I have a file that can not be removed. When I attempt rm -f /Applications/CrashPlan.app I get "Operation not permitted"Here is the scenario, CrashPlan.app was installed on the MacBook Pro (MacBookPro14,2) running 10.14.4. I found out it was an older version of CrashPlan so I downloaded the installer for the new version and ran it. The installed failed and left behind a file of size 0K.-rw-r--r--@ 1 root admin 0 Apr 11 11:43 CrashPlan.appI then tried to remove the 0K file in terminal with sudo rm -f /Applications/CrashPlan.app and that failed with operation not permitted. I then booted into Recovery mode and ran csrutil disable from terminal and rebooted.sudo rm -f /Applications/CrashPlan.app still failed with operation not permitted.I ran csrutil status in terminal to make sure that sip was disabled and got back: System Integrity Protection status: disabled.I tried booting into single user mode and mounted the drive and tried to rm from there and got the same result. So, from single user mode I did the following:mv /Applications /ApplicationsOLDmkdir /Applicationsmv /ApplicationsOLD/* /Applications/and got an error "Operation not permitted" for CrashPlan.apprebooted and was able to install the new version of CrashPlan, but now I have a folder /ApplicationsOLD that I can not get rid of.Any ideas?

While working through a SwiftUI Tutorial, I found that using: FileManager.default.url(for:, in:, appropriateFor:, create:) to locate a directory for persisting some data, does not work on Apple Silicon Macs when building an app for the "My Mac (Designed for iPad)". Quitting the app loses all state saved. Both the iPhone and iPad test devices are able to save and restore state using this method as usual. Is this the expected behavior? I expected that the M1 platform would be capable of simulating a similar file system for the application. Targeting macOS, iOS, and iPadOS, what's the simplest method to acquire a valid "Documents" or "Data" directory to persist information across launches and after app updates? (Before going nuclear with CoreData, just hasn't been the most friendly API to work with in my experience so far)

Modern versions of macOS use a file system permission model that’s far more complex than the traditional BSD rwx model, and this post is my attempt at explaining that model. If you have a question about this, post it here on DevForums, tagging your thread with Files and Storage so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" On File System Permissions Modern versions of macOS have four different file system permission mechanisms: Traditional BSD permissions Access control lists (ACLs) App Sandbox Mandatory access control (MAC) The first two were introduced a long time ago and rarely trip folks up. The second two are newer, more complex, and specific to macOS, and thus are the source of some confusion. This post is my attempt to clear that up. Error Codes App Sandbox and the mandatory access control system are both implemented using macOS’s sandboxing infrastructure. When a file system operation fails, check the error to see whether it was blocked by this sandboxing infrastructure. If an operation was blocked by BSD permissions or ACLs, it fails with EACCES (Permission denied, 13). If it was blocked by something else, it’ll fail with EPERM (Operation not permitted, 1). If you’re using Foundation’s FileManager, these error are both reported as Foundation errors, for example, the NSFileReadNoPermissionError error. To recover the underlying error, get the NSUnderlyingErrorKey property from the info dictionary. App Sandbox File system access within the App Sandbox is controlled by two factors. The first is the entitlements on the main executable. There are three relevant groups of entitlements: The com.apple.security.app-sandbox entitlement enables the App Sandbox. This denies access to all file system locations except those on a built-in allowlist (things like /System) or within the app’s containers. The various “standard location” entitlements extend the sandbox to include their corresponding locations. The various “file access temporary exceptions” entitlements extend the sandbox to include the items listed in the entitlement. Collectively this is known as your static sandbox. The second factor is dynamic sandbox extensions. The system issues these extensions to your sandbox based on user behaviour. For example, if the user selects a file in the open panel, the system issues a sandbox extension to your process so that it can access that file. The type of extension is determined by the main executable’s entitlements: com.apple.security.files.user-selected.read-only results in an extension that grants read-only access. com.apple.security.files.user-selected.read-write results in an extension that grants read/write access. Note There’s currently no way to get a dynamic sandbox extension that grants executable access. For all the gory details, see this post. These dynamic sandbox extensions are tied to your process; they go away when your process terminates. To maintain persistent access to an item, use a security-scoped bookmark. See Accessing files from the macOS App Sandbox. To pass access between processes, use an implicit security scoped bookmark, that is, a bookmark that was created without an explicit security scope (no .withSecurityScope flag) and without disabling the implicit security scope (no .withoutImplicitSecurityScope flag)). If you have access to a directory — regardless of whether that’s via an entitlement or a dynamic sandbox extension — then, in general, you have access to all items in the hierarchy rooted at that directory. This does not overrule the MAC protection discussed below. For example, if the user grants you access to ~/Library, that does not give you access to ~/Library/Mail because the latter is protected by MAC. Finally, the discussion above is focused on a new sandbox, the thing you get when you launch a sandboxed app from the Finder. If a sandboxed process starts a child process, that child process inherits its sandbox from its parent. For information on what happens in that case, see the Note box in Enabling App Sandbox Inheritance. IMPORTANT The child process inherits its parent process’s sandbox regardless of whether it has the com.apple.security.inherit entitlement. That entitlement exists primarily to act as a marker for App Review. App Review requires that all main executables have the com.apple.security.app-sandbox entitlement, and that entitlements starts a new sandbox by default. Thus, any helper tool inside your app needs the com.apple.security.inherit entitlement to trigger inheritance. However, if you’re not shipping on the Mac App Store you can leave off both of these entitlement and the helper process will inherit its parent’s sandbox just fine. The same applies if you run a built-in executable, like /bin/sh, as a child process. When the App Sandbox blocks something, it typically generates a sandbox violation report. For information on how to view these reports, see Discovering and diagnosing App Sandbox violations. To learn more about the App Sandbox, see the various links in App Sandbox Resources. For information about how to embed a helper tool in a sandboxed app, see Embedding a Command-Line Tool in a Sandboxed App. Mandatory Access Control Mandatory access control (MAC) has been a feature of macOS for many releases, but it’s become a lot more prominent since macOS 10.14. There are many flavours of MAC but the ones you’re most likely to encounter are: Full Disk Access (macOS 10.14 and later) Files and Folders (macOS 10.15 and later) Data container protection (macOS 14 beta and later) Data Vaults (see below) Mandatory access control, as the name suggests, is mandatory; it’s not an opt-in like the App Sandbox. Rather, all processes on the system, including those running as root, as subject to MAC. Data Vaults are not a third-party developer opportunity. See this post if you’re curious. In the Full Disk Access and Files and Folders cases, users grant a program a MAC privilege using System Settings > Privacy & Security. Some MAC privileges are per user (Files and Folders) and some are system wide (Full Disk Access). If you’re not sure, run this simple test: On a Mac with two users, log in as user A and enable the MAC privilege for a program. Now log in as user B. Does the program have the privilege? If a process tries to access an item restricted by MAC, the system may prompt the user to grant it access there and then. For example, if an app tries to access the desktop, you’ll see an alert like this: “AAA” would like to access files in your Desktop folder. [Don’t Allow] [OK] To customise this message, set Files and Folders properties in your Info.plist. This system only displays this alert once. It remembers the user’s initial choice and returns the same result thereafter. This relies on your code having a stable code signing identity. If your code is unsigned, or signed ad hoc (“Signed to run locally” in Xcode parlance), the system can’t tell that version N+1 of your code is the same as version N, and thus you’ll encounter excessive prompts. Note For information about how that works, see TN3127 Inside Code Signing: Requirements. The Files and Folders prompts only show up if the process is running in a GUI login session. If not, the operation is allowed or denied based on existing information. If there’s no existing information, the operation is denied by default. For all the details about data container protection, see WWDC 2023 Session 10053 What’s new in privacy. On managed systems the site admin can use the com.apple.TCC.configuration-profile-policy payload to assign MAC privileges. For testing purposes you can reset parts of TCC using the tccutil command-line tool. For general information about that tool, see its man page. For a list of TCC service names, see the posts on this thread. Note TCC stands for transparency, consent, and control. It’s the subsystem within macOS that manages most of the privileges visible in System Settings > Privacy & Security. TCC has no API surface, but you see its name in various places, including the above-mentioned configuration profile payload and command-line tool, and the name of its accompanying daemon, tccd. While tccutil is an easy way to do basic TCC testing, the most reliable way to test TCC is in a VM, restoring to a fresh snapshot between each test. If you want to try this out, crib ideas from Testing a Notarised Product. The MAC privilege mechanism is heavily dependent on the concept of responsible code. For example, if an app contains a helper tool and the helper tool triggers a MAC prompt, we want: The app’s name and usage description to appear in the alert. The user’s decision to be recorded for the whole app, not that specific helper tool. That decision to show up in System Preferences under the app’s name. For this to work the system must be able to tell that the app is the responsible code for the helper tool. The system has various heuristics to determine this and it works reasonably well in most cases. However, it’s possible to break this link. I haven’t fully research this but my experience is that this most often breaks when the child process does something ‘odd’ to break the link, such as trying to daemonise itself. If you’re building a launchd daemon or agent and you find that it’s not correctly attributed to your app, add the AssociatedBundleIdentifiers property to your launchd property list. See the launchd.plist man page for the details. Scripting MAC presents some serious challenges for scripting because scripts are run by interpreters and the system can’t distinguish file system operations done by the interpreter from those done by the script. For example, if you have a script that needs to manipulate files on your desktop, you wouldn’t want to give the interpreter that privilege because then any script could do that. The easiest solution to this problem is to package your script as a standalone program that MAC can use for its tracking. This may be easy or hard depending on the specific scripting environment. For example, AppleScript makes it easy to export a script as a signed app, but that’s not true for shell scripts. TCC and Main Executables TCC expects its bundled clients — apps, app extensions, and so on — to use a native main executable. That is, it expects the CFBundleExecutable property to be the name of a Mach-O executable. If your product uses a script as its main executable, you’re likely to encounter TCC problems. To resolve these, switch to using a Mach-O executable. For an example of how you might do that, see this post. Revision History 2023-06-13 Replaced two obsolete links with links to shiny new official documentation: Accessing files from the macOS App Sandbox and Discovering and diagnosing App Sandbox violations. Added a short discussion of data container protection and a link to WWDC 2023 Session 10053 What’s new in privacy. 2023-04-07 Added a link to my post about executable permissions. Fixed a broken link. 2023-02-10 In TCC and Main Executables, added a link to my native trampoline code. Introduced the concept of an implicit security scoped bookmark. Introduced AssociatedBundleIdentifiers. Made other minor editorial changes. 2022-04-26 Added an explanation of the TCC initialism. Added a link to Viewing Sandbox Violation Reports.  Added the TCC and Main Executables section. Made significant editorial changes. 2022-01-10 Added a discussion of the file system hierarchy. 2021-04-26 First posted.

Hello, in my Mac Catalyst app, I have detail view with sections modeled as DisclosureGroups. The label view has a button, that shall trigger a file import view when pushed. The label view is defined as follows: swift HStack {         Text(LocalizedStringKey("Documents")).font(.title)         Spacer()         Button {           showFileImporter = false           // fix broken picker sheet           DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {             showFileImporter = true           }         } label: {           Image(systemName: "doc.badge.plus")             .padding(.horizontal, 10)         }         .disabled(!expanded)         .fileImporter(                       isPresented: $showFileImporter,               allowedContentTypes: [.data],           allowsMultipleSelection: false) { result in                       // add fileUrl.startAccessingSecurityScopedResource() before accessing file             NSLog("\(result)")           }       } Unfortunately the file import view is not showing, when the button is pushed, although the state changes to true. Does anybody have any hints? BTW the repo is available at https://github.com/thbonk/repti/tree/ui-refactoring The view in question is https://github.com/thbonk/repti/blob/ui-refactoring/Repti/Source/UI/Views/IndividualDetails/DocumentsSubview.swift Thanks & Best regards Thomas

Hello, everyone! Is there a way to know if a .fileImporter of .fileExporter got dismissed? (The cancel button at the top right was pressed or the view was dismissed with a swipe down.)

This has come up a few times so I thought I’d write it down so that Future Quinn™ could point folks at it. If you have any questions or feedback, please start a new thread and tag it with Files and Storage so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Extended Attributes and Zip Archives In a traditional Unix file system, a file consists of a flat sequence of bytes and a very limited set of metadata. In contrast, a traditional Mac OS file had a second sequence of bytes, the resource fork, and various other bits of Mac metadata. This caused an interoperability problem between Mac and Unix systems because the latter has no place to store the Mac metadata. To resolve this problem Apple introduced the AppleDouble file format. This stores the Mac’s data fork in the Unix file and all the Mac metadata in a companion AppleDouble file. If the file name was foo, this companion file was called ._foo. The leading dot meant that this companion file was hidden by many tools. macOS does not typically need AppleDouble files because Apple file systems, like APFS and HFS Plus, have built-in support for Mac metadata. However, macOS will create and use AppleDouble files when working with a volume format that doesn’t support Mac metadata, like FAT32. Similarly macOS will create and use AppleDouble files when working with archive file formats, like zip, that don’t have native support for Mac metadata. macOS 10.4 added support for extended attributes at the Unix layer. For more on this, see the getxattr man page. As with traditional Mac metadata, this is supported natively by Apple file systems but must be stored in an AppleDouble file elsewhere. Note At the API level the original Mac metadata is modelled as two well-known extended attributes, XATTR_RESOURCEFORK_NAME and XATTR_FINDERINFO_NAME. When creating a zip archive macOS supports two approaches for storing AppleDouble files: By default it stores the AppleDouble file next to the original file. % ditto -c -k --keepParent root root-default.zip % unzip -t root-default.zip Archive: root-default.zip testing: root/ OK testing: root/nested/ OK testing: root/nested/FileWithMetadata OK testing: root/nested/._FileWithMetadata OK No errors detected in compressed data of root-default.zip. Alternatively, it can create a parallel hierarchy, rooted in __MACOSX, that holds all AppleDouble files. % ditto -c -k --keepParent --sequesterRsrc root root-sequestered.zip % unzip -t root-sequestered.zip Archive: root-sequestered.zip testing: root/ OK testing: root/nested/ OK testing: root/nested/FileWithMetadata OK testing: __MACOSX/ OK testing: __MACOSX/root/ OK testing: __MACOSX/root/nested/ OK testing: __MACOSX/root/nested/._FileWithMetadata OK No errors detected in compressed data of root-sequestered.zip. The latter is commonly used for mail attachments because it makes it easy for the recipient to discard all the Mac metadata.

Hi there, I am currently making an app and trying to download content to a user-selected download directory (like how safari does it). However, whenever I set the download directory outside the App's documents, I get the following error when running my code on a real iOS device. downloadedFileMoveFailed(error: Error Domain=NSCocoaErrorDomain Code=513 "“CFNetworkDownload_dlIcno.tmp” couldn’t be moved because you don’t have permission to access “Downloads”." UserInfo={NSSourceFilePathErrorKey=/private/var/mobile/Containers/Data/Application/A24D885A-1306-4CE4-9B15-952AF92B7E6C/tmp/CFNetworkDownload_dlIcno.tmp, NSUserStringVariant=(Move), NSDestinationFilePath=/private/var/mobile/Containers/Shared/AppGroup/E6303CBC-62A3-4206-9C84-E37041894DEC/File Provider Storage/Downloads/100MB.bin, NSFilePath=/private/var/mobile/Containers/Data/Application/A24D885A-1306-4CE4-9B15-952AF92B7E6C/tmp/CFNetworkDownload_dlIcno.tmp, NSUnderlyingError=0x281d045d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}, source: file:///private/var/mobile/Containers/Data/Application/A24D885A-1306-4CE4-9B15-952AF92B7E6C/tmp/CFNetworkDownload_dlIcno.tmp, destination: file:///private/var/mobile/Containers/Shared/AppGroup/E6303CBC-62A3-4206-9C84-E37041894DEC/File%20Provider%20Storage/Downloads/100MB.bin) The summary of that error is that I don't have permission to access the folder I just granted access to. Here's my attached code (I'm using AlamoFire since it's easier to understand, but I'm having a problem saving files in iOS): import SwiftUI import UniformTypeIdentifiers import Alamofire struct ContentView: View { @AppStorage("downloadsDirectory") var downloadsDirectory = "" @State private var showFileImporter = false var body: some View { VStack { Button("Set downloads directory") { showFileImporter.toggle() } Button("Save to downloads directory") { Task { do { let destination: DownloadRequest.Destination = { _, response in let documentsURL = URL(string: downloadsDirectory)! let suggestedName = response.suggestedFilename ?? "unknown" let fileURL = documentsURL.appendingPathComponent(suggestedName) return (fileURL, [.removePreviousFile, .createIntermediateDirectories]) } let _ = try await AF.download(URL(string: "https://i.imgur.com/zaVQDFJ.png")!, to: destination).serializingDownloadedFileURL().value } catch { print("Downloading error!: \(error)") } } } } .fileImporter(isPresented: $showFileImporter, allowedContentTypes: [UTType.folder]) { result in switch result { case .success(let url): downloadsDirectory = url.absoluteString case .failure(let error): print("Download picker error: \(error)") } } } } To reproduce (Run on a REAL iOS device!): Click the Set downloads directory button to On my iPhone Click the Save to downloads directory button Error occurs Upon further investigation, I found that safari uses the Files and Folders privacy permission (Located in Settings > Privacy > Files and folders on an iPhone) to access folders outside the app sandbox (see the attached image for a visual representation of what I'm talking about). I scoured the web as much as I can and I couldn't find any documentation for this exact permission. I have seen non-apple apps (such as VLC) use this permission, but I cannot figure out how it's granted. I tried enabling the following plist properties, but none of them work (because I later realized these are for macOS only) <key>NSDocumentsFolderUsageDescription</key> <string>App wants to access your documents folder</string> <key>NSDownloadsFolderUsageDescription</key> <string>App wants to access your downloads folder</string> Can someone please help me figure out how to grant the files and folder permission and explain what it does? I would really appreciate the help. Image of the permission in question:

General: DevForums tags: Files and Storage, Finder Sync, File Provider, Disk Arbitration, APFS File System Programming Guide On File System Permissions DevForums post File Provider framework Finder Sync framework App Extension Programming Guide > App Extension Types > Finder Sync Disk Arbitration Programming Guide Mass Storage Device Driver Programming Guide Device File Access Guide for Storage Devices Apple File System Guide TN1150 HFS Plus Volume Format Extended Attributes and Zip Archives File system changes introduced in iOS 17 DevForums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi, I am trying to create a hard link on MacOS(Mac Catalyst App) between files using [self linkItemAtURL:fromURL toURL:toURL error:&error]; Source Path for MacOS - /var/folders/lf/dt_4nxd945jdry2241phx0_40000gn/T/net.appname.AppName/documents/... Destination Path for MacOS - /Users/username/Library/Group Containers/group.net.appname.AppName.shared/Message/Media/... Although the same code works fine on iOS, but getting following error on MacOS Error Domain=NSCocoaErrorDomain Code=513 couldn’t be linked because you don’t have permission to access, Operation not permitted Source Path for iOS - /Users/user/Library/Developer/CoreSimulator/Devices/B4054540-345F-4D90-A3C5-DA6E6469A3FC/data/Containers/Data/Application/B4AB7D70-491C-49E5-9A3F-27E66EC3423D/tmp/documents/... Destination Path for iOS - /Users/user/Library/Developer/CoreSimulator/Devices/B4054540-345F-4D90-A3C5-DA6E6469A3FC/data/Containers/Shared/AppGroup/842B248E-CCA6-4B5C-82BD-2858EADD3A90/Message/Media/... However, interestingly if I try to copy the file, it works perfectly fine on MacOS as well. I am unable to understand if it is the permission issue, it should not work with copy as well. Does anyone have any reason/solution to this behaviour?

Hi, I have an extensive macOS test suite that accesses a lot of files located on an external volume (several Tbytes of databases, images,...). After moving to Ventura this test suite is broken. More specifically, when trying to access .sqlite databases I receive a SQL error 23: unauthorised access. This is just the symptom of the fact that I do not seem to have the access rights on those files from the test suite. I verified that by moving such a .sqlite file to /tmp, it opens fine and the corresponding test succeeds. I tried fixing those rights by giving Full Disk Access (FDA) to Xcode, to xctest...but the problem persists. Anyone out there having the same issue that found a fix ? I should add that this test suite is associated with a framework (Swift package) and I have no Xcode project associated with it...just a plain Package.swift file. So I can't really fiddle with project level settings. They surely must exist a way to access any file from a test suite even if it is located on an external disk, etc... Thanks Matthieu

NSOpenPanel.runModal is returning before the user can select a file. It seemed to get progressively worse as the OS updated. Now with macOS Ventura 13.0 it is completely unusable. Supporting docs https://stackoverflow.com/questions/70050559/nsopenpanel-nssavepanel-runmodal-dismisses-immediately-with-cancel-but-only-on https://stackoverflow.com/questions/28478020/presenting-nsopenpanel-as-sheet-synchronously

In our game app, we have screens before/after game levels which are transparent wk webviews. This works great. We have interesting, complex css-based animations. We recently added some Lottie animations, which use a javascript fetch() on a .json file, and that throws a CORS error since you can't normally fetch file:// urls from the app bundle.  The error is eliminated if we set allowFileAccessFromFileURLs to true, but it's an undocumented preference of webkit (not a secret iOS method). It's clearly included in the public WebKit github (in WKPreferences.mm). We have other ideas for workaround, such as JS injection.  Is allowFileAccessFromFileURLs OK to set to TRUE?  Is it a risk of app rejection, and/or a significant risk of being removed int he future, and/or and otherwise bad idea? Do you have any other tips about loading data into web views in-app?

FB9108925 FB10408005 Since Apple Silicon we've seen a lot of WebDAV instability in macOS 11.x, 12.x and now 13.x that isn't found on x86 Macs. Some were fixed in earlier minor OS upgrades (e.g. webdavfs-387.100.1 that added a missing mutex init), but it's still highly unreliable. The purpose of this post is to put more focus on the bug, see if there is something else we can do to help solve this, as well as hear about potential workarounds from other people experiencing the same problems. I've got a reproducible case described below that triggers a deadlock in VFS every time, requiring a hard reboot to fully recover. Before reboot I've captured this stack trace showing the WebDAV/VFS/UBC/VM layers getting tangled up (macOS 13.2 Build 22D49 running on Macmini9,1): Thread 0x16358 1001 samples (1-1001) priority 46 (base 31) 1001 thread_start + 8 (libsystem_pthread.dylib + 7724) [0x18d2e0e2c] 1001 _pthread_start + 148 (libsystem_pthread.dylib + 28780) [0x18d2e606c] 1001 ??? (diskarbitrationd + 99400) [0x100d5c448] 1001 unmount + 8 (libsystem_kernel.dylib + 55056) [0x18d2b2710] *1001 ??? (kernel.release.t8103 + 30712) [0xfffffe00083437f8] *1001 ??? (kernel.release.t8103 + 1775524) [0xfffffe00084ed7a4] *1001 ??? (kernel.release.t8103 + 7081508) [0xfffffe00089fce24] *1001 ??? (kernel.release.t8103 + 2522264) [0xfffffe00085a3c98] *1001 ??? (kernel.release.t8103 + 2523168) [0xfffffe00085a4020] *1001 vnode_iterate + 728 (kernel.release.t8103 + 2410988) [0xfffffe00085889ec] *1001 ??? (kernel.release.t8103 + 6095404) [0xfffffe000890c22c] *1001 ??? (kernel.release.t8103 + 1097172) [0xfffffe0008447dd4] *1001 ??? (kernel.release.t8103 + 1100852) [0xfffffe0008448c34] *1001 ??? (kernel.release.t8103 + 1024804) [0xfffffe0008436324] *1001 ??? (kernel.release.t8103 + 1025092) [0xfffffe0008436444] *1001 ??? (kernel.release.t8103 + 6497736) [0xfffffe000896e5c8] *1001 ??? (kernel.release.t8103 + 2705840) [0xfffffe00085d09b0] *1001 webdav_vnop_pageout + 432 (com.apple.filesystems.webdav + 16920) [0xfffffe000b2db7b8] *1001 webdav_vnop_close + 64 (com.apple.filesystems.webdav + 9492) [0xfffffe000b2d9ab4] *1001 webdav_vnop_close_locked + 96 (com.apple.filesystems.webdav + 19708) [0xfffffe000b2dc29c] *1001 webdav_close_mnomap + 264 (com.apple.filesystems.webdav + 20004) [0xfffffe000b2dc3c4] *1001 webdav_fsync + 404 (com.apple.filesystems.webdav + 20484) [0xfffffe000b2dc5a4] *1001 ubc_msync + 184 (kernel.release.t8103 + 6096856) [0xfffffe000890c7d8] *1001 ??? (kernel.release.t8103 + 1097172) [0xfffffe0008447dd4] *1001 ??? (kernel.release.t8103 + 1100728) [0xfffffe0008448bb8] *1001 lck_rw_sleep + 136 (kernel.release.t8103 + 505804) [0xfffffe00083b77cc] *1001 ??? (kernel.release.t8103 + 607656) [0xfffffe00083d05a8] *1001 ??? (kernel.release.t8103 + 613952) [0xfffffe00083d1e40] I've spent countless hours reading the xnu-8792.81.2 and webdavfs-392 sources trying to understand what happens. Symbols mapped back to the source code tell me it's trying to flush a dirty mmap'ed file back to the WebDAV host when the volume is about to get unmounted, but I suspect the pageout request is triggered recursively, perhaps because the mmap'ed file has shrunk and pages need to be released? The test case: Use Finder to connect to a WebDAV volume which holds a fairly large image (200 MB Photoshop file in my case). Navigate to this file in column mode so Finder renders a preview (using a QuickLook process). I believe this mmap's the file, but that alone isn't sufficient, so I think the Finder tries to write an updated thumbnail back to the volume as well. Click the Eject icon in the Finder to unmount the volume, which now deadlocks that file system. In the end something remains unreleased in the filesystem since the unmount request never completes, so whether that's a VNode lock or just open file refcount or something else I don't know. Now, why this deadlock is only seen on Apple Silicon is a mystery. Is Finder/QuickLook executing different code paths for generating or storing the thumbnail? Or is there yet more cases of uninitialized mutexes/locks that happen to be accidentally functional on x86 but expose a problem on AS? I've been through a lot of kernel source code trying to find any but have come up short. But since the above is easily reproduced I'm hoping someone with filesystem/kernel debug capability can succeed in pinpointing the bug. It's at least positive that the overall architecture works on x86 so I'm hoping it is a simple fix in the end. The reason I'm debugging this is we've got a lot of customers running WebDAV on M1/M2 and they find Finder file copying highly unreliable (i.e. writing many files to the WebDAV server, possibly overwriting existing files; some users have reported a need to reboot 20 times a day). I'm really looking for a bug that's common to all of these tasks, not just the mmap + unmount problem which is a minimal test case that I've cooked up in the lab. The few spindumps I've seen from end users have also included the combination of webdav_vnop_pageout + webdav_fsync + ubc_msync + lck_rw_sleep even if unmounting wasn't the initial op that forced the deadlock. This problem has been reproduced with different WebDAV server vendors, and there is a test account on a server running Apache provided in FB10408005 (though please select the PSD file, not just the tiny JPG). Thanks in advance!

I am building a document-based app with SwiftUI, but whenever I want to create a document in the app, the app shows an alert with the following title: "The document could not be opened" I hit the same problem with Apple's sample project: https://developer.apple.com/documentation/swiftui/building_a_document-based_app_with_swiftui The interesting part is that I only get this error message when I am creating a new file from the "Recents" tab, but when I am creating it from the "Browse" tab, then it works. The beta testers from my app are also experiencing this issue, and they use multiple types of OS versions, and they have enough storage to create the files.

Hello, I'm Hung. I used NSFileManager to get all sub paths of a directory with API subpathsOfDirectoryAtPath:error and I got some crash reports from Firebase. It seems this API has a native bug (insert nil) and just appears in iOS >= 15 (see my attached picture). So I would like to know if it's a native bug or my fault. Please answer me!

Hello, We have several reports from users that our app looses its Full Disk Access permission after reboot. This is something we have not able to reproduce internally, but that is affecting a noticeable amount of users, running various versions of macOS: 11.7.2, 12.4, 12.6.2, 13.1, 13.2, 13.2.1, 13.3, 13.3.1. We also noticed that we are not the only one affected by the issue: https://community.norton.com/en/forums/resolve-repeated-norton-full-disk-access-prompt-when-you-open-norton-macos-13 https://kevinyank.com/posts/privacy-security-settings-reset/ Unfortunately, none of the workaround described in those articles seems to work for our user on the long term. Is it an issue known by Apple? Is there a workaround? Thanks for your help.