .app to a specific folder after code signing. The post-build action doesn't work since it seems to happen before code signing. I don't want to do code signing on command line by myself, because I want Xcode to add hardened runtime and com.apple.security.get-task-allow entitlements for me. Thanks!
Post not yet marked as solved
In a background daemon(run as root), I want to get user name from a user id(like 501).I tried to use getpwuid() function, but the pw_name it returns is root. Is there any other API I can use to get user name from any valid user id?One more related question:How can I get the currently active logged-in user in a background daemon considering fast user switching? There seems to be a command called logname, but I have no idea how to do it programmatically.Thanks!
Post not yet marked as solved
Hello,
I'm testing a kernel extension on macOS Big Sur. I know I should discard deprecated kext and implement a System Extension instead, but that takes time. After running installer package, I clicked the Allow button in System Preferences and restart my computer. After reboot, I can make sure the kext is loaded successfully. The user mode app and kext are communicating using kernel control API. But when my app calls ioctl() to get a ctl_info, it fails with the error "no such file or directory". My app works on Catalina without any problem. I want to know if there are any other steps I shoud take to make my app running. Thanks!
Post not yet marked as solved
Hello,I'm using kernel control API to send data to a user space daemon from kext. It works most of the time, but on some occation, the ctl_enqueuedata() function return the errno code 12(ENOMEM), which is a little weird. This is the snippet in my code.// in kext
errno_t error = ctl_enqueuedata(gCtlInfo.clientCtlRef, gCtlInfo.unit, (void*)notify, sizeof(struct CONFIG_NOTIFY), CTL_DATA_EOR);
if (0 != error)
{
KEXT_LOG_ERROR("Failed to talk to user space daemon(error=%d).", error);
return result;
}
// in user space daemon
dispatch_source_t readSource = dispatch_source_create(DISPATCH_SOURCE_TYPE_READ, g_sock, 0, g_globalQueue);
dispatch_source_set_event_handler_f(readSource, (dispatch_function_t)dataArrived);
dispatch_resume(readSource);
ssize_t n = recv(sock, (void*)notify, sizeof(struct CONFIG_NOTIFY), 0);
if (n < sizeof(struct CONFIG_NOTIFY))
{
SPDLOG_ERROR("recv() failed, error: {}", strerror(errno));
return -1;
}I just send a fixed-size struct from kext several times per minute, not much data I think. And I also set the buffer large enough in the kern_ctl_reg structure.static struct kern_ctl_reg gCtlReg =
{
BUNDLE_ID,
0,
0,
0,
0x800000, //2048KB
0x800000,
ctl_connect,
ctl_disconnect,
NULL,
ctl_set,
NULL
};BTW, my app runs on macOS 10.14.6 with 16GB ram. What could be the possible reason for this failure? Thanks!
Post not yet marked as solved
Hello,I have a background daemon which is launched by launchd at system startup. I need to show a notification window to reports some event occationally. My snippet is as follows.CFStringRef message = CFStringCreateWithCString(NULL, filePath, kCFStringEncodingUTF8);
CFUserNotificationDisplayNotice( 3.0f, kCFUserNotificationStopAlertLevel | kCFUserNotificationNoDefaultButtonFlag,
NULL, NULL, NULL,
CFSTR("alert"),
message,
NULL);
CFRelease(message);The CFUserNotificationDisplayNotice returns 0, but no window shows up.I cannot find much information about how to use this API.Could anybody show me the correct way to show some UI from a daemon? Thanks!
Post not yet marked as solved
I use printf() in my kernel extension to print some debug logs. When the message is a bit long(beyond 300 characters, I'm not sure the exact length), it will not be shown in Console.app. To shrink the message a little bit, it can be shown successfully. Is there any limit on the message length in the kernel? I'm using macOS 10.14.6. Thanks!
Post not yet marked as solved
Hello,I'd like to check if a process opens any ip socket given a process id. I don't need to know what ports the process opens and how many. An yes-or-no answer is enough. Is there a quick and efficient API to check that? Thanks!
Post not yet marked as solved
Hello,I have a command line tool, which depends on some my own dylibs and some third-party dylibs. All of them are build successfully on MacOS and run without problem on my test machine. I want to distribute the app with a installer package. I can enable hardened runtime on the command line tool and every dylib file, codesign them, build the package and get it notarized.I just have three questions:I want to keep the folder structure which includes all the binaries as Linux, rather than put them into an app bundle. Is it possible on MacOS? For Catalina, I need to add a Info.plist for the command line tool. Is there any way to do it from command line after build process? If not, how can I do it during the build process without using Xcode IDE?Do I need to enable hardened runtime and add Info.plist to dylibs for them to be loaded on Catalina?Thanks!
Post not yet marked as solved
I'm using MAC policy API in one of my kernel extension. In file operation related callback functions, like mpo_vnode_check_open, I'd like to get the process's real path. I can use proc_selfpid() to get the PID, but I have no idea how to get process path from there. The functionality I need is to check if a process is built-in system process or not. If I could get the process path, I'd compare it with some known ones(/bin, /sbin, /usr/bin, /usr/sbin, /usr/libexec, /System/Library, etc.). Could anybody show me some code on how to get process path? If possible, how to check if a process is from Apple? Thanks!
Post not yet marked as solved
When I get a volume path like /Volumes/somedrive, I need to check if it's a USB drive, a CD/DVD drive or a network share. Is there a way to get this information by C/C++ or Objective-C code? Thanks!
liang.zhou.