Send event: errAEPrivilegeError -10004

Question

Created Feb ’23

Replies 7

Boosts 0

Views 1.3k

Participants 2

Could you please help me to solve the problem or give the advice? I am trying to send an apple event and get a response asynchronously.

Here is the example code for sending the apple event:

let target = NSAppleEventDescriptor(applicationURL: URL(string: “eppc://userName:password@ip/appName”)!) let appleEvent = NSAppleEventDescriptor(eventClass: AEEventClass(stringLiteral: “test”), eventID: AEEventID(stringLiteral: “evnt”), targetDescriptor: target, returnID: AEReturnID(kAutoGenerateReturnID), transactionID: AETransactionID(kAnyTransactionID)) let resultEvent = try appleEvent.sendEvent(options: [.queueReply], timeout: TimeInterval(kNoTimeOut))

Here is what the event handler looks like in the target application:

@objc func handler(event: NSAppleEventDescriptor?, replyEvent: NSAppleEventDescriptor?) { try replyEvent!.sendEvent(options: [.noReply], timeout: TimeInterval(kNoTimeOut)) }

I encountered two difficulties using the ‘queueReply’ sending mode:

I see the input window for credentials in the case when the event handler app tries to send the response to the sender app.

(This is a problem for me since there is no one to enter the password on the side of the handler app. This window for credentials entry is not displayed if the sending is in the “waitForReply” mode)

After entering the correct credentials, the sender app receives the error AppleEvents/sandbox: Returning errAEPrivilegeError/-10004

Sender app logs:

{test,evnt target=aprl(38/$657070633a2f2f3139322e3136382e302e3131352f6170706c654576656e7448...) {} returnID=27646} 2023-02-20 15:42:24.045320+0200 testevents[41720:2641106] [main] ERROR: AEImpl::~AEImpl fRetainCount not zero (1) {aevt,ansr target=aprl(38/$657070633a2f2f3139322e3136382e302e3131352f6170706c654576656e7448...) {} returnID=27646} 2023-02-20 15:42:29.593044+0200 testevents[41720:2641063] Suite NSCoreSuite, apple event code 0x1061109567x 2023-02-20 15:42:29.595201+0200 testevents[41720:2641063] Suite NSTextSuite, apple event code 0x1061109567x 2023-02-20 15:42:29.840410+0200 testevents[41720:2641063] [main] AppleEvents/sandbox: Returning errAEPrivilegeError/-10004 and denying dispatch of event aevt/ansr from process ‘’/0x0-0x0, pid=0, because it is not entitled to send the AppleEvent to this process.

Handler app logs:

{test,evnt target=aprl(27/$657070633a2f2f3139322e3136382e302e3131353a35393037362f) {}} {aevt,ansr target=aprl(27/$657070633a2f2f3139322e3136382e302e3131353a35393037362f) {}} 2023-02-20 15:42:29.569897+0200 appleEventHandler[41454:2635163] [main] ERROR: AEImpl::~AEImpl fRetainCount not zero (1) 2023-02-20 15:42:29.576049+0200 appleEventHandler[41454:2640788] [connection] nw_socket_handle_socket_event [C4:1] Socket SO_ERROR [61: Connection refused] 2023-02-20 15:42:29.577080+0200 appleEventHandler[41454:2638578] [connection] nw_connection_get_connected_socket [C4] Client called nw_connection_get_connected_socket on unconnected nw_connection ...

In this case, the sender app receives the response but is not handled. Handler code:

NSAppleEventManager.shared().setEventHandler(self, andSelector: #selector(self.handler), forEventClass: AEEventClass(stringLiteral: “aevt”), andEventID: AEEventID(stringLiteral: “ansr”)) @objc func handler(_ event: NSAppleEventDescriptor?, withReplyEvent: NSAppleEventDescriptor?) throws { print(event?.description) }

But this code works correctly with:

let target = NSAppleEventDescriptor(bundleIdentifier: “test.com.appleEventHandler”)

Logs:

{test,evnt target=bund(26/$746573742e636f6d2e6170706c654576656e7448616e646c6572) {} returnID=3183} {aevt,ansr target=appleEventHandler {} returnID=3183} Optional(“<NSAppleEventDescriptor: \‘aevt\’\\‘ansr\’{ }>“) {aevt,ansr target=appleEventHandler {} returnID=3183} Optional(“<NSAppleEventDescriptor: \‘aevt\’\\‘ansr\’{ }>“)

Please help me to understand how can I get an async response using the send option “queueReply” by eppc? (“waitForReply” option works correctly with eppc in this code)

Answer 1

DTS Engineer OP

Apple

Feb ’23

There are two apps in play here, the sender and the target. Which of them are sandboxed?

Also, the sender is presumably under your control. What about the receiver? Is this an app that you built? Or something from Apple? Or from a different third-party developer?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Answer 2

ivan_o OP

Feb ’23

Hi there, The sender is sandboxed. The sender and target applications are under my control. In case of sending by bundle іdentifier: I already set com.apple.security.app-sandbox to false because I got an error procNotFound -600 in the receiver. Also com.apple.security.scripting-targets or com.apple.security.temporary-exception.apple-events solves this problem. When sending by eppc - I still get errAEPrivilegeError/-10004\ parallel

Answer 3

DTS Engineer OP

Apple

Feb ’23

I already set com.apple.security.app-sandbox to false

Don’t do that. If you don’t want the sandbox, remove that entitlement entirely. It’s not uncommon for code in the OS to check for an entitlement’s presence and ignore its value [1].

Fix this, retest, and let me know what you see.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] I’ve seen this bite folks in the past, which is why I added this note to the hardened runtime docs:

The default value of these Boolean entitlements is false. When Xcode signs your code, it includes an entitlement only if the value is true. If you’re manually signing code, follow this convention to ensure maximum compatibility. Don’t include an entitlement if the value is false.

Answer 4

ivan_o OP

Feb ’23

Hi Thank you for the response and for the provided information. I cleared the entitlement. Bundle id works. The error is still here with sending by eppc.

Screenshot 2023-02-24 at 15.51.43.png

Answer 5

DTS Engineer OP

Apple

Feb ’23

The error is still here with sending by eppc.

Your original posts lists two issues:

Credentials
errAEPrivilegeError error

Are you still seeing both?

Also, the only reason I can see for using an eppc URL is that you’re trying to send Apple events to a process on another machine. Is that actually what you’re doing here?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Answer 6

ivan_o OP

Feb ’23

Thank you so much for the response!

There are two applications, the old server, and the new client. The task is to receive the data from the remote server using events. They have long been implemented on the server and the old client. As part of the improvement work, it was decided to use async events. I got errAEPrivilegeError when I tested it with the old server and new client. The decision was made to create 2 separate applications to isolate the environment (sender and handler). In the case of the old server, problem number one does not exist. I would like to know why the server machine does not ask for credentials. (application in release) A new receiver in the debug, sending the answer asks for credentials. And the main problem is errAEPrivilegeError. I see that I receive the response event, but I cannot handle it.

{aevt,ansr target=aprl(34/$657070633a2f2f3139322e3136382e302e37362f48656c697825323053657276...) {----=utxt(24/$38002e0039002e0030002000280038003900300031002900)} returnID=17537} 2023-02-28 11:08:42.162016+0200 Run[6739:57168] [main] AppleEvents/sandbox: Returning errAEPrivilegeError/-10004 and denying dispatch of event aevt/ansr from process ''/0x0-0x0, pid=0, because it is not entitled to send an AppleEvent to this process.

But other events sent not by the response (aevt,ansr) - I get. I also get the same code on the same machine by bundle id. I also receive them by sending them with the waitForReply send option.

Answer 7

DTS Engineer OP

Apple

Mar ’23

I suspect that your primary problem, the errAEPrivilegeError failure, is caused by a hole in our Apple event TCC logic. In general, the system requires that the user approve app A sending an event to app B. There’s an exception if the event is a reply being sent to an incoming event from B. However, it looks like the combination of EPPC and queued replies is causing it to fall outside of this exception.

Still, that’s mostly just a guess. I don’t have the time here on DevForums to research a definitive answer. If you want to dig into this in more depth, you can open a DTS tech support incident and we can pick things up from there. However, the answer may just be “It’s a bug”, in which case that hasn’t really bought you a lot. It might be better to just stick with what you know works, namely waiting for a reply.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"