IOUSBHostDevice fails and throws error in sandboxed app

I get the following errors when running the code below in a sandboxed app (it works when not sandboxed) and I have the com.apple.security.device.usb entitlement enabled.

Error:Unable to open io_service_t object and create user client. with reason: IOServiceOpen failed.

Error Domain=IOUSBHostErrorDomain Code=-536870174 "Failed to create IOUSBHostObject." UserInfo={NSLocalizedRecoverySuggestion=, NSLocalizedDescription=Failed to create IOUSBHostObject., NSLocalizedFailureReason=IOServiceOpen failed.}

import Foundation

import IOKit

import IOKit.usb

import IOKit.usb.IOUSBLib

import IOKit.serial

import IOUSBHost

import IOUSBHost.IOUSBHostInterface



class USBService {

    enum UsbError: Error {

        case noDeviceMatched

        case deviceCriteriaNotUnique

    }

    

    init() {

        

    }

    

    func getDevice(idVendor: Int?, idProduct: Int?) throws {

        let deviceSearchPattern: [IOUSBHostMatchingPropertyKey : Int] = [

                   .vendorID : idVendor!,

                   .productID : idProduct!,

               ]

               let deviceDomain = [ "IOProviderClass": "IOUSBHostDevice" ]

               let searchRequest = (deviceSearchPattern as NSDictionary).mutableCopy() as! NSMutableDictionary

               searchRequest.addEntries(from: deviceDomain)



        let service = IOServiceGetMatchingService(kIOMasterPortDefault, searchRequest)



        guard service != 0 else {

                   throw UsbError.noDeviceMatched

        }

        

    

        let device = try IOUSBHostDevice.init(__ioService: service, options: [], queue: nil, interestHandler: nil)

        

        print(device.deviceDescriptor?.pointee.idProduct)

    }

}
Up vote post of codenakama Down vote post of codenakama
1.5k views
Posted by
codenakama
Reply
Add a Comment

Replies

Checkbox USB on App Sandbox under Signing & Capabilities

Just realized you have the entitlement on.

Posted by
MobileTen
Up vote reply of MobileTen Down vote reply of MobileTen
Add a Comment

Hi, is this problem resolved? I am also facing the same issue, after add "com.apple.vm.device-access" entitlement, click run my sandbox app, it crashed

Posted by
emerys
Up vote reply of emerys Down vote reply of emerys
Add a Comment

com.apple.vm.device-access is a restricted entitlement. Any claim to that entitlement must be authorised by a provisioning profile. For more background on this, see TN3125 Inside Code Signing: Provisioning Profiles.

click run my sandbox app, it crashed

Right. If you claim a restricted entitlement and that claim is not authorised by your profile, the trusted execution system prevents your app from starting.

com.apple.vm.device-access is a managed capability, as discussed in Developer Account Help > Reference > Provisioning with managed capabilities. In short, it’s use must be approved by Apple.

This entitlement was designed for to be used by hypervisor apps (hence the vm in the name), not as a general mechanism for USB device access.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment