I am currently developing a No-Sandbox application. What I want to achieve is to use AuthorizationCopyRights in a No-Sandbox application to elevate to root, then register SMAppService.daemon after elevation, and finally call the registered daemon from within the No-Sandbox application. Implementation Details Here is the Plist that I am registering with SMAppService: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.example.agent</string> <key>BundleProgram</key> <string>/usr/local/bin/test</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/test</string> <string>login</string> </array> <key>RunAtLoad</key> <true/> </dict> </plist> Code that successfully performs privilege escalation (a helper tool popup appears) private func registerSMAppServiceDaemon() -> Bool { let service = SMAppService.daemon(plistName: "com.example.plist") do { try service.register() print("Successfully registered \(service)") return true } catch { print("Unable to register \(error)") return false } } private func levelUpRoot() -> Bool { var authRef: AuthorizationRef? let status = AuthorizationCreate(nil, nil, [], &authRef) if status != errAuthorizationSuccess { return false } let rightName = kSMRightBlessPrivilegedHelper return rightName.withCString { cStringName -> Bool in var authItem = AuthorizationItem( name: cStringName, valueLength: 0, value: nil, flags: 0 ) return withUnsafeMutablePointer(to: &authItem) { authItemPointer -> Bool in var authRights = AuthorizationRights(count: 1, items: authItemPointer) let authFlags: AuthorizationFlags = [.interactionAllowed, .preAuthorize, .extendRights] let status = AuthorizationCopyRights(authRef!, &authRights, nil, authFlags, nil) if status == errAuthorizationSuccess { if !registerSMAppServiceDaemon() { return false } return true } return false } } } Error Details Unable to register Error Domain=SMAppServiceErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedFailureReason=Operation not permitted} The likely cause of this error is that /usr/local/bin/test is being bundled. However, based on my understanding, since this is a non-sandboxed application, the binary should be accessible as long as it is run as root. Trying post as mentioned in the response, placing the test binary under Contents/Resources/ allows SMAppService to successfully register it. However, executing the binary results in a different error. Here is the plist at that time. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.example.agent</string> <key>BundleProgram</key> <string>Contents/Resources/test</string> <key>ProgramArguments</key> <array> <string>Contents/Resources/test</string> <string>login</string> </array> <key>RunAtLoad</key> <true/> </dict> </plist> Here is the function at that time. private func executeBin() { let bundle = Bundle.main if let binaryPath = bundle.path(forResource: "test", ofType: nil) { print(binaryPath) let task = Process() task.executableURL = URL(fileURLWithPath: binaryPath) task.arguments = ["login"] let pipe = Pipe() task.standardOutput = pipe task.standardError = pipe do { try task.run() let outputData = pipe.fileHandleForReading.readDataToEndOfFile() if let output = String(data: outputData, encoding: .utf8) { print("Binary output: \(output)") } task.waitUntilExit() if task.terminationStatus == 0 { print("Binary executed successfully") } else { print("Binary execution failed with status: \(task.terminationStatus)") } } catch { print("Error executing binary: \(error)") } } else { print("Binary not found in the app bundle") } } Executed After Error Binary output: Binary execution failed with status: 5 Are there any other ways to execute a specific binary as root when using AuthorizationCopyRights? For example, by preparing a Helper Tool?

Hello, I'm buiding a macos app where I bundled a command line tool (Python) with my app. I put the tool in ****.app/Contents/MacOS folder, but it seems like the tool can not execute/read/ access. I don't know if a sandbox app can access/create a folder inside ****.app/Contents folder??? If not where can I put the tool that can access from my macos app? Any idea would be appreciated!

Hi, I accidentally downloaded a disk image and tried to run it, I shortly realized that it is probably malware. I'm worried that there's malware on my computer but I'm unsure if Gatekeeper was able to block me from running the image. I believe I clicked "Open anyway" or something along those lines even after it said not to run it, so I'm pretty scared that it was able to run. I checked the logs for Gatekeeper, and I see that it says "Code did not match any currently allowed policy". Does this mean it blocked whatever disk image I mistakenly tried to run? Thank you so much for your answers, it will help me stop worrying. 2025-03-01 10:45:10.480495-0800 0x953f85 Default 0x0 301 0 syspolicyd: [com.apple.syspolicy.exec:default] Fast Gatekeeper overrides are: inactive 2025-03-01 10:45:14.308061-0800 0x95412e Default 0x0 301 0 syspolicyd: [com.apple.syspolicy.exec:default] Caller indicated a Gatekeeper override occurred: &lt;private&gt; 2025-03-01 10:45:14.314205-0800 0x95412c Default 0x0 39200 2 CoreServicesUIAgent: [com.apple.launchservices:uiagent] Cleared Gatekeeper rejection record sucessfully 2025-03-01 10:45:25.864198-0800 0x953f85 Error 0x0 301 0 syspolicyd: [com.apple.syspolicy.exec:default] Error Domain=GatekeeperPolicyScanError Code=-67018 "Code did not match any currently allowed policy" UserInfo={NSURL=&lt;private&gt;, NSLocalizedDescription=Code did not match any currently allowed policy} 2025-03-01 10:45:30.659323-0800 0x95430b Default 0x0 301 0 syspolicyd: [com.apple.syspolicy.exec:default] Adding Gatekeeper denial breadcrumb (direct): PST: (path: 5451bc9511ea5cc0), (team: (null)), (id: project-55554944375cf61a58343acb828244228823e532), (bundle_id: NOT_A_BUNDLE) 2025-03-01 10:45:30.662733-0800 0x95430b Error 0x0 301 0 syspolicyd: [com.apple.syspolicy.exec:default] Terminating process due to Gatekeeper rejection: 39389, &lt;private&gt; 2025-03-01 10:45:54.602124-0800 0x9545ed Default 0x0 301 0 syspolicyd: [com.apple.syspolicy.exec:default] Fast Gatekeeper overrides are: inactive 2025-03-01 10:46:35.578533-0800 0x9548b4 Default 0x0 301 0 syspolicyd: [com.apple.syspolicy.exec:default] Fast Gatekeeper overrides are: inactive 2025-03-01 10:46:37.719530-0800 0x9533cf Default 0x0 39200 2 CoreServicesUIAgent: [com.apple.launchservices:uiagent] Cleared Gatekeeper rejection record sucessfully

How can I put one list item at the top and another one at the bottom, retaining the NavigationView functionality? Here is a simple app: struct ContentView: View { var body: some View { NavigationView { Sidebar() } } } struct Sidebar: View { @State private var isActive = true var body: some View { List { NavigationLink(isActive: $isActive) { HomeView() } label: { Text("Home") } NavigationLink { SettingsView() } label: { Text("Settings") } } } } struct HomeView: View { var body: some View { VStack {} .navigationTitle("Home") } } struct SettingsView: View { var body: some View { VStack {} .navigationTitle("Settings") } } Which looks like this: My initial though was to put a Spacer() between each NavigationLink, but it results in an unexpected view: What i can do: Place an empty VStack between each NavigationLink with a hard-coded height like this: VStack {}.frame(height: 275) Which looks like this: But it wouldn't work if a user would want to increase the height of a window. I could disable window resizing which is kind of fine, but not the most optimal. Another obvious option was to replace the List with a VStack, but with this approach the styling of the NavigationLink gets broken and it does not get highlighted when I click on it. It looks like this: P.S. I know that NavigationView is deprecated, but i want to support macOS 12.0.

So far, we have been using Google Maps to determine distance along a certain route for a MacOS app to register kilometers for a business administration app. But, this is no longer possible, as the login for google maps no longer works. I understand we would have to pay to continue using the Google Maps service as it was and we would have to make changes to the app. That would be ok, but I was just wondering does any developer on this forum have suggestions on how to resolve this issue? Or even maybe have suggestions, to make this work better than before. Three suggestions by chatgpt: use ANWB route planner using google maps, Pro6pp, or to useWisp.Software (something I haven't heard of before. Your suggestions and ideas are welcome. Also, if the Apple Developer team knows of a way how to do this in your app, your advice is more than welcome. Have a nice day!

on iOS you can choose to scale to view to have the app resize the screen easily in the developer environment. Scale to view is however not easily done on MacOS using NS to solve on MacOS now. Is it possible for the Apple developer team to make this easier for the Developer, as I understand it is for iOS applications?

I am working on Flutter MAC app. And using ObjectBox store DB for local data saving. When i am setting Sandbox - NO, It is working fine. But when i am setting Sandbox - YES for production MAC flutter app - It is giving error and getting black screen only Getting error- Error initializing ObjectBox store: StorageException: failed to create store: Could not open database environment; please check options and file system (1: Operation not permitted) (OBX_ERROR code 10199)

Here's a simple program that spoofs an ARP reply for a given IP address. If I spin up two terminal sessions on the same machine. Run this code in one window % ./spoof en0 192.168.1.7 Listening on en0 for ARP requests to 192.168.1.7 Spoofing MAC: 00:0c:87:47:50:27 And in the second window cause the OS to issue an ARP_REQ % ping 192.168.1.7 You will see the program respond to the ARP request. (Wireshark will see the ARP_REQ and ARP_REPLY packets) however my arp table isn't updated with the MAC for the IP address. There is no firewall active. % arp -a|grep 192.168.1.7 (192.168.1.7) at (incomplete) on en0 ifscope [ethernet] This is running on a MacBook pro M3 (OSX 15.4). HOWEVER, on a MacBook pro M4 (OSX 15.2) is does Work !!!!! Can anyone explain why its not working? spoof.txt

I need to read data from the user. For convenience, the data will be in a property list, so it's easy to get a dictionary containing the property list data. But, since it's coming from outside, I need to validate that the data is in the required format, i.e. it has the right keys and the right sort of data for each key, e.g. <name> has a string, <keys> has an array of appropriate values. Since this is part of a long-established product, and targets 10.13, I want to do this in Objective-C if possible. I've been working mostly with Swift in recent years, so I've forgotten a lot of what I used to know about Objective-C, I'm sure. My first thought was to obtain the value for each key and check the class type with isa, but I see that's deprecated in macOS 13 with no replacement. I don't see another way to check the class. I'm sure other people have solved the same problem, but my searches have not turned up any answers.

My MacOS swift app [myStuckApp5] refuses to close when running on Monterrey (The app becomes unresponsive after finishing its work, and needs to be forcefully closed). However, it closes as expected when running MacOS 13 and above. How can I troubleshoot this error? I'm attaching the content of the sys Log related to the app while it was stuck (too long to copy here...) This is the content of the related sys Log

Hi, I develop a Mac application, initially on Catalina/Xcode12, but I recently upgrade to Monterey/Xcode13. I'm about to publish a new version: on Monterey all works as expected, but when I try the app on Sequoia, as a last step before uploading to the App Store, I encountered some weird security issues: The main symptom is that it's no longer possible to save any file from the app using the Save panel, although the User Select File entitlement is set to Read/Write. I've tried reinstalling different versions of the app, including the most recent downloaded from TestFlight. But, whatever the version, any try to save using the panel (e.g. on the desktop) results in a warning telling that I don't have authorization to record the file to that folder. Moreover, when I type spctl -a -t exec -v /Applications/***.app in the terminal, it returns rejected, even when the application has been installed by TestFlight. An EtreCheck report tells that my app is not signed, while codesign -dv /Applications/***.app returns a valid signature. I'm lost... It suspect a Gate Keeper problem, but I cannot found any info on the web about how this system could be reset. I tried sudo spctl --reset-default, but it returns This operation is no longer supported... I wonder if these symptoms depend on how the app is archived and could be propagated to my final users, or just related to a corrupted install of Sequoia on my local machine. My feeling is that a signature problem should have been detected by the archive validation, but how could we be sure? Any idea would be greatly appreciated, thanks!

I'm writing some code, intended to be run on macOS (not IOS). My code could greatly benefit from using IOReport, which is an undocumented IOKit API for obtaining various metrics like energy consumption on an Apple processor. I don't plan to submit my program to the App Store, but I do plan on making the Git repo containing my code public. My understanding is that using undocumented IOKit APIs is strictly forbidden for IOS or macOS applications intended to be made available on the App Store. But what about programs not intended to be submitted to the App Store, like in my case? I'm wondering if anybody knows what Apple's policy is regarding using undocumented APIs in such a way on macOS.

Hi. I have three disk partitions on my MacBook Air M1. The one with Monterey, the one with Sonoma, and the one with Sequoia (15.3.1 in particular). When I try to download the 15.4 Beta from software update in settings, everything would go "fine" - the download process is being completed, the computer says it's going to restart in 60seconds, the countdown begins, etc. However, when restarting several times, I am being logged in once again into previous macOS (15.3.1) version, with a kernel panic report. I had the same panic on macOS 15.3 when attempting to download 15.4 Beta. I've upgraded my macOS to 15.3.1, as I thought I'd need the very last available version of regular macOS to participate in the newest beta. However, the panic occurs, pointing to some t8020dart.c file. I don't even theoretically know what is this and couldn't find any reference to that C file. Attaching a part of panic report: panic(cpu 3 caller 0x0): t8020dart 0xfffffdf02c980000 (dart-disp0): Can't ignore lock validation @t8020dart.c:535 Debugger message: panic Memory ID: 0xff OS release type: Not set yet OS version: Not set yet Kernel version: Darwin Kernel Version 24.4.0: Sat Feb 15 22:43:38 PST 2025; root:xnu-11417.100.533.501.4~3/RELEASE_ARM64_T8103 Fileset Kernelcache UUID: 232D67A6D42C66E14780A24B3C0AE05D Kernel UUID: F2602757-A486-30A9-8D8E-714224E5FE4A Boot session UUID: 575CD5EA-6898-47ED-9AEC-05E318135695 iBoot version: iBoot-11881.100.964.0.1 iBoot Stage 2 version: iBoot-11881.100.964.0.1 secure boot?: YES roots installed: 0 Paniclog version: 14 KernelCache slide: 0x00000000181d8000 KernelCache base: 0xfffffe001f1dc000 Kernel slide: 0x00000000181e0000 Kernel text base: 0xfffffe001f1e4000 Kernel text exec slide: 0x00000000198d0000 Kernel text exec base: 0xfffffe00208d4000 mach_absolute_time: 0x85b39c4 Epoch Time: sec usec Boot : 0x00000000 0x00000000 Sleep : 0x00000000 0x00000000 Wake : 0x00000000 0x00000000 Calendar: 0x00000000 0x00000000 Zone info: Zone map: 0xfffffe120c000000 - 0xfffffe380c000000 . VM : 0xfffffe120c000000 - 0xfffffe17d8000000 . RO : 0xfffffe17d8000000 - 0xfffffe1a72000000 . GEN0 : 0xfffffe1a72000000 - 0xfffffe203e000000 . GEN1 : 0xfffffe203e000000 - 0xfffffe260a000000 . GEN2 : 0xfffffe260a000000 - 0xfffffe2bd6000000 . GEN3 : 0xfffffe2bd6000000 - 0xfffffe31a2000000 . DATA : 0xfffffe31a2000000 - 0xfffffe380c000000 Metadata: 0xfffffe76ce010000 - 0xfffffe76d7810000 Bitmaps : 0xfffffe76d7810000 - 0xfffffe76d8d80000 Extra : 0 - 0 CORE 0 recently retired instr at 0xfffffe0020a9d2d0 CORE 1 recently retired instr at 0xfffffe0020a9d2d0 CORE 2 recently retired instr at 0xfffffe0020a9d2d0 CORE 3 recently retired instr at 0xfffffe0020a9b9ec CORE 4 recently retired instr at 0xfffffe0020a9d2d0 CORE 5 recently retired instr at 0xfffffe0020a9d2d0 CORE 6 recently retired instr at 0xfffffe0020a9d2d0 CORE 7 recently retired instr at 0xfffffe0020a9d2d0 TPIDRx_ELy = {1: 0xfffffe2040392fb0 0: 0x0000000000000003 0ro: 0x0000000000000000 } CORE 0 PVH locks held: None CORE 1 PVH locks held: None CORE 2 PVH locks held: None CORE 3 PVH locks held: None CORE 4 PVH locks held: None CORE 5 PVH locks held: None CORE 6 PVH locks held: None CORE 7 PVH locks held: None CORE 0: PC=0xfffffe002102157c, LR=0xfffffe0021021568, FP=0xfffffebf22637890 CORE 1: PC=0xfffffe00210207a4, LR=0xfffffe0020fe4eb0, FP=0xfffffebf2262b890 CORE 2: PC=0xfffffe002094c790, LR=0xfffffe002094c63c, FP=0xfffffebf22643890 CORE 3 is the one that panicked. Check the full backtrace for details. CORE 4: PC=0xfffffe00209708b4, LR=0xfffffe00209708b4, FP=0xfffffebf2213fed0 CORE 5: PC=0xfffffe00209708b4, LR=0xfffffe00209708b4, FP=0xfffffebf22163ed0 CORE 6: PC=0xfffffe00209708b4, LR=0xfffffe00209708b4, FP=0xfffffebf2216fed0 CORE 7: PC=0xfffffe00209708b4, LR=0xfffffe00209708b4, FP=0xfffffebf2211bed0 Compressor Info: 0% of compressed pages limit (OK) and 0% of segments limit (OK) with 0 swapfiles and OK swap space Panicked task 0xfffffe260c042b78: 0 pages, 268 threads: pid 0: kernel_task Panicked thread: 0xfffffe2040392fb0, backtrace: 0xfffffebf22666920, tid: 279 lr: 0xfffffe00209332bc fp: 0xfffffebf226669b0 lr: 0xfffffe0020a93cdc fp: 0xfffffebf22666a20 lr: 0xfffffe0020a91e94 fp: 0xfffffebf22666ae0 lr: 0xfffffe00208dbb94 fp: 0xfffffebf22666af0 lr: 0xfffffe0020932ba0 fp: 0xfffffebf22666ec0 lr: 0xfffffe0020932924 fp: 0xfffffe0031577e90 lr: 0xfffffe00211cb198 fp: 0xfffffe0031577eb0 lr: 0xfffffe002120aae4 fp: 0xfffffe0031577f80 lr: 0xfffffe00211f9104 fp: 0xfffffe0031577fe0 lr: 0xfffffe00208dc3fc fp: 0xfffffebf22666ee0 lr: 0xfffffe0020a82d74 fp: 0xfffffebf22666f30 lr: 0xfffffe00222f9964 fp: 0xfffffebf22667c00 lr: 0xfffffe002107c198 fp: 0xfffffebf22667c90 lr: 0xfffffe002107b79c fp: 0xfffffebf22667dc0 lr: 0xfffffe002107963c fp: 0xfffffebf22667e40 lr: 0xfffffe002107ffc8 fp: 0xfffffebf22667f20 lr: 0xfffffe00208e4f04 fp: 0x0000000000000000 Kernel Extensions in backtrace: com.apple.driver.AppleT8020DART(1.0)[6BE1928B-115D-345C-B457-FD1101FC7E1E]@0xfffffe00222f9120->0xfffffe002230139b dependency: com.apple.driver.AppleARMPlatform(1.0.2)[4EB15554-31E0-3057-9A85-EAA79C69E848]@0xfffffe0021369200->0xfffffe00213bf21f dependency: com.apple.driver.IODARTFamily(1)[8FC5A69F-6052-3F02-9EA3-78D080116812]@0xfffffe0022ec6750->0xfffffe0022eda9cf last started kext at 139867172: com.apple.plugin.IOgPTPPlugin 1340.12 (addr 0xfffffe001fba3f70, size 139368)

Hi guys, I am looking for some help from anyone very desperate I am being hacked at the system level dealing with Malious 3rd party TVapp Exhibited ksophicisted container based persistence Possible Zero Day exploration Active Network connection to cloud infrastructure resistance to standard removal I did attempt to report to apple security and have not had an update but fear loss of account access even with 2fa since they have ability Currently I can't access internet/wifi(EVEN with ethernet cable) Honestly any help from anyone

Hi. I am facing a panic in distributed virtual filesystem of my own making. The panic arises on attempt of copying a large folder, or writing a large file (both around 20gb). An important note here is that the amount of files we try to copy is larger than available space (for testing purposes, the virtual file system had a capacity of 18 gigabytes). The panic arises somewhere on 12-14gigabytes deep into copying. On the moment of panic, there are still several gigabytes of storage left. The problem is present for sure for such architectures and macOS versions: Sonoma 14.7.1 arm64e Monterey 12.7.5 arm64e Ventura 13.7.1 intel Part from panic log from Ventura 13.7.1 intel, with symbolicated addresses: panic(cpu 2 caller 0xffffff80191a191a): watchdog timeout: no checkins from watchdogd in 90 seconds (48 total checkins since monitoring last enabled) Panicked task 0xffffff907c99f698: 191 threads: pid 0: kernel_task Backtrace (CPU 2), panicked thread: 0xffffff86e359cb30, Frame : Return Address 0xffffffff001d7bb0 : 0xffffff8015e70c7d mach_kernel : _handle_debugger_trap + 0x4ad 0xffffffff001d7c00 : 0xffffff8015fc52e4 mach_kernel : _kdp_i386_trap + 0x114 0xffffffff001d7c40 : 0xffffff8015fb4df7 mach_kernel : _kernel_trap + 0x3b7 0xffffffff001d7c90 : 0xffffff8015e11971 mach_kernel : _return_from_trap + 0xc1 0xffffffff001d7cb0 : 0xffffff8015e70f5d mach_kernel : _DebuggerTrapWithState + 0x5d 0xffffffff001d7da0 : 0xffffff8015e70607 mach_kernel : _panic_trap_to_debugger + 0x1a7 0xffffffff001d7e00 : 0xffffff80165db9a3 mach_kernel : _panic_with_options + 0x89 0xffffffff001d7ef0 : 0xffffff80191a191a com.apple.driver.watchdog : IOWatchdog::userspacePanic(OSObject*, void*, IOExternalMethodArguments*) (.cold.1) 0xffffffff001d7f20 : 0xffffff80191a10a1 com.apple.driver.watchdog : IOWatchdog::checkWatchdog() + 0xd7 0xffffffff001d7f50 : 0xffffff80174f960b com.apple.driver.AppleSMC : SMCWatchDogTimer::watchdogThread() + 0xbb 0xffffffff001d7fa0 : 0xffffff8015e1119e mach_kernel : _call_continuation + 0x2e Kernel Extensions in backtrace: com.apple.driver.watchdog(1.0)[BD08CE2D-77F5-358C-8F0D-A570540A0BE7]@0xffffff801919f000->0xffffff80191a1fff com.apple.driver.AppleSMC(3.1.9)[DD55DA6A-679A-3797-947C-0B50B7B5B659]@0xffffff80174e7000->0xffffff8017503fff dependency: com.apple.driver.watchdog(1)[BD08CE2D-77F5-358C-8F0D-A570540A0BE7]@0xffffff801919f000->0xffffff80191a1fff dependency: com.apple.iokit.IOACPIFamily(1.4)[D342E754-A422-3F44-BFFB-DEE93F6723BC]@0xffffff8018446000->0xffffff8018447fff dependency: com.apple.iokit.IOPCIFamily(2.9)[481BF782-1F4B-3F54-A34A-CF12A822C40D]@0xffffff80188b6000->0xffffff80188e7fff Process name corresponding to current thread (0xffffff86e359cb30): kernel_task Boot args: keepsyms=1 Mac OS version: 22H221 Kernel version: Darwin Kernel Version 22.6.0: Thu Sep 5 20:48:48 PDT 2024; root:xnu-8796.141.3.708.1~1/RELEASE_X86_64 The origin of the problem is surely inside my filesystem. However, the panic happens not there but somewhere in watchdog. As far as I can tell, the source code for watchdog is not available for public. I can't understand what causes the panic. Let's say we have run out of space. Couldn't write data. Writing received a proper error message and aborted. That's what is expected. However, it is unclear for why the panic arises.

Issue description: Using Xcodebuild command to build a project using Xcode 16.1 and 16.2, getting multiple device simulator warnings with same os and same model. Please see issue: https://github.com/actions/runner-images/issues/11036 Repro steps: create a Xcode project, build it using below command with Xcode 16 version. run: | echo "Building project manually..." xcodebuild -workspace MyApp.xcworkspace -scheme MyApp -destination 'platform=iOS Simulator,name=iPhone 16 Pro,OS=18.2' build | xcbeautify --renderer github-actions

Should I allow the CIJSULAgent to find devices on local network?

I have a multiplatform app that I've been working on that targets iphones, ipad, and macos. I also have a widgetextension that targets all three devices. On iphones and ipads, the widgets show up in the widget gallery with no problems. But on the mac, the widget center does show my app, but its widgets are "from iPhone" meaning that if my app was not install on an iphone, they just won't show up on the mac at all. I have not idea of what I'm doing wrong or how to fix it. Do I need to create a widget extension for the mac seperately?

I have written a small iOS app that I run as a MacOS app using the build target "My Mac (Designed for iPad)". It runs fine, however I cannot find where the app itself is installed on my system. When running the app multiple times I see that a number is appended to the title of my app is incremented indicating that old versions of the app are still installed somewhere. Where are they located on my system? Many thanks for the help!

What is the proper payload for the FDEFileVault? Do I need to provide a user password in the payload to proceed with turning on the FileVault? Isn't that a privacy issue? Why UserEntersMissingInfo does not work for me? How to properly turn off FileVault - every try failed? Below I attach tested payloads and results. Test 1: Enable: "On" Result 1: Error ErrorCode: -319 LocalizedDescription: The ‘FileVault Settings’ payload could not be installed. User authentication failed. Test 2: Enable: "On" Username: "username on a device" Result 2: Error ErrorCode: -319 LocalizedDescription: The ‘FileVault Settings’ payload could not be installed. User authentication failed. Test 3: Enable: "On" Username: "username on a device" Password: "password of the user" Result 3: Success: FileVault turned On Test 4: After previously turning On FileVault successfully after restarting a machine. Enable: "Off" Result 4: Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help. Test 5: Enable: "On" UserEntersMissingInfo: True Result 5: Error ErrorCode: -319 LocalizedDescription: The ‘FileVault Settings’ payload could not be installed. User authentication failed. Test 6: Enable: "On" Username: "username on a device" UserEntersMissingInfo: True Result 6: Error ErrorCode: -319 LocalizedDescription: The ‘FileVault Settings’ payload could not be installed. User authentication failed. Test 7: This is example payload from: https://developer.apple.com/documentation/devicemanagement/fdefilevault#Profile-Example Defer: True Enable: "On" ShowRecoveryKey: True UseKeychain: False UseRecoveryKey: True UserEntersMissingInfo: False Result 7: Success: FileVault turned On Test 8: Same as test 4, but after turning on like test 7. Test 9: Defer: True Enable: "Off" ShowRecoveryKey: True UseKeychain: False UseRecoveryKey: True UserEntersMissingInfo: False Result 9: Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help. Test 10: Defer: True Enable: "Off" ShowRecoveryKey: True UseKeychain: False UseRecoveryKey: True UserEntersMissingInfo: True Result 10: Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help. Test 11: Defer: True Enable: "Off" ShowRecoveryKey: True UseKeychain: False UseRecoveryKey: True UserEntersMissingInfo: True DeferForceAtUserLoginMaxBypassAttempts: 0 Result 11: Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help. Test 12: UserEntersMissingInfo: True Enable: "Off" Username: "username on a device" Result 12: Fail: FileVault didn't turn off, but the profile in settings updated. The machine restart didn't help.