System Extensions

RSS for tag

Install and manage user space code that extends the capabilities of macOS using System Extensions.

System Extensions Documentation

Posts under System Extensions tag

121 Posts
Sort by:
Post not yet marked as solved
1 Replies
101 Views
As enterprise endpoint security/data loss prevention application, we need to detect data which is being transferred out of the enterprise context from their MacOS filesystem through applications like Cloud Sync or Email. Depending on the file content, type and size, we require some time for scanning the content being sent. This can range from milli seconds to few minutes for very large contents. But the Endpoint Security message has to be responded within the provided message deadline else application will be killed. This deadline is reducing with every macos release and its now only 15 seconds on macos sonoma which is blocking our use case of completing the scan before responding. We may scan it before but it imposes challenges of the data being modified before actual sent. So, we have to scan it on the fly and cant rely solely on the previous scans. Is there any way an Enterprise can customize this deadline value depending on the ES message and scanning application may be through MDM setting?
Posted
by PremsApp.
Last updated
.
Post not yet marked as solved
8 Replies
189 Views
We have a test scenario where we install our app package on a Mac setup using MDM (Jamf). Below are the test steps and observation: This installation is done on this Mac with no user logged in. Installation is completed successfully. Now when an user log in on this mac machine, the expectation is that the app bundle will be started by the launchd (RunAtLoad). But the app is not started. When I check console logs I could see few logs around the app but from those logs I couldn't figure out why the app didn't start. I rebooted my test machine but that also didnt start my app. My app is not listed in 'launchctl list' command. My App bundle contains container app and a packet tunnel extension. Below is how my plist file looks like in '/Library/LaunchAgents/com.****.***ui.plist': { KeepAlive = 1; Label = "com.*****.client.****ui"; LimitLoadToSessionType = ( Aqua ); ProgramArguments = ( "/Applications/*********.app/Contents/MacOS/****Module" ); RunAtLoad = 1; SuccessfulExit = 1; Version = "110.200.0.100"; } In Console below are the last set of log which I could find related to my app: support_log.txt In above logs below statement mentions the extn which is related to my app bundle: 2024-03-19 15:48:55.256020+0530 0x462 Default 0x0 206 0 symptomsd: (SymptomEvaluator) [com.apple.symptomsd:analytics] [Skipping first 85 of 95 entries] 2024-03-19 15:48:55.256051+0530 0x462 Default 0x0 206 0 symptomsd: (SymptomEvaluator) [com.apple.symptomsd:analytics] entry: Thu Feb 8 20:48:26 2024 NetworkExtension.com.*****.client.*****-Client.*****ui.*****pkttunnel.104.2.12.191.104.2.12 (bundle) 0 0 0 0 0 0 Can someone please help me in understanding what could be wrong here, why would 'RunAtLoad' key word wont work here to start my app on user login or reboot? Note: Everything work fine when my app is installed with an user logged in to the test machine. Also App starts successfully if I run command 'lauchctl bootstrap gui/ /Library/LaunchAgents/com.****.****ui.plist' in the above mentioned test scenario where app didnt auto start by launchd: 'RunAtLoad'.
Posted
by macnd.
Last updated
.
Post marked as solved
3 Replies
182 Views
Both the extension and the receiving application are in the same app group. I can't find the issue. It doesn't seem to be a problem with entitlements. Maybe an issue with the string formatting/conversion? Maybe I am not allowed to send distributed center notifications from the camera extension? I am sending the notification calling: func notifyChangeInUsage() { os_log("Notifying the virtual camera change in usage", log: cdsLog, type: .info) // this is logged DistributedNotificationCenter.default().postNotificationName(NSNotification.Name("VirtualCamUsageChanged"), object: nil, userInfo: nil, deliverImmediately: true) } And receiving it in the other end, subscribing with std::string notification = "VirtualCamUsageChanged" [mObserverClassInstance subscribe:@(notification.c_str())]; where subscribe is the following method, which is tested to be working. - (void)subscribe:(NSString *)notification { [[NSDistributedNotificationCenter defaultCenter] addObserver:self selector:@selector(callCallback:) name:notification object:nil suspensionBehavior:NSNotificationSuspensionBehaviorDeliverImmediately]; }
Posted Last updated
.
Post marked as solved
1 Replies
240 Views
hi,all readBytes: An NSData object containing the data to filter. For non-UDP/TCP flows, since the data may optionally include the IP header, readBytes includes a 4-byte NEFilterDataAttribute field preceding the user data. Your handler must examine the NEFilterDataAttribute field and handle the data accordingly. the param above in method handleInboundDataFromFlow:readBytesStartOffset:readBytes: i assume it contains a 4-byte NEFilterDataAttribute field preceding the user data all the time, is it normal that i get a NEFilterDataAttribute: 1099782776645(and some other very big number) const NEFilterDataAttribute* dataAttr = readBytes.bytes; NSLog(@"NEFilterDataAttribute: %ld",*dataAttr); and after the initial 4 bytes, if the offset param is 0, can i assume that UDP/TCP or IP packet headers can be extracted from the data?
Posted
by MeLawSS.
Last updated
.
Post not yet marked as solved
1 Replies
139 Views
Hi Team, I have been working on an application that includes a Network Extension. I wanted to disable it if a captive portal is detected over the network. I have tried different approaches to detect it, including the standard approach outlined in the following document: https://datatracker.ietf.org/doc/html/draft-ietf-capport-api, using the URL https://captive.apple.com/hotspot-detect.html. However, none of these methods seem to be working. Additionally, the kSCNetworkReachabilityFlagsConnectionRequired flag is not being flagged when under a captive network. Could you please assist with this issue? Thank you.
Posted
by jainash.
Last updated
.
Post not yet marked as solved
6 Replies
259 Views
I encountered a problem while implementing DNS Proxy for Network Extension. It consists of MyMyExt, a System Extension that implements DNS Proxy, and MyMyService, a container. The system extension consists of classes that inherit the NEDNSProxyProvider. Class has overrided "override init(), override func startProxy(...), override func stopProxy(...) override func handleNewFlow(...)" Since the manager.loadFromPreferences(...) and manager.saveToPreferences(...) calls, system extensions and DNS Proxy have been added. However, contrary to expectations, init(), startProxy(...), etc. are not being called. (In System Settings → Network → Filter, DNS Proxy has been added, but is displayed as "Activated" and a yellow circle) Here is the information that appears on the console. ... Omitted ... MyMyService.MyMyExt [Info] DNSProxyManager.swift: 51 [-] DNSProxy: saved nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Adding a connection for client mDNSResponder[167] nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: handleNetworkDetectionNotification <MyMyService.MyMyExt> nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Received a restart command from nesessionmanager[1011] nesessionmanager Registering session NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)] nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Resetting VPN On Demand nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)] in state NESMVPNSessionStateIdle: update configuration nesessionmanager <NESMServer: 0x13ae0ac90>: <MyMyService.MyMyExt> Register DNS Proxy Session: NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)] nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Successfully registered nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: status changed to connecting nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)] in state NESMVPNSessionStateIdle: received start message nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Leaving state NESMVPNSessionStateIdle nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Entering state NESMVPNSessionStatePreparingNetwork nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Cannot create agent for plugin type MyMyService.MyMyExt, missing designated requirement nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Failed to create an NEAgent nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Leaving state NESMVPNSessionStatePreparingNetwork nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:<GUID>:(null)]: Entering state NESMVPNSessionStateStopping, timeout 20 seconds ... Omitted ... Perhaps the key is the "Cannot create agent for plugin type MyMyService.MyMyExt, missing designated requirement" recorded in the log. But I can't find out what this message is about or how to resolve it. and, here is my code, more info at my previous post. I ask for your help. Thank you, for your attention.
Posted
by b3p00p.
Last updated
.
Post not yet marked as solved
1 Replies
851 Views
Hello, I'm keeping on getting a failure when trying to install an App from Samsung Dex. The report says to "disconnect your phone to install" but NO phone is connected. I tried various command line and numerous troubleshooting to reset and refresh some KEXT but still issue exists. Here is the install.log below. What could be the work around this bug? How to reset and proceed with installation? Thank you p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 16.0px 'Helvetica Neue'; color: #262626; -webkit-text-stroke: #262626; background-color: #ffffff} span.s1 {font-kerning: none} 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: @(#)PROGRAM:Install  PROJECT:Install-1000 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: @(#)PROGRAM:Installer  PROJECT:Installer-1020 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Hardware: iMac18,2 @ 3.00 GHz (x 4), 32768 MB RAM 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Running OS Build: macOS 11.4 (20F71) 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: USER=KP 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: __CFBundleIdentifier=com.apple.installer 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: COMMAND_MODE=unix2003 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: LOGNAME=KP 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: PATH=/usr/bin:/bin:/usr/sbin:/sbin 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.LsIZhGSQv0/Listeners 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: SHELL=/bin/zsh 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: HOME=/Users/KP 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: __CF_USER_TEXT_ENCODING=0x1F5:0x0:0x0 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: TMPDIR=/var/folders/d_/hqzchb455m9ct55v66n3n2_w0000gn/T/ 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: XPC_SERVICE_NAME=application.com.apple.installer.1152921500312163432.1152921500312163437 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Env: XPC_FLAGS=0x0 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Samsung DeX  Installation Log 2021-07-08 19:33:08-04 KPs-iMac Installer[9137]: Opened from: /Volumes/Samsung DeX/Install Samsung DeX.pkg 2021-07-08 19:33:09-04 KPs-iMac Installer[9137]: Package Authoring Error: <background_scaling> has an unsupported MIME type: X-NSObject/NSNumber 2021-07-08 19:33:09-04 KPs-iMac Installer[9137]: Package Authoring Error: <background_alignment> has an unsupported MIME type: X-NSObject/NSNumber 2021-07-08 19:33:09-04 KPs-iMac Installer[9137]: Package Authoring Error: has an unsupported MIME type: X-NSObject/NSNumber 2021-07-08 19:33:09-04 KPs-iMac Installer[9137]: Failed to load specified background image 2021-07-08 19:33:09-04 KPs-iMac Installer[9137]: Product archive /Volumes/Samsung DeX/Install Samsung DeX.pkg trustLevel=350 2021-07-08 19:33:09-04 KPs-iMac Installer[9137]: External component packages (2) trustLevel=350 2021-07-08 19:33:09-04 KPs-iMac Installer[9137]: Could not load resource readme: (null) 2021-07-08 19:33:16-04 KPs-iMac Installer[9137]: Installation checks failed. 2021-07-08 19:33:16-04 KPs-iMac Installer[9137]: Installation check failure.  . Disconnect your phone to install..
Posted
by kohp.
Last updated
.
Post not yet marked as solved
3 Replies
370 Views
Xcode Version 15.2 (15C500b) After upgrading Xcode from 14 to 15.2 I am not able to attach system extension (packettunnel) process to Instruments tools for memory debugging. Same is working fine with Xcode 14. Error displayed: "Process No Longer Exists". But the service is running and is listed in process list. % ps -ax | grep -i pkttunnel | grep -v grep 61910 ?? 0:01.04 /Library/SystemExtensions/5F4AF6EF-****-****-****-F11****9CE78/com.******.client.*****-Client.***ui.***pkttunnel.systemextension/Contents/MacOS/com.******.client.*****-Client.***ui.***pkttunnel.systemextension Note: I am able to attach a normal program to Instruments tool for memory debugging, I have noticed this issue with system extension processes only.
Posted
by macnd.
Last updated
.
Post not yet marked as solved
1 Replies
190 Views
We added a packet filter to our app, then found a way to not need it, so we want to be able to remove it on upgrades. But we don't want to install it if it's not already installed. Simple, right? The basic flow of the code is, on start-up, it does a propertiesRequestForExtensiion request. The method for the delegate goes through the various versions, ignoring any that are property.isEnabled == NO. When it comes to one that is enabled, it checks the version -- if it's the same version as the running app, it goes to deactivate it. If it's a different version, it goes to enable the current version (creating a activationRequestForExtensiion request). This should all be very simple. Except. At some point during this, the properties request gets a failure -- Domain=OSSystemExtensionErrorDomain Code=1. Ok, it seems there are lots of them laying around (I haven't rebooted in a while), and that method doesn't return once it finds one that is enabled. So maybe it doesn't like that. And then the activation request that was submitted also fails, also with the same error that doesn't explain anything. I thought, ok, maybe they don't like to stop on each other's toes, so let's create a serial dispatch queue, and have all of the system extension requests use that queue. That way, the activation request won't begin until the properties request has finished! Only I did that. And it did get a bit further -- the request method was invoked! Only then I still got messages about the properties and activation requests failing with the same unknown error. So then I looked at console. And sysextd is crashing, every time this happens. And then I dump all of the logs around that time, and look through them, and see... nothing. I had hoped to end this with a description of how I achieved victory, but instead... I'm going to have to reboot and see if that solves the mysterious crashing of sysextd.
Posted
by kithrup.
Last updated
.
Post not yet marked as solved
6 Replies
493 Views
Hi Team, We are using NETransparentProxyProvider, and we have observed that whenever we set setNetworkInterface with NENetworkRule, it always generates the DNS query even if the TTL time has not passed. However, when I stop the NETransparentProxyManager using stopVPNTunnel and set setNetworkInterface as nil, it will not re-issue the DNS query until the DNS TTL time has passed.
Posted
by namdev20.
Last updated
.
Post marked as solved
3 Replies
295 Views
I have a Network extension contains App Proxy and Content Filter. After installation, extension process is not getting auto launch. We want to execute some code in main.swift. extension process is getting launch on enabling either App Proxy or Content Filter. how to launch network extension process after installation? Installations Sample code: let activationRequest = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: id, queue: .main) OSSystemExtensionManager.shared.submitRequest(activationRequest)
Posted Last updated
.
Post not yet marked as solved
3 Replies
369 Views
For a security product, I wonder if security extension has a capability to catch a file during copy operation (I guess it's composed out of multiple basic ops like file read and file write). I'd like to store the file in some quarantined temporal (let's say when someone copy file from external file system like usb/network location and copy it back once the file has properly scanned. So far, i've used the authorization capabilities of the security extension. I wonder if there's also an option to change the target location of a file being copied ? Thanks.
Posted
by chapo213.
Last updated
.
Post not yet marked as solved
1 Replies
316 Views
Platform: MacOS 12.0 I have an app bundle which contains an packet tunnel extension. I am not running my packettunnel extension in a Sandbox as I dont plan to post my app in Apple's App Store. I have an requirement to run privilege operations which I have run any place from the app. As we know the user app cannot run these privilege operations we can use the 'Service Management' api: SMJobBless to start a helper tool which can run these privileged tasks. But as I stated earlier I can run these privileged tasks from any place in the bundle, we have packettunnel extension which is running with root privileges. So looking at my above environment what would be recommended? do I really need to start a privileged helper tool or I can directly run these privileged operations from packettunnel extension? One advantage of running these privilege tasks in packettunnel extension I see is that it will not require additional an user authentication which is needed in case of using SMJobBless(), this will also avoid upgrade management of the helper tool.
Posted
by macnd.
Last updated
.
Post not yet marked as solved
2 Replies
302 Views
Hi Team, We are using NETransparentProxyProvider and have observed that AirDrop is not functioning. I attempted to utilize protocolConfiguration in NETransparentProxyManager as mentioned below. manager.protocolConfiguration?.excludeLocalNetworks = true; but it did not work. Could you please provide guidance on how to exclude local network traffic in NETransparentProxyProvider?
Posted
by namdev20.
Last updated
.
Post not yet marked as solved
4 Replies
377 Views
I have a simple CLI app bundle that activates my system extension. When I sign it for development it works fine. However, once I sign it with my developer ID certificate for distribution, the network extension will not activate, getting stuck the activation request and completely killing any internet connectivity until I restart. The only thing that I see is different is when I call systemextensionsctl list I get something like: 1 extension(s) --- com.apple.system_extension.network_extension enabled active teamID bundleID (version) name [state] <TEAM_ID> com.company.networkExt (1.0/240116145656) - [validating by category] * * <TEAM_ID> com.company.networkExt (1.0/240115061310) ProxyExtension [activated enabled] Where the one specifying [validating by category] is the one that I'm trying to activate signed with the developer ID cert. The one that is [activated enabled] got there from a dev build. The app was built and notarized and shows to be valid by any codesign -dv --verify --strict and spctl commands that I've found. The system extension is also valid according to codesign. The entitlements are adjusted to use the -systemextension suffix to work with Developer ID certificates. Is there another step required to make it work with a developer ID certificate?
Posted
by mjgalindo.
Last updated
.
Post not yet marked as solved
5 Replies
542 Views
Hi, We have an app that installs a number of system extensions. According to this documentation the app must be located in the Applications folder to be activated so when the app launches we check that it is running from /Applications (or a subfolder) and if it isn't we inform the user and exit. This has been working fine until a recent submission whereupon installing the app via TestFlight casuses it to be translocated when run and our check to fail. So, a couple of questions: Is it expected that an app installed via TestFlight (or indeed the AppStore) can be translocated when it is run? If yes to the above, how can we ensure that out app is running from Applications and can therefore activate its extensions? Thanks Alan
Posted
by AlanC74.
Last updated
.
Post not yet marked as solved
1 Replies
300 Views
If I do these tasks on random order, CMIO CameraExtension go into unstable condition. Copy MyApp.app under /Applications or /Applications/MyAppGroup/ Install by MyApp sending OSSystemExtensionRequest.activationRequest Check install condition by command : "systemextensionsctl list" uninstall by MyApp sending OSSystemExtensionRequest.deactivationRequest Remove /Applications/MyAppGroup/ by command line and Finder Remove /Applications/MyApp.app by command line and Finder Kill MyApp.app during activationRequest. Once my CMIO CameraExtension go into unstable condition, it is impossible to remove on normal way. "systemextensionsctl list" shows my extension is activated. Remove by API failed with code=4. Removing file of MyApp.app does not remove CameraExtension Only way to remove CameraExtension is "Boot macOS as recovery mode", disable SIP, "systemextensionsctl uninstall" Audio HAL extension is file based and ATOMIC. I can check file existence by "ls" command and remove by "rm -rf" command. I never met unstable condition.
Posted
by Himadeus.
Last updated
.
Post not yet marked as solved
4 Replies
336 Views
When my macOS app try to deactivate CameraExtension, my app's didFailWithError is called with this error. Error Domain=OSSystemExtensionErrorDomain Code=4 "(null)" I cannot search for error code=4 with that domain. MyApp calls OSSystemExtensionManager.shared.submitRequest with OSSystemExtensionRequest.deactivationRequest I did implement these tasks. BundleID, MyApp: com.myapp, BundleID, CameraExtension: com.myapp.camera Added entitlement and App Groups for app and extension MyApp has SystemExtension capability on Xcode and provision MyApp is installed on /Applications/MyAppGroup/MyApp.app MyApp is executed by Finder macOS is Sonoma 14.2.1 (23C71) on M1 MacBook
Posted
by Himadeus.
Last updated
.