I’m working on carrier services that require ICCID. Is there a special entitlement to be able to access this info? What’s the process to request authorization if available?

Will the ES_EVENT_TYPE_NOTIFY_OPEN event be called back when the user has already returned es_respond_flags_result(client, msg, 0, false) in ES_EVENT_TYPE_AUTH_OPEN? I believe the ES_EVENT_TYPE_NOTIFY_OPEN event should not be triggered if the user has already denied the open operation in the ES_EVENT_TYPE_AUTH_OPEN response handler. However, during my testing, ES_EVENT_TYPE_NOTIFY_OPEN was still being called even after I blocked the open process. Is this behavior correct?

I download SampleEndpointApp, and config signing&capabilities->team as my developer Id. Xcode created a profile of bundle identifier automatically. However the project build still failed for sign. What's the reason for that? How can I resolve it?

I recently needed to develop an application to obtain the window list, which requires Screen Recording permissions. Apple's official documentation mentions using the two functions CGPreflightScreenCaptureAccess and CGRequestScreenCaptureAccess to request permissions. These functions are stated to be available since version 10.15. However, when I used these two functions on a device running macOS 10.15.7, I encountered the errors shown in the attached screenshot. I used the nm tool to inspect the symbols in the CoreGraphics.framework and found that these two functions were not present. Could you help me understand why this is happening?

My app cannot be launched on some users' MacOS, it says "Library not loaded: /usr/lib/libc++.1.dylib". "exception" : {"codes":"0x0000000000000000, 0x0000000000000000","rawCodes":[0,0],"type":"EXC_CRASH","signal":"SIGABRT"}, "termination" : {"code":1,"flags":518,"namespace":"DYLD","indicator":"Library missing","details":["(terminated at launch; ignore backtrace)"],"reasons":["Library not loaded: \/usr\/lib\/libc++.1.dylib","Referenced from: <E4CB6764-8CB9-32E9-881B-252E2F3E0C4B> \/Applications\/myapp.app\/Contents\/MacOS\/myapp","Reason: tried: '\/System\/iOSSupport\/usr\/lib\/libc++.1.dylib' (no such file), '\/System\/Volumes\/Preboot\/Cryptexes\/OS\/System\/iOSSupport\/usr\/lib\/libc++.1.dylib' (no such file), '\/System\/iOSSupport\/usr\/lib\/libc++.1.dylib' (no such file, no dyld cache), '\/usr\/lib\/libc++.1.dylib' (no such file), '\/System\/Volumes\/Preboot\/Cryptexes\/OS\/usr\/lib\/libc++.1.dylib' (no such file), '\/usr\/lib\/libc++.1.dylib' (no such file, no dyld cache)"]}, User 1's environment: 2020 MacBook Air, M1, system version 15.4. User 2's environment: 2020 MacBook Pro, M1, system version: 15.5. I (and the people around me) cannot reproduce this problem. It can be reproduced on User 2's computer, but the performance is strange, sometimes good and sometimes bad. The app can be launched normally during the day, and it can also be launched normally after restarting the computer. But it cannot be launched from 21:00 to 22:00 at night, and the problem still exists even if the computer is restarted. After some searching, I suspect that there is a bug in the dynamic linker cache mechanism of MacOS, but we cannot confirm it. According to the official documentation: https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes New in macOS Big Sur 11.0.1, the system ships with a built-in dynamic linker cache of all system-provided libraries. As part of this change, copies of dynamic libraries are no longer present on the filesystem. Code that attempts to check for dynamic library presence by looking for a file at a path or enumerating a directory will fail. Instead, check for library presence by attempting to dlopen() the path, which will correctly check for the library in the cache. (62986286) I also tried to manually copy libc++.1.dylib to the above path, but these paths are read-only, and files cannot be copied into them even if SIP is turned off. Is there any other way to fix or avoid this problem? Thank you. Other similar questions: https://developer.apple.com/forums/thread/756370 https://developer.apple.com/forums/thread/764824

I try to refresh the SDP data for a Bluetooth device that has reconnected. So when I receive connect notification I call -[IOBluetoothDevice performSDPQuery:] passing object, that should receive the query completion call. What I observe is that sdpQueryComplete:status: is not being called, buit calling performSDPQuery causes additional connect notification to be dispatched. Running this under debugger results in some weird log line: [IOBluetooth] **** This currently won't trigger SDP delegate I run this code on Sequoia 15.5

With macOS 15, and DSPlugin support removal we searched for an alternative method to be able to inject users/groups into the system dynamically. We tried to write an OpenDirectory XPC based module based on the documentation and XCode template which can be found here: https://developer.apple.com/library/archive/releasenotes/NetworkingInternetWeb/RN_OpenDirectory/chapters/chapter-1.xhtml.html It is more or less working, until I restart the computer: then macOS kernel panics 90% of the time. When the panic occurs, our code does not seem to get run at all, I only see my logs in the beginning of main() when the machine successfully starts. I have verified this also by logging to file. Also tried replacing the binary with eg a shell script, or a "return 0" empty main function, that also triggers the panic. But, if I remove my executable (from /Library/OpenDirectory/Modules/com.quest.vas.xpc/Contents/MacOS/com.quest.vas), that saves the day always, macOS boots just fine. Do you have an idea what can cause this behavior? I can share the boot logs for the boot loops and/or panic file. Do you have any other way (other than OpenDirectory module) to inject users/groups into the system dynamically nowadays? (MDM does not seem a viable option for us)

Hi all, I'm working on a non-interactive macOS application (a service or daemon), and I'm trying to understand the best practices around logging and error reporting, particularly in failure scenarios. If a daemon or service fails in macOS, where is it expected to log errors, and how can users or developers discover what went wrong? Specifically, I have a few questions: What is the recommended location or system for logging errors from a non-interactive macOS application? Should we use os_log, standard error output, or write directly to files somewhere? How can a user or developer access these logs to diagnose issues—should logs be visible via the Console app? Is there a standard approach to making failure information easily accessible for debugging and support, especially for daemons running under launchd? Any guidance or best practices would be appreciated.

I am reaching out to seek clarification on the usage of exit(0) within an iOS application under specific circumstances, as I have not been able to find concrete guidance on this in the App Store Review Guidelines Context of Our Application: We are developing a mobile game using Cocos2d-JS (Cocos2d-x JavaScript bindings). The game is built in C++ with JavaScript used for game logic, and it runs on both Android and iOS. Occasionally, due to an unrecoverable fatal JavaScript error (e.g., corrupted state or unexpected runtime crash), the game’s screen goes completely black. When this occurs, the rendering engine halts, user interaction becomes impossible, and the app enters a non-functional state. From this point, the only way to return to a working state is to manually terminate and relaunch the app. We are exploring a user-friendly solution where, upon detecting such a critical failure, we present a native UIAlertController to the user explaining the issue and informing them that the app needs to restart. Upon confirmation (i.e., tapping “OK”), we call exit(0) to gracefully close the app, so the user can relaunch it in a working state. Our Question: Is it acceptable to use exit(0) in this very limited and clearly explained context? The intention is to improve the user experience during unrecoverable fatal states that cannot be handled through standard UI or engine resets. I understand that the use of exit(0) is generally discouraged, but in our case: The user explicitly initiates the exit via a native prompt. The app is not quitting on its own or in response to a policy violation. We are not using exit(0) to bypass App Review or circumvent system behavior. There is no mention in the App Review Guidelines explicitly stating whether or not exit(0) is disallowed in such edge cases. Please confirm whether this approach aligns with Apple's policies, or suggest an alternative method for cleanly handling such irrecoverable errors on iOS? Looking forward to your guidance.

Does macOS have anything like the FreeBSD macro _FreeBSD_version? That's a macro that gets bumped whenever kernel interfaces change, see https://docs.freebsd.org/en/books/porters-handbook/versions/

Clearly not percentage, but the units don't seem to be specified... The real problem we have right now is that, with macOS 15.5, our suite gets a huge amount of "energy impact" points, even though diving into it, it doesn't seem to do that. The most telling example I have of that is: I ran each of our daemons from Terminal, unplugged my laptop, closed the lid, and let it stay there for 8 or 9 hours. When I woke it back up, Activity Monitor claimed it had 2,000 units or so, but after opening all of the disclosure triangles, none of the processes (including the hand-started daemons) used anything close to that. Also, the battery had almost no drain on it. We're getting complaints about this, so I'm trying to figure out what, exactly is going on, but I never looked at the power stuff internally so I don't know how to read the diagnostic files.

We are experimenting with FileProvider on MacOS, we want to set ACL policy restriction on a folder and the same policy needs to be applied down to its children. To achieve this currently we are setting corresponding NSFileProviderItemCapabilities on parent folder and recursively iterate over all of its children and set the capability on each individual child items. GOAL: We expect the root's ACL policy to be implicitly percolated down to its children without explicitly being iterated over them and setting it individually. From our research, we couldn't find any policy that can help us achieve the above goal. If there are any such provisions in FileProvider, please guide us to them.

I try to use CoreBluetooth api on my cus app on vision os. I could connect to two devices on my app, but couldn’t with 3 or more device. Despite connecting the third device using this api, the function does not return anything. When two devices are connected on bluetooth setting, I see the same situation on my custom app. However, I could connect 3 or more devices on the default blu setting. Is there anyone who has similar problem?

Hi, I encounter problems after updating macOS to Sequoia 15.5 with plugins loaded with dlopen and dlsym. $ file /Applications/com.gsequencer.GSequencer.app/Contents/Plugins/ladspa/cmt.dylib /Applications/com.gsequencer.GSequencer.app/Contents/Plugins/ladspa/cmt.dylib: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit bundle x86_64] [arm64:Mach-O 64-bit bundle arm64] /Applications/com.gsequencer.GSequencer.app/Contents/Plugins/ladspa/cmt.dylib (for architecture x86_64): Mach-O 64-bit bundle x86_64 /Applications/com.gsequencer.GSequencer.app/Contents/Plugins/ladspa/cmt.dylib (for architecture arm64): Mach-O 64-bit bundle arm64 I am currently investigating what goes wrong. My application runs in a sandboxed environment.

We have a iOS VoIP application which is deployed via MDM solution. Until iOS 17.7.1 everything is working fine. The calls stopped working from iOS 18 onwards. When we investigated the issue, the api setsockopt is returning (54) Connection reset by peer. We believe there might be some issue in iOS 18 because there is a test done with same MDM solution + same server + same iOS VoIP application where this issue is not seen. Kindly help and let us know if any more details are required from us.

In my app the user can select a source folder to be synced with a destination folder. The sync can also happen in response to a change in the source folder detected with FSEventStreamCreate. If the user unzips an archive in the source folder and the sync process begins before the unzip operation has completed, the sync can fail because of a "Permission denied" error. I assume this is related to the posix permissions of the extracted folder being 420 during the unzip operation and (in my case) 511 afterwards. Is there a way to detect than an unzip operation is in progress and wait until it has completed? I thought that using NSFileCoordinator would solve this issue, but unfortunately it's not the case. Since an unzip operation can last any amount of time, it's not ideal to just delay a sync by a fixed number of seconds and let the user deal with any error if the unzip operation takes longer. let openPanel = NSOpenPanel() openPanel.canChooseDirectories = true if openPanel.runModal() == .cancel { return } let url = openPanel.urls[0].appendingPathComponent("extracted", isDirectory: false) var error: NSError? NSFileCoordinator(filePresenter: nil).coordinate(readingItemAt: url, error: &error) { url in do { print(try FileManager.default.attributesOfItem(atPath: url.path).sorted(by: { $0.key.rawValue < $1.key.rawValue }).map({ ($0.key.rawValue, $0.value) })) try FileManager.default.contentsOfDirectory(at: url, includingPropertiesForKeys: nil) } catch { print(error) } } if let error = error { print("file coordinator error:", error) }

I've gotten to the point where I can use the mount(8) command line tool and the -t option to mount a file system using my FSKit file system extension, in which case I can see a process for my extension launch, probe, and perform the other necessary actions. However, when plugging in my USB flash drive or trying to mount with diskutil mount, the file system does not mount: $ diskutil mount disk20s3 Volume on disk20s3 failed to mount If you think the volume is supported but damaged, try the "readOnly" option $ diskutil mount readOnly disk20s3 Volume on disk20s3 failed to mount If you think the volume is supported but damaged, try the "readOnly" option Initially I thought it would be enough to just implement probeExtension(resource:replyHandler:) and the system would handle the rest, but this doesn't seem to be the case. Even a trivial implementation that always returns .usable doesn't cause the system to use my FSModule, even though I've enabled my extension in System Settings > General > Login Items & Extensions > File System Extensions. From looking at some of the open source msdos and Disk Arb code, it seems like my app extension needs to list FSMediaTypes to probe. I eventually tried putting this in my Info.plist of the app extension: <key>FSMediaTypes</key> <dict> <key>EBD0A0A2-B9E5-4433-87C0-68B6B72699C7</key> <dict> <key>FSMediaProperties</key> <dict> <key>Content Hint</key> <string>EBD0A0A2-B9E5-4433-87C0-68B6B72699C7</string> <key>Leaf</key> <true/> </dict> </dict> <key>0FC63DAF-8483-4772-8E79-3D69D8477DE4</key> <dict> <key>FSMediaProperties</key> <dict> <key>Content Hint</key> <string>0FC63DAF-8483-4772-8E79-3D69D8477DE4</string> <key>Leaf</key> <true/> </dict> </dict> <key>Whole</key> <dict> <key>FSMediaProperties</key> <dict> <key>Leaf</key> <true/> <key>Whole</key> <true/> </dict> </dict> <key>ext4</key> <dict> <key>FSMediaProperties</key> <dict> <key>Content Hint</key> <string>ext4</string> <key>Leaf</key> <true/> </dict> </dict> </dict> </plist> (For reference, the partition represented by disk20s3 has a Content Hint of 0FC63DAF-8483-4772-8E79-3D69D8477DE4 and Leaf is True which I verified using IORegistryExplorer.app from the Xcode additional tools.) Looking in Console it does appear now that the system is trying to use my module (ExtendFS_fskit) to probe when I plug in my USB drive, but I never see a process for my extension actually launch when trying to attach to it from Xcode by name (unlike when I use mount(8), where I can do this). However I do see a Can't find the extension for <private> error which I'm not sure is related but does sound like the system can't find the extension for some reason. The below messages are when filtering for "FSKit": default 19:14:53.455826-0400 diskarbitrationd probed disk, id = /dev/disk20s3, with ExtendFS_fskit, ongoing. default 19:14:53.456038-0400 fskitd Incomming connection, entitled 1 default 19:14:53.456064-0400 fskitd [0x7d4172e40] activating connection: mach=false listener=false peer=true name=com.apple.filesystems.fskitd.peer[350].0x7d4172e40 default 19:14:53.456123-0400 fskitd Hello FSClient! entitlement yes default 19:14:53.455902-0400 diskarbitrationd [0x7461d8dc0] activating connection: mach=true listener=false peer=false name=com.apple.filesystems.fskitd default 19:14:53.456151-0400 diskarbitrationd Setting remote protocol to all XPC default 19:14:53.456398-0400 fskitd About to get current agent for 501 default 19:14:53.457185-0400 diskarbitrationd probed disk, id = /dev/disk20s3, with ExtendFS_fskit, failure. error 19:14:53.456963-0400 fskitd -[fskitdXPCServer applyResource:targetBundle:instanceID:initiatorAuditToken:authorizingAuditToken:isProbe:usingBlock:]: Can't find the extension for <private> (I only see these messages after plugging my USB drive in. When running diskutil mount, I see no messages in the console when filtering by FSKit, diskarbitrationd, or ExtendFS afterward. It just fails.) Is there a step I'm missing to get this to work, or would this be an FSKit bug/current limitation?

I've searched around the internet and could not find a clear answer. I have a swift command line tool that needs to run automatically when the Mac mini M4 is started up without a user login and continue running forever. However, the command line tool and the data it uses are located on an external disk due to the size of the data. The service specified by a launchd plist located in /Library/LaunchDaemons tries to start up but fails because it cannot immediately find the command line tool. Which is because the external disk is not mounted when launchd tries to start the service when the Mac is booting. The service runs fine when bootstrapped after the disk is mounted. The first error is "No such file or directory, error 0x6f - Invalid or missing Program/ProgramArguments" and the service is put in the "penalty box". Is there any way for the service to get out of the "penalty box"? What is the best approach to make the launchd service wait for a specific external disk to mount? Some options for waiting seem to be: Use "WatchPaths" in the launchd plist, but the man page says this is unreliable. This makes one wonder what is the purpose of this option? Use "StartOnMount in the launchd plist", but this will run the command line tool every time any disk is mounted. This is not desired. Of course, I could move the command line tool to the startup disk, but then the tool would fail because the data is not available. This could be remedied by modifying the command line tool to wait for the external disk, but it would be polling, which seems inefficient. I could also add a delay, but that seems error prone because there is no assurance that the delay is long enough. When looking at the system plists, there seem to be a lot of options that are not directly mentioned in the man page for launchd.plist and have little to no documentation that I could find. Maybe there is something I am missing here? In the end, I would just like to make sure the launchd service waits for the specific disk to be available before starting the service. Any ideas how best to do that?

I'm not sure if I have found a bug with iOS or if it's just unexpected behavior with my implementation. I have a gomobile library that sets up a local http server. It needs to be able to write to temporary storage. If I use the shared library from my main apps process it can write to the file manager.default temporary storage. while Xcode is running a debug session I can use that same process from my file provider replicated extension and it works fine. However I realized running my file provider extension where it starts the gomobile shared library directly instead of first from my app the library fails to write anything to the file provider manager default temporary storage or the file provider manager for my file provider domain temporary storage or even the app group library. it is odd, because I have a swift URL extension that confirms the temporary storage can be written to from swift. I have monitored console logs for fileproviderd, my file extension and have tried writing data to a log file. nothing seems to catch exactly what causes the file provider extension to crash and restart. I also cannot keep the shared gomobile server running in the background on iOS even if I were to force the user to "authenticate" with the main app first. Im pretty sure the file provider extension needs to run the gomobile library for it to work right. I'm wondering if something may be wrong with the iOS sandbox that could be preventing the file provider extension to let a c based gomobile shared library from accessing the temporary storage. Any guidance for further things to try would be greatly appreciated. I have tried every avenue I can think of. I cannot run just the appex itself on either my m4 pro MacBook or my iPhone so attaching the debugger has been tricky and I don't see much in the way of useful logs in console app either just a swarm of noise. Im fairly confident it's an issue to writing to temporary storage from the gomobile c library and not much else. App was working great on macOS designed for iPad which just seemed rather ironic that an iOS code base runs better on macOS than it was able to on my iPhone 16 pro max. Like im all for the sandbox I just wish it didn't treat c level gomobile libraries different than it treats the swift code itself.

In the FileProvider framework, most of the functions (such as fetchPartialContentsForItemWithIdentifier, fetchContentsForItemWithIdentifier etc.) are expected to return an NSProgress object. In a case where an error is encountered before the function returns the NSProgress object, is it allowed to invoke the completionHandler with an error prior to returning the NSProgress object to the File Provider framework?