User Profile

Hi guys,I have a firewall project, where I used SimpleFirewall as a template. I created the project from scratch and the firewall works, but during configuration of network filter, macOS shows popup"(null) Would Like to Filter Network Content"In SimpleFirewallSample this message shows"SimpleFirewall Would Like to Filter Network Content"Obviously name of the app is missing. I've done the following:* checked entitlements - setup correctly* nothing missing in Info.plist (Bundle Name, Bundle Dispaly Name, etc), filterManager.localizeDescription is set.* I went through dozens if not hundreds of build settings* I changed window title in the MainMenu.xib to precisely match App bundle name* I tried to set up filter configuration from App bundle instead of common framework I use (I thought perhaps NEFilterProviderConfiguration constructor or saveToPreferences() function perhaps checks which bundle calls it and then system checks code signing).* Tried localization for Base and EN* I verified that Filter config in System Preferences in Network uses name of our app and I checked that if I change filterManager.localizedDescription, it correctly changes in those system settings.* you name it - I have done itThe only clue I found in sysem log is this messagedefault15:22:56.895864+0200MyAppSaving configuration MyApp with existing signature (null)The only difference is that I implemented most of the firewall functionality in a framework, so that it could be reused and app bundle links to this framework. Currently I link against this framework from app bundle and system extension using "Embed & Sign". I cannot use other options, because in that case app cannot communicate with extension. Anyway I created clone of Apple's SimpleFirewall and modified it to use common framework with precise settings as in our project and that works correctly.Nothing appears to be working and I cannot get rid of "(nul)" in the popup message in our project.Does anybody know how from which source macOS popup loads this value?Thanks.Robert

Hi guys, is there a way of checking if app is notarized from app audit token or SecCode/SecStaticCode. In a firewall app I need to check if app is notarized. I'm able to detect if app comes from Apple or other developer, source of the app - macOS System, App Store, Developer, but I need to quickly check if app that comes from Developer is Notarized - it shouldn't take more than a few milliseconds, ideally less than 1ms. From terminal I tried spctl to see if app is Notatized, but that takes 5 - 7 seconds to get the result. Is there any interface in SystemSecurity or other framework get this info? Thanks.

Hi everyone, Is it possible to setup Filter configuration in a way that all users can see it in System Preferences -> Network and with correct status (running/not running, that is filtering or not filtering)? When I configure firewall under one user account by setting up System Extension with Network Content Filter, I can see a new item in System Preferences -> Network, where I can also stop and start firewall filtering. When I restart the machine and log in under another user, filtering is still in effect, but this second user cannot see the filter in System Preferences -> Network. In our App it means that we are also unable to get proper filtering state after calling NEFilterManager.shared().loadFromPreferences. I tried to call NEFilterManager.shared().saveToPreferences from System Extension, but I'm getting an error, probably because that runs under root and there is no macOS popup that could ask user to "Allow" filtering. How can I handle this multi-user scenario? When one user configures firewall filtering, the other user should be able to see firewall status, especially if it's filtering data. I guess it would be fine if filtering worked for users separately, although it would pose a security risk for the machine, because one user would use strict rules, another relaxed rules. In that case we would have to enforce certain rules by the app. But filtering works as expected, so when one user configures firewall (usually admin - IT support in corporate world), it filters network by the same rules for all users. It's just that other users see firewall as disabled. Is there a way to call NEFilterManager.shared().saveToPreferences or setup NEFilterProviderConfiguration() in a way that all users see the Filter in System Preferences -> Network and app shows correct firewall status? Thanks. Robert

Hi guys, since forums changes in Apple Developer portal, I don't know how to navigate it. There used to be sections, like UI, Core, Network Extensions, etc. Is it possible to find those categories somewhere? Thanks.

Hi guys,I'm working on system extension and I was using SimpleFirewall Apple sample. That firewall was working, but then I tried to create another framework which would be used by system extension target and the UI target. When starting the app UI window showed up, but without Start/Stop button. Spinner was shown instead. Sample app usually does that when firewall config is enabled and it tries to resume. It didn'tdo anything so I closed the app or stopped it from Xcode. Then I found I'm completely cut off from the network.Then I deleted the app in Debug folder and another older copy in Applications, which asked for admin credentials, because it was hopsting system extension. I was hoping this would remove/disable system exension and therefore firewall filtering.I was however only using filtering on port 80 - HTTP connections, but nothing else. Not sure why entire network went down. I think system extension after rebuilding somehow invalidated system extension and it could not do the handle flow, so entire netwrok traffic froze.Unfortunatelly it didn't help and after rebooting the machine it was unable to connect to the network, possibly because system extension with blocked sample firewall filtering is still active. However macOS requires connection to the network, because needs "Critical update". Of course I had this machine completely upto date. I think macOS might be trying to validate that the machine is not stolen or something so it simply doesn't activate and requires to connect to Apple servers, which with firewall filtering in system extension in some corrupted state is not possible.I tried to run the machine without netwrok, but it does not allow it and I can only shut down the machine or setup network again.I was trying to use systemextensionctl reset from terminal in recovery mode, but that is not available.My machine is currently completely unusable.I really need some help from guy who knows how to fix it, not some customer relations rep, who is going to walk me through basics or online resources.I haven't done backup for a week or 2, because it takes hours, so I don't do it on daily basis.Does anyone know how to recover my machine?Thanks.

Hi guys,I have an issue where I use following config for downloads: let assetConfiguration = URLSessionConfiguration.background(withIdentifier: HlsDownloadProvider.hlsBackgroundIdentifier) assetDownloadQueue.qualityOfService = .utility assetConfiguration.isDiscretionary = true assetConfiguration.sessionSendsLaunchEvents = true assetConfiguration.shouldUseExtendedBackgroundIdleMode = trueWhen using Discretionary mode set to TRUE as recommended by Apple, I see issue where devices with lower battery level complete first download task while the app is minimized, but the next initialized download task does not continue. Task only starts when connecting device to power supply and it starts charging. From user perspective it looks like download simply doesn't work when device is disconnected from power.I need to complete all downloads in the background.How to resolve this?If I set Discretionary mode off and qualityOfService = .userInteraction for large downlioad tasks like movies and TV series, could Apple reject the app?I could perhaps warn users using notification and/or suspend downloads when battery drops below certain level (20% or 50%) or whatever clients and/or Apple define as requirement.Could I perhaps get an official statement from Apple?Thanks,Robert

Hi guys,I have implemented download manager to support multiple iOS versions and 2 types of videos - individual files (eg. MP4) and HLS streams (based on m3u8 manifests) for offline playback. I used following solution:1. iOS 9 - URLSessionDownloadTask for MP42. iOS 10 - URLSessionDownloadTask for MP43. iOS 10 - AVAssetDownloadTask for HLS4. iOS 11, 12 - URLSessionDownloadTask for MP45. iOS 11, 12 - AVAggregateAssetDownloadTask for HLSSolution 5 supports also downloading all audio and subtitle tracks, but I need to implement the same for iOS 10, but iOS 10 SDK doesn't support AVAggregateAssetDownloadTask.I used AVAssetDownloadTask and approach described here:https://developer.apple.com/library/archive/documentation/AudioVideo/Conceptual/MediaPlaybackGuide/Contents/Resources/en.lproj/HTTPLiveStreaming/HTTPLiveStreaming.htmlHowever downloading additional assets doesn't work and I'm getting an error:(String) $R2 = "Optional(Error Domain=AVFoundationErrorDomain Code=-11800 \"The operation could not be completed\" UserInfo={NSLocalizedDescription=The operation could not be completed, NSLocalizedFailureReason=An unknown error occurred (-12782)})"I tried following approaches:SOLUTION 1:- The main download: makeAssetDownloadTask(asset: assetDownloadTask.urlAsset, destinationURL: destinationURL, options: nil)- Asset download: makeAssetDownloadTask(asset: assetDownloadTask.urlAsset, assetTitle: option.displayName, assetArtworkData: nil, options: options)In this case I download the main part (video and default audio) into destination folder.Then I try to download other tracks, hoping that AVURLAsset knows it needs to add downloaded content into destination folder.SOLUTION 2:- The main download: makeAssetDownloadTask(asset: assetDownloadTask.urlAsset, assetTitle: option.displayName, assetArtworkData: nil, options: nil)- Asset download: makeAssetDownloadTask(asset: assetDownloadTask.urlAsset, assetTitle: option.displayName, assetArtworkData: nil, options: options)Here I leave asset download task to handle destination and just take care of setting options.SOLUTION 3:- The main download: makeAssetDownloadTask(asset: assetDownloadTask.urlAsset, assetTitle: option.displayName, assetArtworkData: nil, options: nil)- Asset download: makeAssetDownloadTask(asset: assetDownloadTask.urlAsset, destinationURL: destinationURL, options: options)In this case I download the main part (video and default audio) and leave the download task to inform me of the destination.Then I try to download other tracks to the same destination.SOLUTION 4:- The main download: makeAssetDownloadTask(asset: assetDownloadTask.urlAsset, destinationURL: destinationURL, options: nil)- Asset download: makeAssetDownloadTask(asset: assetDownloadTask.urlAsset, destinationURL: destinationURL, options: options)In this case I download the main part (video and default audio) into destination folder.Then I try to download other tracks to the same destination (it's a folder, so it could just add additional bits and pieces).No matter what I do, when trying to download additional assets using existing AVURLAsset I get the error mentioned above. The only way I get additional assets downloaded is creating new instance of AVURLAsset, but in that case video gets downloaded as well, so if there are 4 subtitle tracks, I get video download 4 times. I could merge all downloads and it would probably work, but it's waste of bandwidth and takes too long. I tried setting AVAssetDownloadTaskMinimumRequiredMediaBitrateKey when downloading additional tracks, but it still downloads video as well.I guess when I create new instance of AVURLAsset I would also need to set property 'assetCache' to the instance held by previous AVURLAsset, but it's read only property.Having cache info in AVURLAsset makes it download only what's missing - similar to playback, when switching audio track or subtitle track.Do you think I should create derived class based on AVURLAsset, so I could update the cache reference?I have already wasted too much time on this and don't want to start another round of experiments using trial & error approach.I was also thinking about using AVPlayerItem and loading assets into cache this way, but that's awkward and really bad way to implement download of HLS streams.Another approach would be parsing m3u8 and use URLSessionDownloadTask for all fragments, but that's overkill.Last resort would be telling clients that additional audio and subtitle tracks are not supported on iOS 10 (well it really isn't, since Apple introduced Aggregate Downloads on iOS 11), but they may still have quite a few subscribers on iOS 10.Any idea how to resolve this?Thanks for any advice on iOS 10 HLS downloads.

Hi guys,I have a problem on tvOS where AVPlayer loads video, but shows black screen with audio playing in background. It happens when loading for example "Tears of steel" MP4 1080p (actual video rect is 1920x800) and calling seek immediately to start from saved resume point. I never managed to reproduce it when loading video and playing from the start, but with seek I can reproduce it at the rate of 20%.When hitting this bug I see player in following state:currentVideoFrameRate = 0videoIsLikelyToKeepUp = trueisPlaybackBufferFull = falseisPlaybackBufferEmpty = falseAVPlayerLayer.isReadyForDisplay = falseThere is no update of UI from background thread or anything like that.When presenting controller, completion block calls additional configuration functions and last of them is setup of video stream.I tried to configure network link conditioner for very slow network, but this seems to have no impact (I thought that perhaps player detects slow network and intentionally ignores video track, so that at least audio could be played smoothly).Config:tvOS Model: A1625 (32GB)tvOS Version: 11.4.1Resolution: 1080pNetwork: Wi-FiAlthough I have a fix, it is sort of a hack.Has anybody seen this issue?Is there a special way I need to initialize video, do any action on AVPlayerLayer?Thanks.