Post

Replies

Boosts

Views

Activity

Reply to Unclear working of Local Network Privacy feature on macOS Sequoia
Hello! Thank you very much for your response! We greatly appreciate the chance to discuss Apple's technologies with their engineers! [quote='798218022, DTS Engineer, /thread/760964?answerId=798218022#798218022'] If you run a tool from Terminal, then Terminal is considered the responsible code and, as a system app, it’s not subject to local network privacy. [/quote] I have conducted more experiments and have attached the new results to FB14581221 (bundled_as_cli_term). If you run the bundled application for the first time through the terminal, a prompt will appear for the Terminal.app. This is not the case for me, but the results of the experiment don't match your expectations: [quote='798218022, DTS Engineer, /thread/760964?answerId=798218022#798218022'] If you run an executable as a launchd daemon, it runs as root and local network privacy does not apply to code running as root. [/quote] Here my experiments also show different results - if the bundled application is launched as a launchd daemon, the prompt will appear, even though the app runs with root privileges (see "bundled_as_daemon" in the attachments for FB14581221): The latter scenario has an impact on the user experience of my application and I would like to prepare carefully for changes in the macOS. It would be helpful if you could provide information about the expected outcomes of the scenarios mentioned.
Topic: Privacy & Security SubTopic: General Tags:
Aug ’24
Reply to APFS snapshot revert
Thank you for your response! [quote='814302022, DTS Engineer, /thread/768708?answerId=814302022#814302022'] We don't currently have any mechanism (tool or API) that allows snapshot reversion [/quote] I know that there is a fs_snapshot_* family of functions, and according to its manual "To revert the filesystem to a previous snapshot, the fs_snapshot_revert() can be used". This function is only available to apps/tools that have both the com.apple.developer.vfs.snapshot and the com.apple.private.apfs.revert-to-snapshot entitlements enabled. The latter seems to be available only to Apple itself. So why does the fs_snapshot_revert() function exist if it is not available to third-party developers and is not used by Apple in their tools? By the way, I have disabled SIP and AMFI and tried calling fs_snapshot_revert(), and it worked as expected for me!
Topic: App & System Services SubTopic: Core OS Tags:
Nov ’24
Reply to Does anyone know how to send the SCSI command to the USB Mass Storage Driver with DriverKit?
There's a new SCSIPeripheralsDriverKit framework in macOS Ventura. But I can't mach my simple dext with any attached device. There's no info about required entitlements and values of IOKitPersonalities in the docs.
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Jun ’22
Reply to Unclear working of Local Network Privacy feature on macOS Sequoia
Hello! Thank you very much for your response! We greatly appreciate the chance to discuss Apple's technologies with their engineers! [quote='798218022, DTS Engineer, /thread/760964?answerId=798218022#798218022'] If you run a tool from Terminal, then Terminal is considered the responsible code and, as a system app, it’s not subject to local network privacy. [/quote] I have conducted more experiments and have attached the new results to FB14581221 (bundled_as_cli_term). If you run the bundled application for the first time through the terminal, a prompt will appear for the Terminal.app. This is not the case for me, but the results of the experiment don't match your expectations: [quote='798218022, DTS Engineer, /thread/760964?answerId=798218022#798218022'] If you run an executable as a launchd daemon, it runs as root and local network privacy does not apply to code running as root. [/quote] Here my experiments also show different results - if the bundled application is launched as a launchd daemon, the prompt will appear, even though the app runs with root privileges (see "bundled_as_daemon" in the attachments for FB14581221): The latter scenario has an impact on the user experience of my application and I would like to prepare carefully for changes in the macOS. It would be helpful if you could provide information about the expected outcomes of the scenarios mentioned.
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
Aug ’24
Reply to APFS snapshot revert
Thank you for your response! [quote='814302022, DTS Engineer, /thread/768708?answerId=814302022#814302022'] We don't currently have any mechanism (tool or API) that allows snapshot reversion [/quote] I know that there is a fs_snapshot_* family of functions, and according to its manual "To revert the filesystem to a previous snapshot, the fs_snapshot_revert() can be used". This function is only available to apps/tools that have both the com.apple.developer.vfs.snapshot and the com.apple.private.apfs.revert-to-snapshot entitlements enabled. The latter seems to be available only to Apple itself. So why does the fs_snapshot_revert() function exist if it is not available to third-party developers and is not used by Apple in their tools? By the way, I have disabled SIP and AMFI and tried calling fs_snapshot_revert(), and it worked as expected for me!
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Nov ’24