Explore the core architecture of the operating system, including the kernel, memory management, and process scheduling.

Post

Replies

Boosts

Views

Activity

USB bulk transfer in C
Hi, I need to write an application (possibly using C) to communicate with a USB High Speed Device CDC class I am developing, but unfortunately I have no development experience under Mac OS, so I am here to ask for a few help/advice. I hope I am in the right place. Since I have a working code using libusb on Linux, I have first tried to use such lib on a Mac OS without success. The device is listed correctly using ioreg -w0 -l -p but it seems to be always busy: MYUSBDEVICE@fa410000 <class IOUSBHostDevice, id 0x100001769, registered, matched, active, busy 0 (262 ms), retain 24> in fact, attempting to use libusb always results in error: LIBUSB_ERROR_NOT_FOUND libusb_bulk_transfer: Entity not found After searching a bit, I have read that it is impossible (?) to use libusb on MacOS. Then I came across these following pages: https://developer.apple.com/library/archive/documentation/DeviceDrivers/Conceptual/USBBook/USBDeviceInterfaces/USBDevInterfaces.html https://developer.apple.com/documentation/usbdriverkit I would possible avoid to write a CDC kernel driver for my application, so link #2 seems more appropriate to what I need. But isn't it available any API to develop USB CDC communications C application on MacOS ? Any suggestion is appreciated. Thanks in advance. Regards, Simon
1
0
68
1d
iOS 18.1-18.3 Bluetooth is not working (infinity restarting)
The Bluetooth on my iPhone 14 hasn’t been working for a week now. Everything was fine until, at some point, it started endlessly turning on and off by itself. I’ve tried resetting the settings, doing a hard reset, updating to iOS 18.3—none of these helped. I even deleted all VPN profiles just in case (I saw this suggested on forums), but that didn’t work either. According to forums, this bug has existed since September and affects thousands of people. The constant cycling causes the Bluetooth settings to freeze. Please help! My watch, headphones, car—everything has turned into a pumpkin!
1
0
436
3w
Unexpected Permission denied error on file sharing volume
I am getting recurring errors running code on macOS 15.1 on arm that is using a volume mounted from a machine running macOS 14.7.1 on x86. The code I am running copies files to the remote volume and deletes files and directories on the remote volume. The files and directories it deletes are typically files it previously had copied. The problem is that I get permission failures trying to delete certain directories. After this happens, if I try to list the directory using Terminal on the 15.1 system, I get a strange error: ls -lA TestVAppearances.app/Contents/runtime-arm/Contents total 0 ls: fts_read: Permission denied If I try to list the directory on the target (14.7.1) system, there is no error: TestVAppearances.app/Contents/runtime-arm/Contents: total 0
33
0
1.4k
Nov ’24
ES_EVENT_TYPE_NOTIFY_CREATE called but ES_EVENT_TYPE_AUTH_CREATE not called
When I'm using Endpoint Security to monitor the file creation behavior of Keynote, I've noticed that when I choose to export a Keynote file as an HTML file, ES only triggers the ES_EVENT_TYPE_NOTIFY_CREATE notification for the index.html file, and the ES_EVENT_TYPE_AUTH_CREATE is not triggered. I've double - checked my code many times, and I'm pretty sure there's no error in it. Does ES only call the notification event without calling the authorization event under certain circumstances? Or is this a bug in ES?
1
0
78
20h
Choosing between xpc or an af_unix / domain socket
I have two privileged service(s) and a desktop app. The privileged services are packaged into /Library/*** and are run using launchd at runtime. The desktop app is just dropped into /Applications. The desktop app connects to one of the services (let's say service "B") via XPC. That is, B is running an XPC listener (using libxpc). Both applications are written in golang with xpc interaction via CGO. This is all working fine: The desktop app is receiving notifications over XPC from service B. However, during our build we dump the built and signed apps (before .pkg'ing) into a dist folder. When we run the app (using a makefile target), we copy the services from dist to another location as root, then execute the binaries directly. This is problematic for the desktop app, because my understanding is that XPC requires launchd to assert the namespace it's under. Thus, when service B is launched this way, it says "operation not permitted." We also want to reserve the ability to run a production version of our app on the same machine (drink our own champagne and all that), and I would like to avoid having development versions running on startup, so I don't want to use the same launch configurations. MacOS is one of three platforms we support (linux, windows as well). Our IPC implementation under MacOS uses XPC via golang build tags. Questions: Is it possible to start the XPC server without using launchd, or by using launchd but without registering it as an actual service? Is this a use case where using a unix domain socket would be better (albeit i feel like securing the socket between the privileged / unprivileged process would be ... fun). Additional / somewhat unrelated questions: is it possible for me to somehow restrict another process from chatting with service B over XPC (restrict to my other desktop app)? This is an app bundle question, so very unrelated: The service "app" that contains services A and B is in /Library, with the plist pointing to A, but B resides in Contents/MacOS next to A. Should this be split out into its own app bundle under Frameworks, or is this fine?
0
0
60
5h
Couldn't read USB device endpoints on MacOS15.3
Hi Folks, We are reading the USB device data from our app using libusb/iokit libraries. Before updating the MacOS to the 15.3 we never faced any issue but after updating OS to 15.3 Sequoia we started facing issue to access the USB device's information. We are not getting the device endpoints for the matching service and fails with below error- Error:Failed to create IOUSBHostObject. with reason: IOServiceOpen failed. Respective code snippet- service = IOServiceGetMatchingService(kIOMasterPortDefault, matchingDictionary); IOUSBHostInterface* interface = [[IOUSBHostInterface alloc] initWithIOService:service options:IOUSBHostObjectInitOptionsDeviceCapture queue:*queue error:&error interestHandler:nil]; We get the denial message during accessing the IOService error 23:17:30.691934-0800 kernel 41 duplicate reports for Sandbox: spotlightknowledged(1399) deny(1) mach-lookup com.apple.diagnosticd error 23:17:30.691945-0800 kernel System Policy: com.prograde.pgdrefreshpro.helpe(70515) deny(1) iokit-open-service IOUSBHostInterface Also when we checked the IOUSBHOST logs we can see pipes are stalled while running the RefreshPro app as below- 2025-02-05 22:06:31.838141-0800 0x25913e Error 0x0 0 0 kernel: (IOUSBHostFamily) AppleUSBIORequest: AppleUSBIORequest::complete: device 8 (SD PG05.5@08210000) endpoint 0x00: status 0xe0005000 (pipe stalled): 0 bytes transferred We need an assistance here to know what exactly could be the cause and how can we elevate the permissions to access the USB device on MacOS15.3. Do we need other entitlements? As we never faced such issue with our certificate and Identifier on any MacOS versions and with the current entitlements we have. Do we need to include any entitlement in the code? Thanks.
10
2
299
1w
Bluetooth driver crashes on IOS 18.2.1 (22C161)
I have been trying to investigate some of the kernel crashes I have noticed on my IOS crash logs. Some of these are in device driver software for the peripheral interfaces. Given that the driver code executes with kernel privileges, these kind of crashes leave the device vulnerable to remote code injection, with no user interaction required in some cases. Crash Report from IOS 18.2.1 If Apple can provide the symbol table for IOS 18.2.1 blue tooth driver and source code, I can gladly help investigate this further.
1
0
91
1d
Can't refresh contents of File Provider -managed folder (Dropbox)
I want a user to be able to save a URL of a folder on a cloud share using the standard FileManager APIs. I'm testing with Dropbox in particular. The initial interaction is working (I can select a folder, save it as a bookmark, and scan the files in that folder). However, no changes made externally to the folder will be reflected in the app when I refresh the contents. Launching the Files app and browsing to the folder DOES show the updated contents, and once that step is complete, then my app will again show up-to-date contents. Is there perhaps some API I should be calling to trigger the Dropbox File Provider extension to update it's cache? Sample project demonstrating issue: https://github.com/dhennessy/FolderScan STEPS TO REPRODUCE Launch the app on a physical device Tap Choose, browse to folder on a Dropbox share, tap Open to select The app will show the contents of the folder (the 'test' folder) Switch to the Dropbox app and create a new subfolder of the test folder Return to the test app and tap Refresh. Notice that the changes do not appear Re-launching the app also does not show the changes Workaround Launch the Files app (or re-open the UIDocumentPickerViewController by tapping choose and then dismiss it) Tap Refresh and the changes will appear in the app Note: None of the other 'cloud file providers' (google drive, one drive, box) even allow the user to even select a folder.
0
0
30
15h
Use of Undocumented IOKit APIs
I'm writing some code, intended to be run on macOS (not IOS). My code could greatly benefit from using IOReport, which is an undocumented IOKit API for obtaining various metrics like energy consumption on an Apple processor. I don't plan to submit my program to the App Store, but I do plan on making the Git repo containing my code public. My understanding is that using undocumented IOKit APIs is strictly forbidden for IOS or macOS applications intended to be made available on the App Store. But what about programs not intended to be submitted to the App Store, like in my case? I'm wondering if anybody knows what Apple's policy is regarding using undocumented APIs in such a way on macOS.
1
0
136
1d
How to get ApplicationSupportDirectory from FileProvider extension?
I get the ApplicationSupportDirectory path like this: let path = NSSearchPathForDirectoriesInDomains(.applicationSupportDirectory, .userDomainMask, true)[0] as String however for FileProvider plugin it looks like: /var/mobile/Containers/Data/PluginKitPlugin/.../Library/Application Support/rclone.conf instead of what I get for an Application: /var/mobile/Containers/Data/Application/.../Library/Application Support I need a way to get the Application's Support Directory from the FileProvider plugin. Is that possible? If not, what other shared location I could use to access shared file between these two?
1
0
61
1d
Kernel panic in mac_label_verify()
Accessing a directory on my custom distributed filesystem results in a kernel panic. According to the backtrace, the last function called before the panic is triggered is mac_label_verify(). See the backtrace file attached. mac_label_verify-panic.txt The panic manifests itself given the following conditions: Machine-a: make a directory in Finder. Machine-b: remove the directory created on machine-a in Finder. Machine-a: access the directory removed on machine-b in Finder. Kernel panic ensues. The panic is reproducible on both Apple Silicon and x86-64. The backtrace is for x86-64 as I wasn't able to symbolicate it on Apple Silicon. Not sure how to tackle this one. Any pointers would be much appreciated.
12
0
784
Nov ’24
Sequoia Group Container for Mac Catalyst Apps
Prior to Sequoia, Mac Catalyst Apps worked fine when using group folders that started with group. They now get an alert that the Mac Catalyst app is trying to access data from other applications. This may also impact some SwiftUI developers. According to this the documentation for the App Group Entitlements entitlement, on macOS we should begin use the Team Identifier instead of group. Should Mac Catalyst follow the macOS or iOS rules for com.apple.security.application-groups? If they should need to follow the macOS rules now, that creates several issues for developers. We would now need separate build targets to pick up the different Entitlements files. More distressing is that we would need to do some kind of migration process to get our files to the new location. There wouldn't be a transparent way to do so where the user wasn't warned about the application accessing files that don't belong to it. Any clarification on what Mac Catalyst developers should be doing to prepare for Sequoia would be greatly appreciated.
18
5
2.3k
Jun ’24
Porting VFS kext to FSKit
So if one were to start the attempt of porting an existing kext VFS filesystem, to use the new FSKit (Since presumably kexts could go away), how would that look now? Is it ready? Are there any samples out there that already works (Filesystem using FSKit) ? How is the documentation? ChatGPT did not seem to know much at all. What would be Apple's reception to that? How flexible is FSKit ? Is it locked to the idea of a mount is connected to a physical device (or partition)? Or is it more virtual, in that I will have a pool of disks, and present 1, or many, mount points?
3
0
982
Oct ’24
Kernel panic related to Watchdog in custom virtual file system
Hi. I am facing a panic in distributed virtual filesystem of my own making. The panic arises on attempt of copying a large folder, or writing a large file (both around 20gb). An important note here is that the amount of files we try to copy is larger than available space (for testing purposes, the virtual file system had a capacity of 18 gigabytes). The panic arises somewhere on 12-14gigabytes deep into copying. On the moment of panic, there are still several gigabytes of storage left. The problem is present for sure for such architectures and macOS versions: Sonoma 14.7.1 arm64e Monterey 12.7.5 arm64e Ventura 13.7.1 intel Part from panic log from Ventura 13.7.1 intel, with symbolicated addresses: panic(cpu 2 caller 0xffffff80191a191a): watchdog timeout: no checkins from watchdogd in 90 seconds (48 total checkins since monitoring last enabled) Panicked task 0xffffff907c99f698: 191 threads: pid 0: kernel_task Backtrace (CPU 2), panicked thread: 0xffffff86e359cb30, Frame : Return Address 0xffffffff001d7bb0 : 0xffffff8015e70c7d mach_kernel : _handle_debugger_trap + 0x4ad 0xffffffff001d7c00 : 0xffffff8015fc52e4 mach_kernel : _kdp_i386_trap + 0x114 0xffffffff001d7c40 : 0xffffff8015fb4df7 mach_kernel : _kernel_trap + 0x3b7 0xffffffff001d7c90 : 0xffffff8015e11971 mach_kernel : _return_from_trap + 0xc1 0xffffffff001d7cb0 : 0xffffff8015e70f5d mach_kernel : _DebuggerTrapWithState + 0x5d 0xffffffff001d7da0 : 0xffffff8015e70607 mach_kernel : _panic_trap_to_debugger + 0x1a7 0xffffffff001d7e00 : 0xffffff80165db9a3 mach_kernel : _panic_with_options + 0x89 0xffffffff001d7ef0 : 0xffffff80191a191a com.apple.driver.watchdog : IOWatchdog::userspacePanic(OSObject*, void*, IOExternalMethodArguments*) (.cold.1) 0xffffffff001d7f20 : 0xffffff80191a10a1 com.apple.driver.watchdog : IOWatchdog::checkWatchdog() + 0xd7 0xffffffff001d7f50 : 0xffffff80174f960b com.apple.driver.AppleSMC : SMCWatchDogTimer::watchdogThread() + 0xbb 0xffffffff001d7fa0 : 0xffffff8015e1119e mach_kernel : _call_continuation + 0x2e Kernel Extensions in backtrace: com.apple.driver.watchdog(1.0)[BD08CE2D-77F5-358C-8F0D-A570540A0BE7]@0xffffff801919f000->0xffffff80191a1fff com.apple.driver.AppleSMC(3.1.9)[DD55DA6A-679A-3797-947C-0B50B7B5B659]@0xffffff80174e7000->0xffffff8017503fff dependency: com.apple.driver.watchdog(1)[BD08CE2D-77F5-358C-8F0D-A570540A0BE7]@0xffffff801919f000->0xffffff80191a1fff dependency: com.apple.iokit.IOACPIFamily(1.4)[D342E754-A422-3F44-BFFB-DEE93F6723BC]@0xffffff8018446000->0xffffff8018447fff dependency: com.apple.iokit.IOPCIFamily(2.9)[481BF782-1F4B-3F54-A34A-CF12A822C40D]@0xffffff80188b6000->0xffffff80188e7fff Process name corresponding to current thread (0xffffff86e359cb30): kernel_task Boot args: keepsyms=1 Mac OS version: 22H221 Kernel version: Darwin Kernel Version 22.6.0: Thu Sep 5 20:48:48 PDT 2024; root:xnu-8796.141.3.708.1~1/RELEASE_X86_64 The origin of the problem is surely inside my filesystem. However, the panic happens not there but somewhere in watchdog. As far as I can tell, the source code for watchdog is not available for public. I can't understand what causes the panic. Let's say we have run out of space. Couldn't write data. Writing received a proper error message and aborted. That's what is expected. However, it is unclear for why the panic arises.
4
0
187
1w
Diagnosing iOS disc contention impacting networking?
When my app launches, it makes maybe 9 or so network requests to load initial data. It also reads some data from disc. Sporadically, I'm seeing an issue where some of the network requests succeed, but anything involving reading from disc does not load immediately. I'm able to move around in the app, tap buttons, swap tabs, swipe pages, so my main actor isn't stuck. Other data that don't involve disc reading / writing is also blank. About 2 minutes in, suddenly everything loads (both stuff from disc and stuff from the network), nearly instantly, the way it should have done when the app launched. Server logs show more initial network requests succeed than we can see data loaded in the app, and then about 2 minutes later, there's a flood of the rest of the requests which then succeed. The responses to some of these initial network requests cause us to make other network requests, and the sever sees some of those start right away. However, other consequences of these first requests are to touch the disc (to search for manually-cached data), and anything that is supposed to happen after that does not succeed until the 2 minute mark. But what bothers me is some things in the app which don't touch the disc also seem to have successful network requests. I'm seeing it on an iPhone 14Pro running iOS 18.2.1, with 607 GB of disc space available. When I take screenshots of the loading screens in my app during the apparent freeze, the clock in the screenshots are right - they reflect the clock at the moment I took the screenshot, but the EXIF data in all dozen or so images shows the exact second 2 minutes later when the server gets the resulting flood of network requests. Screenshots taken after the freeze is over have exif timestamps that match the screenshots, as short as 5 seconds after the freeze ends. The screenshot file names, though sequential, are out of order. for instance, some screenshots from 12:58 have file names numbered after screenshots taken at 12:59. but not all are out of order. This seems like disc contention has spread outside the app, and is impacting the system writing the images to disc. How do I diagnose a cause for this? How does disc contention affect the networking? I have caching turned off for my network requests. We only have a manual image cache, but I don't know how that would stall the display of data that should fetch and display without attempting to hit the image cache. This happens maybe a couple of times a day for some people, maybe once every couple of weeks for others, but of course, it never when we're trying to debug it.
6
0
215
3w
Problems with macro - probably after update
yesterday my Xcode app worked, I upgraded my Xcode and simulator today, but now i suddenly get: error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser8FeedViewV4jobs33_842833018C1C855C625C2C0F4D027584LL5QueryfMa_.swift" error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser8FeedViewV4jobs33_842833018C1C855C625C2C0F4D027584LL5QueryfMa_.swift" error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser4UserC8username18_PersistedPropertyfMa_.swift" error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser4UserC8username18_PersistedPropertyfMa_.swift" error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser4UserC8username18_PersistedPropertyfMa_.swift" and i also get this: objc[11474]: Class AKBiometricRatchetUtility is implemented in both /Library/Developer/CoreSimulator/Volumes/iOS_22C150/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.2.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/AuthKitUI.framework/AuthKitUI (0x12ff2d898) and /Library/Developer/CoreSimulator/Volumes/iOS_22C150/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.2.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/AuthKit.framework/AuthKit (0x114a0b1f0). One of the two will be used. Which one is undefined. ``` can it be that they are some how relatet? Or what else can it be? I have tried to delete derrieved data, clean folder eg.
1
0
164
4d
Testing endpoint security on a virtual Mac
I am having difficulty getting my container app with an embedded endpoint security extension to work on a virtual Mac. My virtual Mac has system integrity protection turned off. I have used spctl and System Settings to allow applications from anywhere. I am using the development entitlement profile to sign my container app. When I run my app, it crashes with Termination Reason: COODESIGNING 1 Taskgated Invalid Signature. I assume this has to do with the app being signed with my developer profile that contains a list of Macs that can run the software. How can test my endpoint security extension on a virtual Mac?
3
0
173
5d
Operator new/delete override only work for the first time for an iOS App on iOS16
Phenomenon We've found operator new/delete override in iOS app, only works for the first time when the app launches on iOS16, operator override is not working in the second and subsequent launch of the same app. Steps to reproduce Development environment: XCode 16.2 Create a new iOS Objective-C project in XCode In the project options page, choose the following settings: Name the project: OverrideNew Interface: Storyboard Language: Objective-C Testing System: None Add test code Change AppDelegate.m's file name to AppDelegate.mm to add the following C++ test code. Add the following code after #import "AppDelegate.h" #include &lt;os/log.h&gt; #include &lt;string&gt; static bool needLog = false; void* operator new(size_t size) { void* ptr = malloc(size); if(needLog) { // Log to prove override new works os_log_error(OS_LOG_DEFAULT, "Overrided new called. ptr: %p\n", ptr); } return ptr; } void operator delete(void* ptr) noexcept { free(ptr); if(needLog) { // Log to prove override delete works os_log_error(OS_LOG_DEFAULT, "Overrided delete called. ptr: %p\n", ptr); } } void StringConstructTest(void) { needLog = true; os_log_error(OS_LOG_DEFAULT, "Enter StringConstructTest1\n"); { std::string str; // a long string will trigger memory allocation on heap str = "Hello world and this is a long string.\n"; os_log_error(OS_LOG_DEFAULT, "%{public}s\n", str.c_str()); } os_log_error(OS_LOG_DEFAULT, "Exit StringConstructTest1\n"); needLog = false; } Call StringConstructTest() in didFinishLaunchingWithOptions method: - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { // Override point for customization after application launch. StringConstructTest(); return YES; } Change build settings Change Minimum Deployments: iOS 16. Build and run the project on an iOS16 device, emulator can not reproduce the problem. Observe logs in Console app on Mac Use the following log filters: message type: error process: OverrideNew First launch First launch on device(not from a XCode debug launch), the log is: Enter StringConstructTest1 Overrided new called. ptr: 0x281f2f450 Hello world and this is a long string. Overrided delete called. ptr: 0x281f2f450 Exit StringConstructTest1 "Overrided new called" proved the override new operator is called. Second and subsequence launch Second and subsequence launch on device(not from a XCode debug launch), the log is: Enter StringConstructTest1 Hello world and this is a long string. Exit StringConstructTest1 No log for "Overrided new called", the subsequence launch, the override operator new is not called anymore. Expected behavior For every app launch, log "Overrided new called" will happen and operator override works. On iOS16, operator override only works for the first launch. I've also tested on iOS18, operator override works every time as expected. Question Is there a way to force operator override works every time on iOS16?
4
0
174
6d