Post not yet marked as solved
On OSX12 system, iTurns, Music and other apps will trigger the CMIOObjectAddPropertyListener(Block) callback function when they are opened, while the camera device is not actually started.
Post not yet marked as solved
Hi,When I try to activate multiple system extensions at the same time, the sheet shows "Placeholder Developer" rather than the name of the developer. Both system extensions have been signed with distribution provision profile and they will run without problem if I allow them in System Preferences - Security & Privacy.Is there anything I can do to change "Placeholder Developer" to show my name, or an issue to fix in next macOS release?I have tested on 10.15.3 (19D76) and 10.15.4 beta 4 (19E250c).PS: there should be a screenshot but I don't know how to post it.The dialog is System Preferences - Security & Privacy, General Tab.On the bottom a label shows "Some system software was blocked from loading." with a "Allow..." button on the right.After clicking the "Allow..." button, a sheet appears, titled "System software from following developers was blocked from loading."The list in sheet contains two identical items: "Placeholder Developer" with a checkbox on the left.
Post not yet marked as solved
Hi,As suggested in the previous post, I want to check the code signature to prevent my XPC service in the Network Extension from unauthorized access, but my signature checking doesn't work in a sandboxed network extension.Here is the minimal working example, which checks if the code itself has a trusted signature:- (void)test {
OSStatus ret;
SecCodeRef mycode = NULL;
SecRequirementRef myreq = NULL;
CFErrorRef myerr = NULL;
do {
ret = SecRequirementCreateWithString(CFSTR("anchor trusted"), kSecCSDefaultFlags, &myreq);
if (ret != errSecSuccess)
break;
ret = SecCodeCopySelf(kSecCSDefaultFlags, &mycode);
if (ret != errSecSuccess)
break;
NSLog(@"validate start");
ret = SecCodeCheckValidityWithErrors(mycode, kSecCSDefaultFlags, myreq, &myerr);
NSLog(@"validate return=%d err=%@", ret, myerr);
} while ((0));
if (myerr) {
CFRelease(myerr);
}
if (myreq) {
CFRelease(myreq);
}
if (mycode) {
CFRelease(mycode);
}
}This snippet works in sandboxed app and UN-sandboxed network extension. In a sandboxed network extension, however, it outputs validate return=-2147416000 err=Error Domain=NSOSStatusErrorDomain Code=-2147416000 "(null)" (CSSMERR_CSP_INVALID_CONTEXT_HANDLE)After digging into the logs from system frameworks, I find following two lines by which I believe the error is related to sandboxing.<Security`Security::MDSSession::LockHelper::obtainLock(char const*, int)> com.mycompany: (Security) [com.apple.securityd:mdslock] obtainLock: calling open(/private/var/db/mds/system/mds.lock)
<Security`Security::MDSSession::LockHelper::obtainLock(char const*, int)> com.mycompany: (Security) [com.apple.securityd:mdslock] obtainLock: open error 1Is this a limitation in macOS system or I have to adjust my code for the sandbox in network extension?Thanks in advance.
Post marked as Apple Recommended
Hi,We have some questions about the EndpointSecurity Frameworks. 1. Whether the EndpointSecurity Client must be a system extension? We use the es-client entitlements making a develop provisonprofile with its EndpointSecurity-client capabilities. Then, build a simple app(no system extension) with EndpointSecurity.Framework and the provisonprofile. It works well on other machine which SIP is enabled. (Root permission & approved by TCC ) So, whether it means that we can distribute the EndpointSecurity-Client as a simple app(without system extension)?2. If we must package Endpoint Security as a system extension, and be contained in an app. Whether the containing app can be distributed in Mac App Store?
Hi,As we known, kernel extension will be replaced with system extension.User will receive a notifictaion after osx 10.15.4.But there seems be no detail schedule for disabling 3rd party kext loading completely?Is there any related information?Which osx version will disable 3rd party kext loading?Then we can plan our customer support.Thank you very much!
Hi,According to WWDC 2019, there is a EndpointSecurity in SystemExtensions.https://developer.apple.com/documentation/systemextensions?language=objcBut with XCode 11 GM seed 2, I only find new a DriverKit and NetworkExtension, can't find how to new a EndpointSecurity extension.Do I miss any thing? Or is there other method to new a EndpointSecurity extension target or project?Thank you very much!
Hi,I am studying of Network Extension to filter network traffic on OSX 10.15 beta version.I can run the demo onhttps://developer.apple.com/documentation/networkextension/filtering_network_trafficBut when I try to filter the outbound stream, I can't get the info of which process setup the new flow in handleNewFlow function.I need the process info to decide whether to do the following filter.Is there any method to get the process info?I noticed that there is a sourceAppIdentifier property for NEFilterFlow in the document, but it seems no such property in real.And there is a sourceAppAuditToken property, how can I get the process info from this property?Thank you very much!
weichao119.