Post not yet marked as solved
I mean, I could do a readdir on /Library/SystemExtensions/, but that won't really tell me which ones are active. I could parse the output of systemextensionsctl list but that doesn't seem particularly good.
Post not yet marked as solved
Hello,
Captive portal screen is not appearing when we are connecting to wifi for the first time. This is happening only when System Extension is enabled. We are using NETransparentProxyProvider System Extension. These are the details-
OS version- Big sur 11.6.3
System Extension- NETransparentProxyProvider
Internet provider- ACT internet
Ruleset-
NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "80"), remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol:.TCP, direction: .outbound),
NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "443"), remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol:.TCP, direction: .outbound),
NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "80"), remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol:.UDP, direction: .outbound),
NENetworkRule(remoteNetwork: NWHostEndpoint(hostname: "0.0.0.0", port: "443"), remotePrefix: 0, localNetwork: nil, localPrefix: 0, protocol:.UDP, direction: .outbound)
Post not yet marked as solved
If I install an app that includes a system extension I've noticed that when I remove this app the system extension getting uninstall.
As part of our feature(Tamper protection) while we drag the container app to the trash. we shouldn't allow this app deletion and system extension Should be activate and Enabled.
Here we are able to Restrict the app deletion successfully but system extension is getting inactive and terminated.
So is there any way to avoid/handle uninstallation of system extension while drag the container app to the trash.
Post not yet marked as solved
Hi there,
It is well known that system extension could not be uninstalled via api level since the beginning, typically OSSystemExtensionRequest.deactivationRequest.
Now that with the latest Monterey release 12.2, is it still the case?
Thanks in advance for any suggestion.
Regards
Richard
In recent versions of macOS Big Sur and Monterey, SystemExtnesions are getting replaced with same version.
We have an application with a system extension and UI in the app displays status of the system extension to remind users to approve it in case they have not. Since there is no way to query the status of a SystemExtnesion, to display the status in UI, we would submit the SystemExtension request every time UI is displayed and update the status as per the delegate callback. Earlier, if SystemExtension is already approved, with would immediately get .completed result.
However, since recently we are noticing that whenever the app submits the extension request, if there is already an approved SystemExtension, then replacement delegate callback is triggered for same extension version. If we return .replace action, the existing SystemExtension is getting disabled and replaced with SystemExtension of same version. This is contradictory to the documentation of replacement delegate callback which indicates that replacement request will only be called when an extension of different version is found.
From the documentation:
The manager calls this method when it encounters an existing extension with the same team and bundle identifiers, but with different version identifiers. It uses the CFBundleVersion and CFBundleShortVersionString identifiers to determine if the existing and new versions differ. The delegate must make a decision on whether to replace the existing extension.
This issue is noticed in development as well as production signed version of our application and in the same run of the same application process.
This unexpected behaviour is causing issues in our app. For example, when the existing SystemExtension is being disabled, all our network extensions are being stopped. This is resulting in loss of functionality.
Here are some relevant console logs, attached.
logs.txt
Post not yet marked as solved
Hi guys,I have a firewall project, where I used SimpleFirewall as a template. I created the project from scratch and the firewall works, but during configuration of network filter, macOS shows popup"(null) Would Like to Filter Network Content"In SimpleFirewallSample this message shows"SimpleFirewall Would Like to Filter Network Content"Obviously name of the app is missing. I've done the following:* checked entitlements - setup correctly* nothing missing in Info.plist (Bundle Name, Bundle Dispaly Name, etc), filterManager.localizeDescription is set.* I went through dozens if not hundreds of build settings* I changed window title in the MainMenu.xib to precisely match App bundle name* I tried to set up filter configuration from App bundle instead of common framework I use (I thought perhaps NEFilterProviderConfiguration constructor or saveToPreferences() function perhaps checks which bundle calls it and then system checks code signing).* Tried localization for Base and EN* I verified that Filter config in System Preferences in Network uses name of our app and I checked that if I change filterManager.localizedDescription, it correctly changes in those system settings.* you name it - I have done itThe only clue I found in sysem log is this messagedefault15:22:56.895864+0200MyAppSaving configuration MyApp with existing signature (null)The only difference is that I implemented most of the firewall functionality in a framework, so that it could be reused and app bundle links to this framework. Currently I link against this framework from app bundle and system extension using "Embed & Sign". I cannot use other options, because in that case app cannot communicate with extension. Anyway I created clone of Apple's SimpleFirewall and modified it to use common framework with precise settings as in our project and that works correctly.Nothing appears to be working and I cannot get rid of "(nul)" in the popup message in our project.Does anybody know how from which source macOS popup loads this value?Thanks.Robert
Following the instructions found here as well as around the Developer Forums, I've successfully managed to begin debugging my system extension on a virtual machine.
Unfortunately, after archiving my system extension and copying over the .app file to my virtual machine, my .app loses access to the source code (on my host machine) and hitting any beak points via lldb yields me hard-to-read assembly code.
How do I also get source code when attaching lldb to a system extension?
In another question on this forum (https://developer.apple.com/forums/thread/124775) eskimo stated that launching a system extension from an daemon is not the right approach and that the OSSystemExtensionRequest.activationRequest API should be called from an App.
My question is, does this same restriction apply to a LaunchAgent started App?
If so, to ensure activation as soon as possible is the only option to use a SMLoginItemSetEnabled helper to start the App on login?
Post not yet marked as solved
We have a Content Filter implementation that caches NEFilterSocketFlow instances seen from handleNewFlow(), we do this so that we can update the flow verdict at a later time. For example we allow it to start with but later decide to block it.
However, when we do this we often see errors reported in Console like this when we call the update() function.
Failed to find flow 7ABC4FC7-7031-4C5B-BA4B-F198B4DE344D to update its verdict
But the update() method does not return anything, so we can't know that the flow is no longer valid.
Is there any way to verify a flow is still valid before trying to update the verdict?
I had a weird case today when an endpoint system extension remained running even after I deleted the .app bundle.If I tried killing the process with "sudo kill -9 <pid>", the extension respawned.If I tried "sudo launchctl remove <name>", I was told I didn't have privilege.Searching my hard drive I found a copy of the system extension in /Macintosh HD/Library/System Extensions/...I rebooted into recovery mode, deleted the extension bundle, and restarted. Everything initially looked fine. The process did not come back.But then when I tried to re-build, re-package, re-install, and re-launch the application, the operating system complained that it could not find the system extension even though it was there in the .app bundle.The operating system seems to (A) create a cache/copy of the system extension bundle, and (my guess) (B) maintains a link to that cache location somewhere and tries to launch that cached system extension bundle.[my hacked solution was to rename the extension, including creating a new bundle ID and associated provisioning profile]Has anyone encountered a system extension that woud not die? Did you figure out how to kill it and clear out any caches of it?Thanks,
Post not yet marked as solved
I've developed a system-extension for macOS (Packet Tunnel Provider, Developer ID, distribution outside the App Store).
There's a scenario where I want to present some webpages with the WebKit. It works fine, but on of my testing Macs the webpage display the page for a split second, and then becomes white.
I saw that the WebKit crashed, but I'm not sure why.
I attached the crash report.
Also, at the crash report, I saw this:
"is_first_party":1,"bug_type":"309"
Did my application cause this crash? Any advise on how to debug it or on how can I prevent if from happening?
com.apple.WebKit.WebContent-2021-12-12-063048.txt
Post not yet marked as solved
An notarization exported macOS networkextension app, says “Signature check failed: code failed to satisfy specified code requirement(s)", but there is no error in xcode running mode.
Any ideas? Thanks
2022-02-24 21:33:03.089673+0800 0x9f08c5 Default 0x9e468a 33246 0 TunnelExtension: (NetworkExtension) [com.apple.networkextension:] Signature check failed: code failed to satisfy specified code requirement(s)`
Post not yet marked as solved
Hi there,
This is realized during the test on Monterey 12.2. Normally when we kill the dns proxy sys ext process, it will respawn very quickly within a couple of seconds. But after multiple times of trials, it can take more than one minute to respawn. Worst case even encountered was that it never gets respawn anymore.
By comparison, the app proxy doesn't have the same problem: always gets respawn instantly.
Not sure whether it is a bug or not.
Thanks in advance for the suggestions.
Regards
Richard
Post not yet marked as solved
Hi there,
This was realised during the test. That is:
When we use appproxy to filter all udp traffics with netbiosd running, and observe netbiosd cpu usage with Activity Monitor. Then if we just restart the appproxy (just
kill the sys extension process is fine). After system extension process is re-spawn, you will find that netbiosd cpu usage boosts to above 100%.
Tried as well to put netbiosd related udp port (137, 138 and 139) as excludedNetworkRules, but doesn't help.
How to reproduce:
Start netbios service by
isudo launchctl load -w /System/Library/LaunchDaemons/com.apple.netbiosd.plist
Start appproxy application (with wrapper process and system extension process). Setup in includedNetworkRules filtering all udp outbound traffics.
Just kill appproxy system extension process so that the wrapper process will spawn a new system extension process.
Observe from Activity Monitor cpu usage of netbiosd, you will find that it is above 100% then.
It makes no difference even if you put in excludedNetworkRules all netbiosd related ports including 137, 138 and 139 (tcp and udp).
Thanks in advance for any suggestion.
Regards
Richard
Post not yet marked as solved
Version: MacOS 12.1
When I was using NETransparentProxyProvider, I overrive handleNewFlow, handleNewUDPFlow , and return true for some process, and then call
- (void)openWithLocalEndpoint:(NWHostEndpoint *)localEndpoint
completionHandler:(void (^)(NSError *error))completionHandler;
at the beginning, work fine, buy sometime, when I visited qiye.163.com website, I often got an error when I do code below:
- (void)writeData:(NSData *)data withCompletionHandler:(void (^)(NSError *error))completionHandler;
Error Domain=NEAppProxyFlowErrorDomain Code=1 "The operation could not be completed because the flow is not connected" UserInfo={NSLocalizedDescription=The operation could not be completed because the flow is not connected
, and the whole computer could not access the Internet , handleNewFlow and handleNewUDPFlow both are no longer called, unless I turn off the VPN.
Turn off VPN and then Internet can be access
Post not yet marked as solved
Hi, I a developing Network Extension for macos that runs constantly on my system. When I have a new update to release the extension downloads the pkg installer into the /tmp directory and executes it with
sudo installer -pkg /tmp/installer.pkg -target /
I have noticed that on some systems, mainly Catalina, when the installer is executed the extension is replaced and activated but the process never launches and after this happens I can't find a way to launch it aside from having the users reboot.
--- com.apple.system_extension.network_extension
enabled active teamID bundleID (version) name [state]
9A63A32J6B com.company.myapp.Agent (2.0/1) Agent [terminated waiting to uninstall on reboot]
* * 9A63A32J6B com.company.myapp.Agent (2.1/1) Agent [activated enabled]
As you can see it does say enabled and activated so I do not know what could be happening.
Post not yet marked as solved
Hi there,
This is the case of using dns proxy provider on ios. One thing noticed is that when the system extension process of dns proxy crashes, it is not re-spawn automatically by the wrapper process as it is when using the same dns proxy provider under macOS.
The test I carried out was:
Under macOS
Launch an application with dns proxy provider sys extension.
Kill that sys extension process.
After several seconds, another sys extension process of dns proxy extension will be re-spawn.
sudo ps -A|grep macappproxy
Password:
47796 ?? 0:00.35 /Applications/macappproxy.app/Contents/MacOS/macappproxy
47875 ?? 0:00.62 /Library/SystemExtensions/439F12A7-1304-4A92-BEED-3EBEC979ADBE/com.familyzone.macappproxy.fzmacdnsproxy.systemextension/Contents/MacOS/com.familyzone.macappproxy.fzmacdnsproxy
47929 ttys001 0:00.00 grep macappproxy
AU-L-0306:fc-ios-edu-client richardwang$ sudo pkill -9 com.familyzone.macappproxy.fzmacdnsproxy
AU-L-0306:fc-ios-edu-client richardwang$ sudo ps -A|grep macappproxy
47796 ?? 0:00.35 /Applications/macappproxy.app/Contents/MacOS/macappproxy
48433 ?? 0:00.31 /Library/SystemExtensions/439F12A7-1304-4A92-BEED-3EBEC979ADBE/com.familyzone.macappproxy.fzmacdnsproxy.systemextension/Contents/MacOS/com.familyzone.macappproxy.fzmacdnsproxy
48531 ttys001 0:00.00 grep macappproxy
We can see from above that dns proxy pid changed after it was killed and re-spawn.
Under ios
Doing the same thing, but slightly different:
By adding below code into startProxy(), crashing dns proxy.
1 let bug: Int? = nil
2 os_log("bug: %{public}s", log: Log.ext, type: .debug, bug!)
It can be seen from below the log that “starting proxy“ happens three times before it died.
It makes no difference if we put the same bug inside handleNewFlow(). And that causes no browsing through under incognito mode.
Can you help confirm this?
If it is the case, is there any way to guard sys extension process and respawn it as a kind of robusness?
Thanks in advance for any suggestion.
Richard
Post not yet marked as solved
I have some questions regarding life cycle of Packet Tunnel Provider:
I have some static vars at the PacketTunnelProvider. The user connected to the VPN, then disconnected, so I called the relevant compilation handler.
After some time, the user will start VPN again, PacketTunnelProvider will be recreated.
Will it use the same class as before, and all static vars will hold their last value? Or would it create a new PacketTunnelProvider?
Is it the same behavior for Network Extension vs System Extension?
Is it the same behavior for macOS vs iOS?
What about running threads? If I created a thread, and then I called the completion handler, will this thread continue to run?
P.S
If I'm adding exit(0) before 'quitting' the Packet Tunnel Provider, it will force cleaning the memory. But I guess it's not a good behavior for a System Extension to use exit(0)
class PacketTunnelProvider: NEPacketTunnelProvider {
static var isInitiated = false
...
}
override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
...
PacketTunnelProvider.isInitiated = true
...
Post not yet marked as solved
Hi there,
Just to check with you any way to update filter rules on the run for app proxy.
The setting up of filter rules is like below codes.
let settings = NETransparentProxyNetworkSettings.init(tunnelRemoteAddress: "127.0.0.1")
settings.includedNetworkRules = ...
settings.excludedNetworkRules = ...
setTunnelNetworkSettings(settings) { ... }
That is inside startProxy() function followed by proxy start.
I wonder is it possible to update these rules without restarting the proxy.
Thanks in advance for any suggestion.
Regards
Richard
Post not yet marked as solved
I was under the impression that a security endpoint required a system extension, but that does not appear to be the case. Apparently daemons can create endpoint extensions without needed a system extension.
Why would I use an endpoint in a system extension rather than a daemon, or vice versa? I'm not understanding the value of a system extension with regards to a security endpoint. Someone please enlighten me.
kithrup.
