Hi,
I need to write an application (possibly using C) to communicate with a USB High Speed Device CDC class I am developing, but unfortunately I have no development experience under Mac OS, so I am here to ask for a few help/advice. I hope I am in the right place.
Since I have a working code using libusb on Linux, I have first tried to use such lib on a Mac OS without success. The device is listed correctly using
ioreg -w0 -l -p
but it seems to be always busy:
MYUSBDEVICE@fa410000 <class IOUSBHostDevice, id 0x100001769, registered, matched, active, busy 0 (262 ms), retain 24>
in fact, attempting to use libusb always results in error:
LIBUSB_ERROR_NOT_FOUND
libusb_bulk_transfer: Entity not found
After searching a bit, I have read that it is impossible (?) to use libusb on MacOS.
Then I came across these following pages:
https://developer.apple.com/library/archive/documentation/DeviceDrivers/Conceptual/USBBook/USBDeviceInterfaces/USBDevInterfaces.html
https://developer.apple.com/documentation/usbdriverkit
I would possible avoid to write a CDC kernel driver for my application, so link #2 seems more appropriate to what I need.
But isn't it available any API to develop USB CDC communications C application on MacOS ?
Any suggestion is appreciated.
Thanks in advance.
Regards,
Simon
Core OS
RSS for tagExplore the core architecture of the operating system, including the kernel, memory management, and process scheduling.
Post
Replies
Boosts
Views
Activity
The Bluetooth on my iPhone 14 hasn’t been working for a week now. Everything was fine until, at some point, it started endlessly turning on and off by itself. I’ve tried resetting the settings, doing a hard reset, updating to iOS 18.3—none of these helped. I even deleted all VPN profiles just in case (I saw this suggested on forums), but that didn’t work either. According to forums, this bug has existed since September and affects thousands of people. The constant cycling causes the Bluetooth settings to freeze. Please help! My watch, headphones, car—everything has turned into a pumpkin!
I am getting recurring errors running code on macOS 15.1 on arm that is using a volume mounted from a machine running macOS 14.7.1 on x86. The code I am running copies files to the remote volume and deletes files and directories on the remote volume. The files and directories it deletes are typically files it previously had copied.
The problem is that I get permission failures trying to delete certain directories.
After this happens, if I try to list the directory using Terminal on the 15.1 system, I get a strange error:
ls -lA TestVAppearances.app/Contents/runtime-arm/Contents
total 0
ls: fts_read: Permission denied
If I try to list the directory on the target (14.7.1) system, there is no error:
TestVAppearances.app/Contents/runtime-arm/Contents:
total 0
When I'm using Endpoint Security to monitor the file creation behavior of Keynote, I've noticed that when I choose to export a Keynote file as an HTML file, ES only triggers the ES_EVENT_TYPE_NOTIFY_CREATE notification for the index.html file, and the ES_EVENT_TYPE_AUTH_CREATE is not triggered. I've double - checked my code many times, and I'm pretty sure there's no error in it. Does ES only call the notification event without calling the authorization event under certain circumstances? Or is this a bug in ES?
I have two privileged service(s) and a desktop app. The privileged services are packaged into /Library/*** and are run using launchd at runtime. The desktop app is just dropped into /Applications.
The desktop app connects to one of the services (let's say service "B") via XPC. That is, B is running an XPC listener (using libxpc). Both applications are written in golang with xpc interaction via CGO.
This is all working fine: The desktop app is receiving notifications over XPC from service B. However, during our build we dump the built and signed apps (before .pkg'ing) into a dist folder. When we run the app (using a makefile target), we copy the services from dist to another location as root, then execute the binaries directly. This is problematic for the desktop app, because my understanding is that XPC requires launchd to assert the namespace it's under. Thus, when service B is launched this way, it says "operation not permitted." We also want to reserve the ability to run a production version of our app on the same machine (drink our own champagne and all that), and I would like to avoid having development versions running on startup, so I don't want to use the same launch configurations.
MacOS is one of three platforms we support (linux, windows as well). Our IPC implementation under MacOS uses XPC via golang build tags.
Questions:
Is it possible to start the XPC server without using launchd, or by using launchd but without registering it as an actual service?
Is this a use case where using a unix domain socket would be better (albeit i feel like securing the socket between the privileged / unprivileged process would be ... fun).
Additional / somewhat unrelated questions:
is it possible for me to somehow restrict another process from chatting with service B over XPC (restrict to my other desktop app)?
This is an app bundle question, so very unrelated: The service "app" that contains services A and B is in /Library, with the plist pointing to A, but B resides in Contents/MacOS next to A. Should this be split out into its own app bundle under Frameworks, or is this fine?
Hi Folks,
We are reading the USB device data from our app using libusb/iokit libraries.
Before updating the MacOS to the 15.3 we never faced any issue but after updating OS to 15.3 Sequoia we started facing issue to access the USB device's information.
We are not getting the device endpoints for the matching service and fails with below error-
Error:Failed to create IOUSBHostObject. with reason: IOServiceOpen failed.
Respective code snippet-
service = IOServiceGetMatchingService(kIOMasterPortDefault, matchingDictionary);
IOUSBHostInterface* interface = [[IOUSBHostInterface alloc] initWithIOService:service
options:IOUSBHostObjectInitOptionsDeviceCapture
queue:*queue
error:&error
interestHandler:nil];
We get the denial message during accessing the IOService
error 23:17:30.691934-0800 kernel 41 duplicate reports for Sandbox: spotlightknowledged(1399) deny(1) mach-lookup com.apple.diagnosticd
error 23:17:30.691945-0800 kernel System Policy: com.prograde.pgdrefreshpro.helpe(70515) deny(1) iokit-open-service IOUSBHostInterface
Also when we checked the IOUSBHOST logs we can see pipes are stalled while running the RefreshPro app as below-
2025-02-05 22:06:31.838141-0800 0x25913e Error 0x0 0 0 kernel: (IOUSBHostFamily) AppleUSBIORequest: AppleUSBIORequest::complete: device 8 (SD PG05.5@08210000) endpoint 0x00: status 0xe0005000 (pipe stalled): 0 bytes transferred
We need an assistance here to know what exactly could be the cause and how can we elevate the permissions to access the USB device on MacOS15.3.
Do we need other entitlements? As we never faced such issue with our certificate and Identifier on any MacOS versions and with the current entitlements we have.
Do we need to include any entitlement in the code?
Thanks.
I have been trying to investigate some of the kernel crashes I have noticed on my IOS crash logs. Some of these are in device driver software for the peripheral interfaces.
Given that the driver code executes with kernel privileges, these kind of crashes leave the device vulnerable to remote code injection, with no user interaction required in some cases.
Crash Report from IOS 18.2.1
If Apple can provide the symbol table for IOS 18.2.1 blue tooth driver and source code, I can gladly help investigate this further.
We developing a app called Parentgeenee. It's a Parental control app having any limitations on app block from child mobile. Trying to block more than 500 apps but not blocking if any particular method to block a bulk apps.
I want a user to be able to save a URL of a folder on a cloud share using the standard FileManager APIs. I'm testing with Dropbox in particular. The initial interaction is working (I can select a folder, save it as a bookmark, and scan the files in that folder). However, no changes made externally to the folder will be reflected in the app when I refresh the contents.
Launching the Files app and browsing to the folder DOES show the updated contents, and once that step is complete, then my app will again show up-to-date contents.
Is there perhaps some API I should be calling to trigger the Dropbox File Provider extension to update it's cache?
Sample project demonstrating issue: https://github.com/dhennessy/FolderScan
STEPS TO REPRODUCE
Launch the app on a physical device
Tap Choose, browse to folder on a Dropbox share, tap Open to select
The app will show the contents of the folder (the 'test' folder)
Switch to the Dropbox app and create a new subfolder of the test folder
Return to the test app and tap Refresh. Notice that the changes do not appear
Re-launching the app also does not show the changes
Workaround
Launch the Files app (or re-open the UIDocumentPickerViewController by tapping choose and then dismiss it)
Tap Refresh and the changes will appear in the app
Note: None of the other 'cloud file providers' (google drive, one drive, box) even allow the user to even select a folder.
I'm writing some code, intended to be run on macOS (not IOS). My code could greatly benefit from using IOReport, which is an undocumented IOKit API for obtaining various metrics like energy consumption on an Apple processor. I don't plan to submit my program to the App Store, but I do plan on making the Git repo containing my code public.
My understanding is that using undocumented IOKit APIs is strictly forbidden for IOS or macOS applications intended to be made available on the App Store.
But what about programs not intended to be submitted to the App Store, like in my case?
I'm wondering if anybody knows what Apple's policy is regarding using undocumented APIs in such a way on macOS.
I get the ApplicationSupportDirectory path like this:
let path = NSSearchPathForDirectoriesInDomains(.applicationSupportDirectory, .userDomainMask, true)[0] as String
however for FileProvider plugin it looks like:
/var/mobile/Containers/Data/PluginKitPlugin/.../Library/Application Support/rclone.conf
instead of what I get for an Application:
/var/mobile/Containers/Data/Application/.../Library/Application Support
I need a way to get the Application's Support Directory from the FileProvider plugin.
Is that possible? If not, what other shared location I could use to access shared file between these two?
Accessing a directory on my custom distributed filesystem results in a kernel panic.
According to the backtrace, the last function called before the panic is triggered is mac_label_verify().
See the backtrace file attached.
mac_label_verify-panic.txt
The panic manifests itself given the following conditions:
Machine-a: make a directory in Finder.
Machine-b: remove the directory created on machine-a in Finder.
Machine-a: access the directory removed on machine-b in Finder. Kernel panic ensues.
The panic is reproducible on both Apple Silicon and x86-64.
The backtrace is for x86-64 as I wasn't able to symbolicate it on Apple Silicon.
Not sure how to tackle this one.
Any pointers would be much appreciated.
Prior to Sequoia, Mac Catalyst Apps worked fine when using group folders that started with group. They now get an alert that the Mac Catalyst app is trying to access data from other applications. This may also impact some SwiftUI developers.
According to this the documentation for the App Group Entitlements entitlement, on macOS we should begin use the Team Identifier instead of group.
Should Mac Catalyst follow the macOS or iOS rules for com.apple.security.application-groups? If they should need to follow the macOS rules now, that creates several issues for developers. We would now need separate build targets to pick up the different Entitlements files. More distressing is that we would need to do some kind of migration process to get our files to the new location. There wouldn't be a transparent way to do so where the user wasn't warned about the application accessing files that don't belong to it.
Any clarification on what Mac Catalyst developers should be doing to prepare for Sequoia would be greatly appreciated.
So if one were to start the attempt of porting an existing kext VFS filesystem, to use the new FSKit (Since presumably kexts could go away), how would that look now?
Is it ready? Are there any samples out there that already works (Filesystem using FSKit) ?
How is the documentation? ChatGPT did not seem to know much at all.
What would be Apple's reception to that?
How flexible is FSKit ? Is it locked to the idea of a mount is connected to a physical device (or partition)? Or is it more virtual, in that I will have a pool of disks, and present 1, or many, mount points?
Can I launch all the launchAgents associated with a user before they log in? If so, is there an event or mechanism I can use or simulate to achieve this?
Is it possible to delay the login mechanism, till all the launchAgents are loaded.
Looking for guidance on how to approach this.
Hi.
I am facing a panic in distributed virtual filesystem of my own making.
The panic arises on attempt of copying a large folder, or writing a large file (both around 20gb).
An important note here is that the amount of files we try to copy is larger than available space (for testing purposes, the virtual file system had a capacity of 18 gigabytes).
The panic arises somewhere on 12-14gigabytes deep into copying. On the moment of panic, there are still several gigabytes of storage left.
The problem is present for sure for such architectures and macOS versions:
Sonoma 14.7.1 arm64e
Monterey 12.7.5 arm64e
Ventura 13.7.1 intel
Part from panic log from Ventura 13.7.1 intel, with symbolicated addresses:
panic(cpu 2 caller 0xffffff80191a191a): watchdog timeout: no checkins from watchdogd in 90 seconds (48 total checkins since monitoring last enabled)
Panicked task 0xffffff907c99f698: 191 threads: pid 0: kernel_task
Backtrace (CPU 2), panicked thread: 0xffffff86e359cb30, Frame : Return Address
0xffffffff001d7bb0 : 0xffffff8015e70c7d mach_kernel : _handle_debugger_trap + 0x4ad
0xffffffff001d7c00 : 0xffffff8015fc52e4 mach_kernel : _kdp_i386_trap + 0x114
0xffffffff001d7c40 : 0xffffff8015fb4df7 mach_kernel : _kernel_trap + 0x3b7
0xffffffff001d7c90 : 0xffffff8015e11971 mach_kernel : _return_from_trap + 0xc1
0xffffffff001d7cb0 : 0xffffff8015e70f5d mach_kernel : _DebuggerTrapWithState + 0x5d
0xffffffff001d7da0 : 0xffffff8015e70607 mach_kernel : _panic_trap_to_debugger + 0x1a7
0xffffffff001d7e00 : 0xffffff80165db9a3 mach_kernel : _panic_with_options + 0x89
0xffffffff001d7ef0 : 0xffffff80191a191a com.apple.driver.watchdog : IOWatchdog::userspacePanic(OSObject*, void*, IOExternalMethodArguments*) (.cold.1)
0xffffffff001d7f20 : 0xffffff80191a10a1 com.apple.driver.watchdog : IOWatchdog::checkWatchdog() + 0xd7
0xffffffff001d7f50 : 0xffffff80174f960b com.apple.driver.AppleSMC : SMCWatchDogTimer::watchdogThread() + 0xbb
0xffffffff001d7fa0 : 0xffffff8015e1119e mach_kernel : _call_continuation + 0x2e
Kernel Extensions in backtrace:
com.apple.driver.watchdog(1.0)[BD08CE2D-77F5-358C-8F0D-A570540A0BE7]@0xffffff801919f000->0xffffff80191a1fff
com.apple.driver.AppleSMC(3.1.9)[DD55DA6A-679A-3797-947C-0B50B7B5B659]@0xffffff80174e7000->0xffffff8017503fff
dependency: com.apple.driver.watchdog(1)[BD08CE2D-77F5-358C-8F0D-A570540A0BE7]@0xffffff801919f000->0xffffff80191a1fff
dependency: com.apple.iokit.IOACPIFamily(1.4)[D342E754-A422-3F44-BFFB-DEE93F6723BC]@0xffffff8018446000->0xffffff8018447fff
dependency: com.apple.iokit.IOPCIFamily(2.9)[481BF782-1F4B-3F54-A34A-CF12A822C40D]@0xffffff80188b6000->0xffffff80188e7fff
Process name corresponding to current thread (0xffffff86e359cb30): kernel_task
Boot args: keepsyms=1
Mac OS version:
22H221
Kernel version:
Darwin Kernel Version 22.6.0: Thu Sep 5 20:48:48 PDT 2024; root:xnu-8796.141.3.708.1~1/RELEASE_X86_64
The origin of the problem is surely inside my filesystem. However, the panic happens not there but somewhere in watchdog. As far as I can tell, the source code for watchdog is not available for public.
I can't understand what causes the panic.
Let's say we have run out of space. Couldn't write data. Writing received a proper error message and aborted. That's what is expected.
However, it is unclear for why the panic arises.
When my app launches, it makes maybe 9 or so network requests to load initial data. It also reads some data from disc.
Sporadically, I'm seeing an issue where some of the network requests succeed, but anything involving reading from disc does not load immediately. I'm able to move around in the app, tap buttons, swap tabs, swipe pages, so my main actor isn't stuck. Other data that don't involve disc reading / writing is also blank. About 2 minutes in, suddenly everything loads (both stuff from disc and stuff from the network), nearly instantly, the way it should have done when the app launched.
Server logs show more initial network requests succeed than we can see data loaded in the app, and then about 2 minutes later, there's a flood of the rest of the requests which then succeed.
The responses to some of these initial network requests cause us to make other network requests, and the sever sees some of those start right away.
However, other consequences of these first requests are to touch the disc (to search for manually-cached data), and anything that is supposed to happen after that does not succeed until the 2 minute mark.
But what bothers me is some things in the app which don't touch the disc also seem to have successful network requests.
I'm seeing it on an iPhone 14Pro running iOS 18.2.1, with 607 GB of disc space available.
When I take screenshots of the loading screens in my app during the apparent freeze, the clock in the screenshots are right - they reflect the clock at the moment I took the screenshot, but the EXIF data in all dozen or so images shows the exact second 2 minutes later when the server gets the resulting flood of network requests. Screenshots taken after the freeze is over have exif timestamps that match the screenshots, as short as 5 seconds after the freeze ends. The screenshot file names, though sequential, are out of order. for instance, some screenshots from 12:58 have file names numbered after screenshots taken at 12:59. but not all are out of order.
This seems like disc contention has spread outside the app, and is impacting the system writing the images to disc.
How do I diagnose a cause for this? How does disc contention affect the networking? I have caching turned off for my network requests. We only have a manual image cache, but I don't know how that would stall the display of data that should fetch and display without attempting to hit the image cache.
This happens maybe a couple of times a day for some people, maybe once every couple of weeks for others, but of course, it never when we're trying to debug it.
yesterday my Xcode app worked, I upgraded my Xcode and simulator today, but now i suddenly get:
error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser8FeedViewV4jobs33_842833018C1C855C625C2C0F4D027584LL5QueryfMa_.swift"
error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser8FeedViewV4jobs33_842833018C1C855C625C2C0F4D027584LL5QueryfMa_.swift"
error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser4UserC8username18_PersistedPropertyfMa_.swift"
error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser4UserC8username18_PersistedPropertyfMa_.swift"
error: the replacement path doesn't exist: "/var/folders/61/cs5w33tx7m92yq6t55h9w7k00000gn/T/swift-generated-sources/@__swiftmacro_6Fikser4UserC8username18_PersistedPropertyfMa_.swift"
and i also get this:
objc[11474]: Class AKBiometricRatchetUtility is implemented in both /Library/Developer/CoreSimulator/Volumes/iOS_22C150/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.2.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/AuthKitUI.framework/AuthKitUI (0x12ff2d898) and /Library/Developer/CoreSimulator/Volumes/iOS_22C150/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.2.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/AuthKit.framework/AuthKit (0x114a0b1f0). One of the two will be used. Which one is undefined.
``` can it be that they are some how relatet? Or what else can it be?
I have tried to delete derrieved data, clean folder eg.
I am having difficulty getting my container app with an embedded endpoint security extension to work on a virtual Mac.
My virtual Mac has system integrity protection turned off. I have used spctl and System Settings to allow applications from anywhere.
I am using the development entitlement profile to sign my container app.
When I run my app, it crashes with Termination Reason: COODESIGNING 1 Taskgated Invalid Signature. I assume this has to do with the app being signed with my developer profile that contains a list of Macs that can run the software.
How can test my endpoint security extension on a virtual Mac?
Phenomenon
We've found operator new/delete override in iOS app, only works for the first time when the app launches on iOS16, operator override is not working in the second and subsequent launch of the same app.
Steps to reproduce
Development environment: XCode 16.2
Create a new iOS Objective-C project in XCode
In the project options page, choose the following settings:
Name the project: OverrideNew
Interface: Storyboard
Language: Objective-C
Testing System: None
Add test code
Change AppDelegate.m's file name to AppDelegate.mm to add the following C++ test code.
Add the following code after #import "AppDelegate.h"
#include <os/log.h>
#include <string>
static bool needLog = false;
void* operator new(size_t size) {
void* ptr = malloc(size);
if(needLog) {
// Log to prove override new works
os_log_error(OS_LOG_DEFAULT, "Overrided new called. ptr: %p\n", ptr);
}
return ptr;
}
void operator delete(void* ptr) noexcept {
free(ptr);
if(needLog) {
// Log to prove override delete works
os_log_error(OS_LOG_DEFAULT, "Overrided delete called. ptr: %p\n", ptr);
}
}
void StringConstructTest(void) {
needLog = true;
os_log_error(OS_LOG_DEFAULT, "Enter StringConstructTest1\n");
{
std::string str;
// a long string will trigger memory allocation on heap
str = "Hello world and this is a long string.\n";
os_log_error(OS_LOG_DEFAULT, "%{public}s\n", str.c_str());
}
os_log_error(OS_LOG_DEFAULT, "Exit StringConstructTest1\n");
needLog = false;
}
Call StringConstructTest() in didFinishLaunchingWithOptions method:
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
// Override point for customization after application launch.
StringConstructTest();
return YES;
}
Change build settings
Change Minimum Deployments: iOS 16.
Build and run the project on an iOS16 device, emulator can not reproduce the problem.
Observe logs in Console app on Mac
Use the following log filters:
message type: error
process: OverrideNew
First launch
First launch on device(not from a XCode debug launch), the log is:
Enter StringConstructTest1
Overrided new called. ptr: 0x281f2f450
Hello world and this is a long string.
Overrided delete called. ptr: 0x281f2f450
Exit StringConstructTest1
"Overrided new called" proved the override new operator is called.
Second and subsequence launch
Second and subsequence launch on device(not from a XCode debug launch), the log is:
Enter StringConstructTest1
Hello world and this is a long string.
Exit StringConstructTest1
No log for "Overrided new called", the subsequence launch, the override operator new is not called anymore.
Expected behavior
For every app launch, log "Overrided new called" will happen and operator override works.
On iOS16, operator override only works for the first launch.
I've also tested on iOS18, operator override works every time as expected.
Question
Is there a way to force operator override works every time on iOS16?