Posts

Post not yet marked as solved
2 Replies
974 Views
I have a macOS app with a helper tool that communicates via an XPC connection. In 10.15 Beta 4, a document-based security scoped bookmark fails when it is passed from the main macOS app to the helper app.In the sample code below from the main app, a bookmark is created from a URL and the attribute is saved on “/Users/tperfitt/passing”: NSURL *wimURL=[NSURL fileURLWithPath:@"/Users/tperfitt/Desktop/test.winclone/Windows.wim"]; NSError *error; NSData *bookmark = [wimURL bookmarkDataWithOptions:NSURLBookmarkCreationWithSecurityScope includingResourceValuesForKeys:nil relativeToURL:[NSURL fileURLWithPath:@"/Users/tperfitt/passing"] error:&error]; If I resolve this in the main app, it resolves fine. However, if I pass the NSData to the helper app over an XPC connection and attempt to resolve it, it resolves as nil and error is set. The system log shows:2019-07-23 18:02:03.577313-0500 localhost com.twocanoes.WincloneHelper[3026]: (CoreServicesInternal) the ScopedBookmarkAgent service could not be found (configuration error)I verified that the NSData is being passed from the main app to the helper app: NSURL *url = [NSURL URLByResolvingBookmarkData:data options:NSURLBookmarkResolutionWithSecurityScope relativeToURL:[NSURL fileURLWithPath:@"/Users/tperfitt/passing"] bookmarkDataIsStale:NULL error:&error];This returns nil and the error is set as :Error Domain=NSCocoaErrorDomain Code=256 "ScopedBookmarksAgent did not return error domain during resolution" UserInfo={NSDebugDescription=ScopedBookmarksAgent did not return error domain during resolution}The file has an xattr on it:root@MacBook-Pro ~ # xattr passing com.apple.security.private.scoped-bookmark-keyI expected that the helper tool could resolve the URL and have access to the file. Instead, it returned nil.
Posted Last updated
.
Post not yet marked as solved
0 Replies
271 Views
When enabling FileVault and booting into recovery, there does not appear to be an option to use the recovery key set when enabling filevault. In macOS 10.14, there was access to Terminal to unlock the volume with the recovery key.Any idea of how to use the recovery key to unlock the volume?
Posted Last updated
.
Post not yet marked as solved
0 Replies
540 Views
I am trying to get my app to work with Catalina's new User Data Protections that protect the user folders. My app has a helper tool that is managed by launchd and signed with the same certificate as the main app, and has been working fine. The app works by having the user select a bundle document, and that path is sent to the helper tool that runs as root. The helper tool uses that path itself (along with subdirectories) and with various other command line tools included with the app. The helper tool is correctly installed in /Library/PrivilegedHelperTools/.The problem is when a user selects a file bundle that was created by the helper tool that was copied from another machine. The main app can access it, but when the helper tool tries to access it, it is blocked by the User Data Protections. The user is not prompted to allow it, and if I add the helper tool to the Security & Privacy->Full Disk Access, it all works fine. How do I get the XPC helper tool associated with the main app to either prompt the user or inherit the main app's User Data Protections permission?
Posted Last updated
.
Post not yet marked as solved
2 Replies
4k Views
Did some investigations on the Catalina beta on the new Read-Only system volume and found some interesting things out:1. There is a single APFS container on a physical partition.2. The APFS container splits the prior APFS volume into 2 APFS volumes (<Volume Name> and <Volume Name-Data>.3. The Applications folder appears to show in the Finder from 2 Applications folder: one folder in /Applications (user installed apps) and one folder in /System/Applications (Pre-installed apps).4. The APFS System volume does not appear to be mounted read-only but rather protected by SIP. 5. You can still disable SIP using "csrutil disable" in the Recover partition. If you disable SIP, you are able to delete built-in apps and other things in the System Folder.6. If you select the option to reinstall in the recovery partition, it started downloading the base OS image from the internet (or caching server in my case). I was expecting an "erase contents and settings" like feature on iOS, but that doesn't appear to be the case (at least at this point). It also doesn't appear to use APFS snapshots.7. Boot Camp continues to be on a physical partition completely separate from the APFS container.8. hdiutil and hdid no longer mount disk images in Terminal and give a "no child process" error. mount_smb continues to work fine.(All testing was done on a T2 2018 Mac Mini).
Posted Last updated
.