eskimo

[quote='873103022, roanutil, /thread/811382?answerId=873103022#873103022, /profile/roanutil'] In the real app which includes a widget extension … [/quote] Yeah, that makes sense [1]. And I take it that you actually need to share iCloud key-value store preferences between the app and the widget? Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com [1] For the definition of “sense” that we’re converging on here (-:

I asked about this internally and the result was a bad news / good news / bad news story: The first bad news is that my colleague confirmed that my understanding of the keychain side of this seems to be accurate The good news is that, while that’s true in general, authorisation plug-ins have a specific affordance for dealing with smart cards. Consider the GetLAContext, GetTokenIdentities, and GetTKTokenWatcher entry points in AuthorizationCallbacks. The further bad news is that I’m kicking myself for forgetting about said entry points )-: Anyway, give these a whirl and see how far you get. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='873184022, iceboy, /thread/811084?answerId=873184022#873184022, /profile/iceboy'] The user previously … [/quote] Well, that’s quite an edge case. Having said that, just because it’s an edge case doesn’t mean it shouldn’t work |-: [quote='873189022, iceboy, /thread/811084?answerId=873189022#873189022, /profile/iceboy'] And what is the basis for generating this value? [/quote] I can’t go into those details. I don’t know off the top of my head but, even if I did, I’m reluctant to discuss implementation details like this unless there’s some specific benefit to it. And I’m not seeing that here. Rather, this is clearly something that you should report as a bug. IMPORTANT For this bug to get any sort of traction, you’ll need a sysdiagnose log. I’m presuming you can’t reproduce that yourself, so you’ll need to ask your user to either send you the sysdiagnose log or file their own bug, attach the log there, and send you the bug number. Ideally they’d trigger this sysdiagnose log immediately after the value cha

Thanks for the extra context. At this point I feel comfortable talking about technical stuff… Oh wait, there’s one more business-y thing. My focus is on technical stuff. I don’t work for App Review and can’t make definitive statements about their policies. OK, now let’s talk technical… Mach is a capability-based system [1]. For you to get access to a Mach port, someone who already has access must share their access with you. So, who has access? And how can you convince them to share? In this case only two entities have access: The ‘system’ The target process itself There’s no way to convince the system to share its access, at least on iOS [2]. So the only option is to get the target process to give you access to itself. In theory, this should be trivial: Your app calls mach_task_self to get a send right for its control port. It then sends your extension a copy of that right via XPC. In practice, there are complications. IMPORTANT I’ve never tried this sort of thing on iOS, so I’ve no idea whether it’ll work a

[quote='873090022, emilsp, /thread/811445?answerId=873090022#873090022, /profile/emilsp'] I've since gone and uploaded yet another sysdiagnose [/quote] Thanks for that. I did take a quick look, primarily to see if the spindump showed the pathology that I outlined on 13 Jan. It does not. There no sign of your packet tunnel provider process in the spindump, nor are there any Service could not initialize messages in the last hour of system log. So, it’s not clear whether this a separate issue with similar symptoms or the same issue where the symptoms can vary significantly. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

What Kevin said, obviously (-: [quote='873111022, absinth, /thread/813148?answerId=873111022#873111022, /profile/absinth'] i just tried to reproduce it again … today the issue is gone. [/quote] Bah! [quote='873111022, absinth, /thread/813148?answerId=873111022#873111022, /profile/absinth'] so, unless the log files i already have are enough [/quote] That’s unlikely. A sysdiagnose log captures a bunch of state. That includes a system log snapshot, but it includes other state that’s not directly encoded in the log. The chances of a bug getting traction without that log is… well… it’s not impossible, but it’s significantly reduced. There’s a lesson to be learnt here, namely grab sysdiagnose logs early and often (-: If you don’t see the problem again internally, you can still ask your customers to take a sysdiagnose log themselves. It’s relatively easy for them to do. They can either pass it along to you or, if they’re not comfortable with that, file their own bug in Feedback Assistant and pass you the bug number.

OK. I don’t think you can optimise beyond that. Rather, I think you should use that as a baseline for performance work as you evolve your program. Speaking of that, An Apple Library Primer has links to various WWDC talks where the linker team discusses various topics. Most notably, the 2022 talk discusses launch times. It’s well worth a watch. Finally, just for context, the libSystem initialiser does a bunch of really critical stuff. For example, it has the code that sets up the App Sandbox, if the executable enables it. If you want to see this initialiser in action, open your true clone project, set a symbolic breakpoint on libSystem_initializer, and run it from Xcode. When you stop at the breakpoint, Xcode will show a page of disassembled code, but that’s not too hard to understand. And most of the symbols are present, so you can look up the source code in Darwin. IMPORTANT The Darwin open source isn’t guaranteed to match the source used to build the OS, but it’s usually close enough to be quite instructive

Hey Claude31, it’s nice for me to be helping you for a change (-: It’s hard to tell exactly what’s going wrong here without know more about the objects in play. However, in general, when you decode something from a secure keyed archive, you have to tell the system what type you’re expecting. That’s the key factor is what makes it secure. Over the years I’ve helped a bunch of folks with problems like this. All of these threads have code snippets from me that you should find useful: Question about including all project classes in ofClasses parameter when using NSKeyedUnarchiver.unarchivedObject(ofClasses:from:) Fragment large size data sent and received using NSKeyedArchiver.archivedData in GameCenter Unarchiving an object with custom classes XPC, Swift, ObjC, and arrays NSKeyedUnarchiver decodeObjectOfClasses failed NSKeyedUnarchiver decodeObjectOfClasses failed 'unarchiveTopLevelObjectWithData' was deprecated Use unarchivedObject(ofClass:from:) instead NSkeyedArchiver fails when trying to archive subclass obj

Each system log entry has time to live (TTL) value. You can see evidence for this in various places within the UI. For example: % sudo log stream … TTL … 0 fseventsd: (libsystem_info.dylib) Resolve user group list … … 7 WindowServer: (SkyLight) [com.apple.SkyLight:KeyboardEvent] kCGSEventKeyUp … AFAIK there’s no supported way to override that, but if you poke around in /System/Library/Preferences/Logging on your Mac it’s not hard to see how it works. WARNING As with all implementation details, there’s no guarantee that this will actually work, or that it hasn’t worked differently in the past, or will work differently in the future. So don’t build knowledge of this into a product that you ship to a wide range of users. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Xcode is telling you that com.apple.developer.shazamkit isn’t a real entitlement. See Determining if an entitlement is real for more background on this. The solution is to do what Xcode suggested, that is, remove that property from your .entitlements file. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='813285021, SimonWei, /thread/813285, /profile/SimonWei'] there is no such thing [/quote] Are you a member of a paid developer team? Do you have that team selected in Signing & Capabilities? If you’re using a Personal Team — that is, using any Apple Account for local development without signing up to paid team — then you won’t be able to use this capability. Developer Account Help > Reference > Supported capabilities (iOS) explains the background to this, although it hasn’t yet been updated to cover this specific capability (r. 168576113). Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Oh, there’s one more thing I should add to the above list: Open source server sample (PIR Service Example) The iOS sample code discusses this, but I can’t over-emphasise how useful it is. On that page you’ll find a link to the server’s documentation, which chock full of interesting info. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

So, I have three bits of good news: My boss got me an iPhone 17 so that I can test this properly. Thanks boss! It was a public holiday in the US yesterday, which allowed me to catch up a bit, so I had some time to play with MIE today. I figured out the sequence to get soft mode crash reports (-: Here’s what I did: Using Xcode 26.2 on macOS 26.2 [1], I created a new project from the iOS > App template, choosing Objective-C as the language. In the view controller, I added this code: - (IBAction)testAction:(id)sender { char * buf = malloc(32); buf[16] += 1; free(buf); buf[16] += 1; } I added a Test button and wired it up to that action. In Signing & Capabilities, I added the Enhanced Security capability and checked all the boxes (-: In the scheme editor, I enabled Diagnostics > Hardware Memory Tagging. I selected an iPhone 17 running iOS 26.2 as my run destination and chose Product > Run. On the device, I tapped the Test button. It trapped, with Xcode highlighting the second increment. So far, so go

[quote='872754022, oleksandr91, /thread/810880?answerId=872754022#872754022, /profile/oleksandr91'] I also went through your steps, all with the same results. [/quote] OK. I’m starting to run out of ideas here )-: Your TKTokenWatcher confirms that the smart card is online at this time, but you can’t access it via SecItemCopyMatching. My best guess — somewhat informed by the specific error, errSecNotAvailable — is that the data protection keychain isn’t online at this point, and thus all data protection keychain calls are failing early, before they get to the point where the system realises that you’re actually targeting a token. I’m not aware of any way to create a SecKey without going through the data protection keychain. However, it’s possible that I missed a memo here. I’m gonna do some digging and get back to you. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Hmmm. We have: A WWDC video that introduces the feature (WWDC 2025 Session 234 Filter and tunnel network traffic with NetworkExtension) Documentation (URL filters) Sample code (Filtering traffic by URL) Engineers helping in the forums I’m not sure what else you’re looking for but if you have concrete suggestions you should definitely put them in an enhancement request (and post your bug number here, just for the record). My advice is that you actually try this and see how far you get. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com