What is required to register for CoreWLAN events?

I have a simple piece of demo code I am attempting to write for MacOS Yosemite that uses CoreWLAN to report on WiFi events. I've tried every combination I can think of Sandboxed, Signed, etc., all to no avail. Currently, I have the app set for Sandbox mode, and allowing outbound network connections in the entitlements. Any ideas as to how to get this to work? Sample code and scenario below:


import CoreWLAN
class WirelessMonitor: CWEventDelegate {
    func registerForEvents() {
        let client = CWWiFiClient.sharedWiFiClient()
        client.delegate = self
        var error:NSError?
        puts("Registering for SSID change...")
        client.startMonitoringEventWithType(.SSIDDidChange, error: &error)
        if (error != nil) {
            puts("error registering for SSID Change: \(error)")
        }
    }
    func ssidDidChangeForWiFiInterfaceWithName(interfaceName: String!) {
        print("ssid changed.")
    }
}



When I run this, I receive an error upon calling startMonitoringEventWithType(...):


"Couldn’t communicate with a helper application." (The connection to service named com.apple.airportd was invalidated.)


In the MaOS console, I see this message:


7/18/15 12:19:11.753 AM sandboxd[504]: ([4105]) WiFi Debugger(4105) deny mach-lookup com.apple.airportd

Accepted Reply

At this point I’m going to have to revisit this issue in depth and that’s not something I can do in the context of DevForums.

It turns out that a different developer open a DTS tech support incident about this issue and that gave me an excuse to re-test.

CWWiFiClient
is definitely working for me an 10.13.4. The only oddity, and I suspect that this is what’s tripped you up, is that this API is now gated by the
com.apple.security.network.client
entitlement. Please make sure to enable that entitlement (Xcode > project editor > target > Capabilities > App Sandbox > Outgoing Connections (Client)) and retest.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

To start, CoreWLAN is not available in the sandbox, something that we've actually documented in the Determine Whether Your App Is Suitable for Sandboxing section of the App Sandbox Design Guide.

Outside of the sandbox CoreWLAN should work just fine. It sounds like you tried that and it failed. What exactly failed in that case?

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for the response! When I run the sample outside of sandbox mode, the application, the startMonitoring(...) call generates the following error:


Error Domain=com.apple.wifi.request.error Code=4 "The operation couldn’t be completed. (com.apple.wifi.request.error error 4.)"


In the system console, I see this message:


7/20/15 8:58:40.183 AM airportd[55]: ERROR: WiFi Debugger (8019) is not entitled for com.apple.wifi.events, will not register for event type 2


(Which is what led me down the path of entitlements, etc.)


Thanks!

(Which is what led me down the path of entitlements, etc.)

Indeed. However, it's not possible for third-party apps to get the entitlement described in that log message, so that's a complete red herring.

There seems to be a problem with CWWiFiClient where it requires that the app have a specific entitlement ("com.apple.wifi.events") even though entitlements are only meaningful in Mac App Store (and hence sandboxed) apps.

This has been noticed by another developer, who filed a bug about it. Alas, that bug seems to have been misinterpreted, so I've filed my own bug about it. That bug hasn't yet come back to me, so I presume that it still applies.

As to workarounds, your best option is to use the CWXxxDidChangeNotification notifications. While these are formally deprecated, they do still work and they're your only way forward until the above-mentioned bug is fixed.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi,


I have recently opened a thread related to CoreWLAN. I understand now that it is not possible to scan for in-range wifi networks since CoreWLAN is not available from within the sandbox.


So, what are the alternatives to accomplish this? There are (at least) two apps in the App Store that do exactly this:


https://itunes.apple.com/br/app/wifi-explorer/id494803304?mt=12

https://itunes.apple.com/br/app/wifi-scanner/id411680127?mt=12


Since they were recentlly updated, I am assuming they must be sandboxed. Any insights?


Thank you.

(fwiw, the two bug report links point to this thread URL, not sure if that's because of an interaction with radar or not)


Thanks for tracking this down! Hopefully this will be fixed soon.


Thanks again!

Alas, Radar will only let you see bugs that you've filed, and you didn't file these bugs. I include links like this just for the record; primarily it's so that Future Quinn™ can easily find the bugs if this discussion crops up again.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I'm not in a position to reverse engineer other developer's software on your behalf, or to comment on App Review policies, but my experience is that apps that are doing seemingly-impossible things fall into one of three categories:

  • they're breaking the rules and App Review hasn't caught them yet (A)

  • their marketing material is being economical with the truth (B)

  • they are grandfathered in from a previous world (C)

My guess is that point C applies in this case, although I'm not in a position to confirm that.

Of course, you could do that easily:

  1. buy the app

  2. download it

  3. dump its entitlements

$ codesign -d --entitlements :- /path/to/some.app

I can say that there is no supported way to do Wi-Fi scanner from a sandboxed app, and that Mac App Store currently requires that all apps be sandboxed.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

By (C) do you mean that the app was submitted when sandbox was not a requirements and now it is allowed to be updated and still be kept unsandboxed?


I have bought the app and (B) is not the case, that is for sure. It does exactly what it says it does.


If (A) is the case, is there a way to report/warn Apple Review that an app is doing malicious things and/or breaking the rules?

By (C) do you mean that the app was submitted when sandbox was not a requirements and now it is allowed to be updated and still be kept unsandboxed?

I was talking in general terms, but in the specific case of the Mac App Store that certainly does occur. I don't work for App Review, so I can't tell you exactly how they interpret the 'major update' rule.

I have bought the app [...]

Well, if you have the app installed, it's trivial to see if it's sandboxed.

If (A) is the case, is there a way to report/warn Apple Review that an app is doing malicious things and/or breaking the rules?

If you believe that some app is not playing by the rules, you should get in touch with App Review.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hello,


Is CoreWLAN still not available in the sandbox in OS X 10.11? Are there any plans to add an entitlement for that?


Thank you!


Gabriel Arjones

Is CoreWLAN still not available in the sandbox in OS X 10.11?

There’s been no change on this front.

Are there any plans to add an entitlement for that?

Obviously I can’t predict The Future™ but I don’t expect this to change given that CoreWLAN is explicitly called out in the Determine Whether Your App Is Suitable for Sandboxing section of the App Sandbox Design Guide.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

How about the entitlements for the Wifi Diagnostics app that ships with Mac OS X 10.11.1, located at /System/Library/CoreServices/Applications/. Checking entitlements I see that it posseses the following: com.apple.wifi.associate, com.apple.wifi.scan, com.apple.wifi.set_channel, com.apple.wifi.start_autojoin, com.apple.wireless-diagnostics, and com.apple.wireless-diagnostics.basic_report.


Are we mere mortals working in a sandbox not able to get these?

If special Wi-Fi entitlements were available, I would have mentioned them (and filed a bug against the docs for failing to mention them).

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I have found the following in the App SandBox Guide "With App Sandbox, your app cannot modify the system’s network configuration (whether with the System Configuration framework, the CoreWLAN framework, or other similar APIs) because doing so requires administrator privileges."


Does it mean that I can use Core WLAN only to read wifi settings? Not to modify it

Vladius - I believe your interpretation is correct, with the emphasis on *modify*. The current CoreWLAN docs state:


You can use the CoreWLAN framework in an app that adopts App Sandbox without any special exceptions as long as you use the interface objects vended from a client instance. If you initialize interface objects directly, you incur low level system socket accesses that are not considered sandbox safe.