33 Replies
      Latest reply on Dec 4, 2019 4:42 PM by Vegerot
      Level 1 Level 1 (0 points)

        I have a simple piece of demo code I am attempting to write for MacOS Yosemite that uses CoreWLAN to report on WiFi events.   I've tried every combination I can think of Sandboxed, Signed, etc., all to no avail.  Currently, I have the app set for Sandbox mode, and allowing outbound network connections in the entitlements.  Any ideas as to how to get this to work?  Sample code and scenario below:

         

        
        import CoreWLAN
        class WirelessMonitor: CWEventDelegate {
            func registerForEvents() {
                let client = CWWiFiClient.sharedWiFiClient()
                client.delegate = self
                var error:NSError?
                puts("Registering for SSID change...")
                client.startMonitoringEventWithType(.SSIDDidChange, error: &error)
                if (error != nil) {
                    puts("error registering for SSID Change: \(error)")
                }
            }
            func ssidDidChangeForWiFiInterfaceWithName(interfaceName: String!) {
                print("ssid changed.")
            }
        }
        
        

         

         

        When I run this, I receive an error upon calling startMonitoringEventWithType(...):

         

        "Couldn’t communicate with a helper application." (The connection to service named com.apple.airportd was invalidated.)
        

         

        In the MaOS console, I see this message:

         

        7/18/15 12:19:11.753 AM sandboxd[504]: ([4105]) WiFi Debugger(4105) deny mach-lookup com.apple.airportd
        
        • Re: What is required to register for CoreWLAN events?
          eskimo Apple Staff Apple Staff (12,455 points)

          To start, CoreWLAN is not available in the sandbox, something that we've actually documented in the Determine Whether Your App Is Suitable for Sandboxing section of the App Sandbox Design Guide.

          Outside of the sandbox CoreWLAN should work just fine.  It sounds like you tried that and it failed.  What exactly failed in that case?

          Share and Enjoy

          Quinn "The Eskimo!"
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: What is required to register for CoreWLAN events?
              Level 1 Level 1 (0 points)

              Thanks for the response!  When I run the sample outside of sandbox mode, the application, the startMonitoring(...) call generates the following error:

               

              Error Domain=com.apple.wifi.request.error Code=4 "The operation couldn’t be completed. (com.apple.wifi.request.error error 4.)"
              

               

              In the system console, I see this message:

               

              7/20/15 8:58:40.183 AM airportd[55]: ERROR: WiFi Debugger (8019) is not entitled for com.apple.wifi.events, will not register for event type 2
              

               

              (Which is what led me down the path of entitlements, etc.)

               

              Thanks!

                • Re: What is required to register for CoreWLAN events?
                  eskimo Apple Staff Apple Staff (12,455 points)

                  (Which is what led me down the path of entitlements, etc.)

                  Indeed.  However, it's not possible for third-party apps to get the entitlement described in that log message, so that's a complete red herring.

                  There seems to be a problem with CWWiFiClient where it requires that the app have a specific entitlement ("com.apple.wifi.events") even though entitlements are only meaningful in Mac App Store (and hence sandboxed) apps.

                  This has been noticed by another developer, who filed a bug about it.  Alas, that bug seems to have been misinterpreted, so I've filed my own bug about it.  That bug hasn't yet come back to me, so I presume that it still applies.

                  As to workarounds, your best option is to use the CWXxxDidChangeNotification notifications.  While these are formally deprecated, they do still work and they're your only way forward until the above-mentioned bug is fixed.

                  Share and Enjoy

                  Quinn "The Eskimo!"
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: What is required to register for CoreWLAN events?
                      arjones Level 1 Level 1 (0 points)

                      Hi,

                       

                      I have recently opened a thread related to CoreWLAN. I understand now that it is not possible to scan for in-range wifi networks since CoreWLAN is not available from within the sandbox.

                       

                      So, what are the alternatives to accomplish this? There are (at least) two apps in the App Store that do exactly this:

                       

                      https://itunes.apple.com/br/app/wifi-explorer/id494803304?mt=12

                      https://itunes.apple.com/br/app/wifi-scanner/id411680127?mt=12

                       

                      Since they were recentlly updated, I am assuming they must be sandboxed. Any insights?

                       

                      Thank you.

                        • Re: What is required to register for CoreWLAN events?
                          eskimo Apple Staff Apple Staff (12,455 points)

                          I'm not in a position to reverse engineer other developer's software on your behalf, or to comment on App Review policies, but my experience is that apps that are doing seemingly-impossible things fall into one of three categories:

                          • they're breaking the rules and App Review hasn't caught them yet (A)

                          • their marketing material is being economical with the truth (B)

                          • they are grandfathered in from a previous world (C)

                          My guess is that point C applies in this case, although I'm not in a position to confirm that.

                          Of course, you could do that easily:

                          1. buy the app

                          2. download it

                          3. dump its entitlements


                          $ codesign -d --entitlements :- /path/to/some.app 

                          I can say that there is no supported way to do Wi-Fi scanner from a sandboxed app, and that Mac App Store currently requires that all apps be sandboxed.

                          Share and Enjoy

                          Quinn "The Eskimo!"
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"

                            • Re: What is required to register for CoreWLAN events?
                              arjones Level 1 Level 1 (0 points)

                              By (C) do you mean that the app was submitted when sandbox was not a requirements and now it is allowed to be updated and still be kept unsandboxed?

                               

                              I have bought the app and (B) is not the case, that is for sure. It does exactly what it says it does.

                               

                              If (A) is the case, is there a way to report/warn Apple Review that an app is doing malicious things and/or breaking the rules?

                              • Re: What is required to register for CoreWLAN events?
                                eskimo Apple Staff Apple Staff (12,455 points)

                                By (C) do you mean that the app was submitted when sandbox was not a requirements and now it is allowed to be updated and still be kept unsandboxed?

                                I was talking in general terms, but in the specific case of the Mac App Store that certainly does occur.  I don't work for App Review, so I can't tell you exactly how they interpret the 'major update' rule.

                                I have bought the app [...]

                                Well, if you have the app installed, it's trivial to see if it's sandboxed.

                                If (A) is the case, is there a way to report/warn Apple Review that an app is doing malicious things and/or breaking the rules?

                                If you believe that some app is not playing by the rules, you should get in touch with App Review.

                                Share and Enjoy

                                Quinn "The Eskimo!"
                                Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                let myEmail = "eskimo" + "1" + "@apple.com"

                            • Re: What is required to register for CoreWLAN events?
                              Level 1 Level 1 (0 points)

                              (fwiw, the two bug report links point to this thread URL, not sure if that's because of an interaction with radar or not)

                               

                              Thanks for tracking this down!  Hopefully this will be fixed soon.

                               

                              Thanks again!

                                • Re: What is required to register for CoreWLAN events?
                                  eskimo Apple Staff Apple Staff (12,455 points)

                                  Alas, Radar will only let you see bugs that you've filed, and you didn't file these bugs.  I include links like this just for the record; primarily it's so that Future Quinn™ can easily find the bugs if this discussion crops up again.

                                  Share and Enjoy

                                  Quinn "The Eskimo!"
                                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                  let myEmail = "eskimo" + "1" + "@apple.com"

                                    • Re: What is required to register for CoreWLAN events?
                                      arjones Level 1 Level 1 (0 points)

                                      Hello,

                                       

                                      Is CoreWLAN still not available in the sandbox in OS X 10.11? Are there any plans to add an entitlement for that?

                                       

                                      Thank you!

                                       

                                      Gabriel Arjones

                                        • Re: What is required to register for CoreWLAN events?
                                          eskimo Apple Staff Apple Staff (12,455 points)

                                          Is CoreWLAN still not available in the sandbox in OS X 10.11?

                                          There’s been no change on this front.

                                          Are there any plans to add an entitlement for that?

                                          Obviously I can’t predict The Future™ but I don’t expect this to change given that CoreWLAN is explicitly called out in the Determine Whether Your App Is Suitable for Sandboxing section of the App Sandbox Design Guide.

                                          Share and Enjoy

                                          Quinn "The Eskimo!"
                                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                          let myEmail = "eskimo" + "1" + "@apple.com"

                                            • Re: What is required to register for CoreWLAN events?
                                              Vladius Level 1 Level 1 (10 points)

                                              I have found the following in the App SandBox Guide "With App Sandbox, your app cannot modify the system’s network configuration (whether with the System Configuration framework, the CoreWLAN framework, or other similar APIs) because doing so requires administrator privileges."

                                               

                                              Does it mean that I can use Core WLAN only to read wifi settings?  Not to modify it

                                                • Re: What is required to register for CoreWLAN events?
                                                  ericm Level 1 Level 1 (0 points)

                                                  Vladius - I believe your interpretation is correct, with the emphasis on *modify*. The current CoreWLAN docs state:

                                                   

                                                  You can use the CoreWLAN framework in an app that adopts App Sandbox without any special exceptions as long as you use the interface objects vended from a client instance. If you initialize interface objects directly, you incur low level system socket accesses that are not considered sandbox safe.

                                  • Re: What is required to register for CoreWLAN events?
                                    vsilves Level 1 Level 1 (0 points)

                                    How about the entitlements for the Wifi Diagnostics app that ships with Mac OS X 10.11.1, located at /System/Library/CoreServices/Applications/. Checking entitlements I see that it posseses the following: com.apple.wifi.associate, com.apple.wifi.scan, com.apple.wifi.set_channel, com.apple.wifi.start_autojoin, com.apple.wireless-diagnostics, and com.apple.wireless-diagnostics.basic_report.

                                     

                                    Are we mere mortals working in a sandbox not able to get these?

                                    • Re: What is required to register for CoreWLAN events?
                                      eskimo Apple Staff Apple Staff (12,455 points)

                                      I wanted to post an update on this issue.  If you read the current Apple documentation you’ll find it says:

                                      In order to monitor Wi-Fi events, you must specify the com.apple.wifi.events entitlement for your app.

                                      The bad news is that this is incorrect (r. 37154185).  The good news is that it is possible to use CWWiFiClient from both sandboxed and non-sandboxed apps on recent versions of macOS.

                                      The not-so-good news is that an OS bug (r. 36702504) prevents sandboxed apps from using CWWiFiClient without applying a workaround.  Moreover, I’m not going to explain that workaround here on DevForums.  If you need to use CWWiFiClient from a sandboxed app, please open a DTS tech support incident and I can walk you through that process.

                                      Share and Enjoy

                                      Quinn “The Eskimo!”
                                      Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                      let myEmail = "eskimo" + "1" + "@apple.com"

                                        • Re: What is required to register for CoreWLAN events?
                                          hMiya Level 1 Level 1 (0 points)

                                          Thank you for the information Quinn!


                                          I specifically need startMonitoringEvent(with: .scanCacheUpdated) to work in a sandboxed environment, and I only have one DTS available, could you please walk me through the process of getting this work?


                                          Thanks in Advance!

                                            • Re: What is required to register for CoreWLAN events?
                                              eskimo Apple Staff Apple Staff (12,455 points)

                                              please walk me through the process of getting this work?

                                              Let’s start with the basics.  Have you tried this on 10.13.4?  One of the bugs I mentioned above (r. 36702504) is reported as fixed on that release, and it should allow CWWiFiClient to work without any specialist entitlements.  Alas, I haven’t had a chance to try this for myself yet.

                                              Share and Enjoy

                                              Quinn “The Eskimo!”
                                              Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                              let myEmail = "eskimo" + "1" + "@apple.com"

                                                • Re: What is required to register for CoreWLAN events?
                                                  hMiya Level 1 Level 1 (0 points)

                                                  Thanks a bunch Quinn, for the prompt reply!

                                                   

                                                  Yes, I have tried this on 10.13.4 which works fine in the non-sandboxed environment only.

                                                  Sandboxed environment throws the following error: "Couldn’t communicate with a helper application".

                                                   

                                                  Code:

                                                  try self.wifiClient.startMonitoringEvent(with: .scanCacheUpdated)
                                                  

                                                   

                                                  Tested on MacOS 10.13.4 with Xcode 9.3.

                                                    • Re: What is required to register for CoreWLAN events?
                                                      eskimo Apple Staff Apple Staff (12,455 points)

                                                      Hmmmm, I’m not sure why helper application this is referring to.  If you catch the error and NSLog it, what do you see:

                                                      do {
                                                          try … stuff …
                                                      } catch {
                                                          NSLog("%@", "\(%@)")
                                                      }

                                                      I guess I need to bite the bullet and install 10.3.4, eh? (-:

                                                      Share and Enjoy

                                                      Quinn “The Eskimo!”
                                                      Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                                      let myEmail = "eskimo" + "1" + "@apple.com"

                                                        • Re: What is required to register for CoreWLAN events?
                                                          hMiya Level 1 Level 1 (0 points)

                                                          Sorry I was printing the localizedDescription of the error which isn't helpful at all.

                                                           

                                                          So, this is what I Catch:

                                                           

                                                          (lldb) po error

                                                          Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.airportd was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.airportd was invalidated.}

                                                           

                                                          (lldb) po error.localizedDescription

                                                          "Couldn’t communicate with a helper application."

                                                            • Re: What is required to register for CoreWLAN events?
                                                              eskimo Apple Staff Apple Staff (12,455 points)

                                                              Error Domain=NSCocoaErrorDomain Code=4099

                                                              Hmmm, that looks exactly like the error that I was under the impression we’d fixed in 10.13.4 (r. 36702504).  At this point I’m going to have to revisit this issue in depth and that’s not something I can do in the context of DevForums.

                                                              Share and Enjoy

                                                              Quinn “The Eskimo!”
                                                              Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                                              let myEmail = "eskimo" + "1" + "@apple.com"

                                                                • Re: What is required to register for CoreWLAN events?
                                                                  eskimo Apple Staff Apple Staff (12,455 points)

                                                                  At this point I’m going to have to revisit this issue in depth and that’s not something I can do in the context of DevForums.

                                                                  It turns out that a different developer open a DTS tech support incident about this issue and that gave me an excuse to re-test.  CWWiFiClient is definitely working for me an 10.13.4.  The only oddity, and I suspect that this is what’s tripped you up, is that this API is now gated by the com.apple.security.network.client entitlement.  Please make sure to enable that entitlement (Xcode > project editor > target > Capabilities > App Sandbox > Outgoing Connections (Client)) and retest.

                                                                  Share and Enjoy

                                                                  Quinn “The Eskimo!”
                                                                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                                                  let myEmail = "eskimo" + "1" + "@apple.com"

                                                                    • Re: What is required to register for CoreWLAN events?
                                                                      hMiya Level 1 Level 1 (0 points)

                                                                      It works, though the events are not consistently working with a little testing that I did but I did get them.

                                                                      Thank you Quinn!

                                                                        • Re: What is required to register for CoreWLAN events?
                                                                          eskimo Apple Staff Apple Staff (12,455 points)

                                                                          I did get them.

                                                                          Excellent news.

                                                                          though the events are not consistently working with a little testing that I did

                                                                          I’m not aware of any specific problems with CWWiFiClient, but I should explain one gotcha that hit me while it was testing it.  CWWiFiClient calls its delegate on a background queue.  If you update your UI from such a delegate callback, you are calling AppKit from a secondary thread, which is not allowed.  There are a variety of ways that this problem can manifest itself.  In my case it meant that the UI wasn’t updating promptly, leading me to think that CWWiFiClient was misbehaving.

                                                                          So, make sure you’re not doing UI stuff in your CWWiFiClient delegate callbacks or, if you need to do that, bounce to the main queue beforehand.

                                                                          Share and Enjoy

                                                                          Quinn “The Eskimo!”
                                                                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                                                          let myEmail = "eskimo" + "1" + "@apple.com"

                                                                        • Re: What is required to register for CoreWLAN events?
                                                                          adriangm20 Level 1 Level 1 (0 points)

                                                                          Using the com.apple.security.network.client entitlement seems sufficient for monitoring events, but it also seems to allow for scanning of networks by calling the [CWInterface scanForNetworksUsingXXX] methods directly on a reference of CWInterface gotten via CWWiFiClient. Is this expected?

                                                                            • Re: What is required to register for CoreWLAN events?
                                                                              appyogi_mehul Level 1 Level 1 (0 points)

                                                                              Yes. Its allowing to scan for other networks (with sandbox ON), but export it with developer signed ID or ad-hoc entitlement and it won't work. It logs "SandboxViolation: deny(1) mach-lookup com.apple.network.EAPOLController" in Console.

                                                                                • Re: What is required to register for CoreWLAN events?
                                                                                  eskimo Apple Staff Apple Staff (12,455 points)

                                                                                  Its allowing to scan for other networks (with sandbox ON), but export it with developer signed ID or ad-hoc entitlement and it won't work.

                                                                                  I’m not sure how “ad hoc entitlements” come into this; ad hoc signing is an iOS concept and not supported on macOS.

                                                                                  With regards “developer signed ID”, are you talking about Developer ID signing?  If so, it’s possible that might behave differently from development signing, but it strikes me as unlikely.  Are you sure that the Developer ID version of the app was signed with the correct entitlements?  That’s the usual cause of problems like this.

                                                                                  I recommend that you dump the entitlements of the built binary using:

                                                                                  $ codesign -d --entitlements :- /path/to/your.app

                                                                                  Share and Enjoy

                                                                                  Quinn “The Eskimo!”
                                                                                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                                                                  let myEmail = "eskimo" + "1" + "@apple.com"

                                                                                    • Re: What is required to register for CoreWLAN events?
                                                                                      appyogi_mehul Level 1 Level 1 (0 points)

                                                                                      My mistake, there is no ad-hoc.

                                                                                      By "developer signed ID" I meant "Developer ID signed".

                                                                                        • Re: What is required to register for CoreWLAN events?
                                                                                          eskimo Apple Staff Apple Staff (12,455 points)

                                                                                          By "developer signed ID" I meant "Developer ID signed".

                                                                                          OK.  And the entitlements of your built binary?

                                                                                          Share and Enjoy

                                                                                          Quinn “The Eskimo!”
                                                                                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                                                                          let myEmail = "eskimo" + "1" + "@apple.com"

                                                                                            • Re: What is required to register for CoreWLAN events?
                                                                                              appyogi_mehul Level 1 Level 1 (0 points)

                                                                                              These are my entitlements

                                                                                              <key>com.apple.security.app-sandbox</key>
                                                                                                <true/>
                                                                                              <key>com.apple.security.network.client</key>
                                                                                                <true/>
                                                                                              
                                                                                                • Re: What is required to register for CoreWLAN events?
                                                                                                  eskimo Apple Staff Apple Staff (12,455 points)

                                                                                                  Did you get that from the .entitlements file?  Or from the built binary?

                                                                                                  Share and Enjoy

                                                                                                  Quinn “The Eskimo!”
                                                                                                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                                                                                  let myEmail = "eskimo" + "1" + "@apple.com"

                                                                                                    • Re: What is required to register for CoreWLAN events?
                                                                                                      Vegerot Level 1 Level 1 (0 points)

                                                                                                      Isn't working for me.

                                                                                                      Line that fails:

                                                                                                      scan = try (interface.scanForNetworks(withName: ssidName, includeHidden:true))

                                                                                                       

                                                                                                      Error:

                                                                                                      An error has occured  while scanning networks: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.airportd was invalidated from this process." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.airportd was invalidated from this process.}

                                                                                                       

                                                                                                      codesign -d --entitlements  - DerivedData/airport-bssid/Build/Products/Debug/airport-bssid

                                                                                                       

                                                                                                      Executable=/Users/maxcoplan/Documents/workspace/airport-bssid-swift/DerivedData/airport-bssid/Build/Products/Debug/airport-bssid
                                                                                                      
                                                                                                      
                                                                                                      
                                                                                                        com.apple.security.network.client
                                                                                                        
                                                                                                        com.apple.security.network.server
                                                                                                        
                                                                                                      
                                                                                                      

                                                                                                      For some reason Apple's code formatter isn't working.  Here's the raw output:

                                                                                                      Executable=/Users/maxcoplan/Documents/workspace/airport-bssid-swift/DerivedData/airport-bssid/Build/Products/Debug/airport-bssid

                                                                                                      ��qq3<?xml version="1.0" encoding="UTF-8"?>

                                                                                                      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

                                                                                                      <plist version="1.0">

                                                                                                      <dict>

                                                                                                        <key>com.apple.security.network.client</key>

                                                                                                        <true/>

                                                                                                        <key>com.apple.security.network.server</key>

                                                                                                        <true/>

                                                                                                      </dict>

                                                                                                      </plist>