Bonjour browsing using dnssd API doesn't fail when Local Network permission is denied

Question

Created Oct ’20

Replies 3

Boosts 0

Views 2.0k

Participants 3

It's said Bonjour browsing requires local network access. And APIs from dnssd framework will return the kDNSServiceErr_PolicyDenied error code if local access permission isn't granted.

For reference:
https://developer.apple.com/forums/thread/663852
https://developer.apple.com/forums/thread/663874

I use the code below to check the return value of bonjour browsing with permission denied.

Code Block DNSServiceRef sdRef;
int result = DNSServiceBrowse(&sdRef, 0, 0, @"_kaiterra._tcp".UTF8String, NULL, dnsBrowserReply, NULL);
if (result != kDNSServiceErr_NoError) {
    NSLog(@"DNSServiceBrowse failed with code %d", result);
}

Code Block I've added the bonjour service _kaiterra._tcp to my info.plist.

However, the API returns 0 even if I denied the Local Network permission.

What I am expecting to see:
Browsing for Bonjour services using dns-sd API requires Local Network permission, and calling browsing API without the permission will get a kDNSServiceErr_PolicyDenied (-65570) code"

I am testing this on iOS 14.0.1 on iPhone 7 Plus.
App compiled from Xcode 12.

Could anyone point out what's wrong with my experiment code? Or it'd be greatly nice if someone could provide some sample code to actually demo how to verify the Local Network permission quickly (better in C or Objc).

Thanks!

Boost

Answer 1

ls-ivan-chalov OP

Oct ’20

Accepted Answer

I was able to get kDNSServiceErr_PolicyDenied (-65570) error code with the following code.
Note the call to DNSServiceProcessResult, you can alternatively use DNSServiceSetDispatchQueue to get callback asynchronously on the desired dispatch queue.

Code Block - (void)testLocalNetwork {
    DNSServiceRef browseRef;
    DNSServiceBrowse(&browseRef, 0, 0, @"_kaiterra._tcp".UTF8String, NULL, browseCallback, NULL);
    DNSServiceProcessResult(browseRef);
    DNSServiceRefDeallocate(browseRef);
}
static void browseCallback(DNSServiceRef sdRef, DNSServiceFlags flags, uint32_t interfaceIndex,
                           DNSServiceErrorType errorCode, const char *serviceName,
                           const char *regtype, const char *replyDomain, void *context) {
    if (errorCode == kDNSServiceErr_PolicyDenied) {
        NSLog(@"🎉");
    }
}

3

Answer 2

Origins-Hongyi OP

Nov ’20

@ls-ivan-chalov

Thanks for the sample code. It works.

0

Answer 3

hantranjp OP

Jan ’21

@ls-ivan-chalov Your solution is worked perfect but in case the phone is using the mobile data network instead of Wi-Fi, the browseCallback will not be called. Do you have any ideas for this case?

0