Hello, I have an encrypted dmg file containing a secret file. When a user want's to see the secret, he must mount the dmg and provide password. When the dmg is mounted, every user connected to the computer can see the secret file ! And i don't want this. Is there a way to open a dmg file with swift language, without mounting it ? Thanks

Hello, It is possible to restrict access to Desktop or Documents folder with TCC for a given application in macOS Preferences. For example Terminal is not allowed to access Documents folder. But i have see it is possible to write files or to create directory from Terminal ! I don't understand this behaviour. Is there a particular reason ? Thanks

Can you explain me why it is not possible to work with VZVirtualMachine on iOS ? iPad is working with the same ARM chips than mac. It would be great to create a Linux VM on an iPad pro for example... I am tossing a bottle into the sea... Thanks

Hello, There is something i do not understand about TCC: I have allowed Terminal app to Full Disk Access. I was able to open my current user's TCC.db file with sqlite3 from terminal. I was able to delete entries in access table with sqlite3. I had no errors, but these changes haven't been applied. My question is why was I able to modify TCC.db file ? Is there a specific thing to do to flush privileges ? I have a second question: When an application fires an NSOPenDialog on a cocoa application, the selected file access rule bypasses TCC. This is normal because this is an intent from user. But this file access seems to be stored somewhere because if i reboot computer, my cocoa application can read this file again, without NSOpenDialog opening. I have tried to look in current user's TCC.db file but i did not found anything. My question is: where is this information stored ? Thanks

Hello, I am wondering the value-add of autorelease in swift. Look at this code: for i in (0...10) { autorelease { let obj1=MyClass() ... } } obj1 will be released at the end of autorelease block. But i can also work with a function like this (or a closure): func test() { let obj1=MyClass() ... } for i in (0...10) { test() } obj1 will be released at the end of the test function. Do you agree we have the same result in memory in both cases ? If so, when should we work with autorelease ? Thanks

Hello, I am read some binaries are "SIP protected". SIP means System Integrity Protection. I know this is a security mechanism under macOS. But i don't understand what is a "SIP protected binary". Is it a binary located in a specific folder ? Is it a binary signed with "hardened runtime" ? Thanks

Hello, I have made a basic c program and i have compiled it with gcc. This program has not been signed (i didn't run codesign). When i am trying to run this program from terminal, i don't get any Gatekeeper popup. My first question is... why ? I have create a SwiftUI project with Xcode (Xcode 15). I have set signing settings to "Sign to run locally" (by the way, can you tell me how i can disable signing in Xcode ?) I have opened terminal and i have changed current directory to ~/Library/Developer/Xcode/DerivatedData/..../Products/Debug/MyApp.app/Contents/MacOS folder. Now i get a gatekeeper confirmation popup if run "./Myapp" from terminal. My second question is... Why ? Does that mean Gatekeeper only checks signed binaries ? Thanks

Hello, My purpose is to understand how macOS works. Here is what i've done: I have wrote a c program on a M1 CPU with this lines: printf("Before breakpoint\n"); asm volatile("brk #0"); printf("After breakpoint\n"); When i run this program with lldb, a breakpoint is hit on the second line. So i suppose lldb is writing a "brk #0" instruction when we put a breakpoint manually. I can't continue to next line with lldb "c" command. PC stays on the brk instruction. I need to manually set PC to next instruction in lldb. Now, what i want to do is to create my own debugger. (I want to understand how lldb works). I have managed to ptrace the target program and i was able to catch an event with waitpid when "brk #0" is hit. But i don't know how i can increase PC value and continue execution because i can't do this on Silicon CPU: ptrace(PTRACE_GETREGS, child_pid, NULL, &regs); ptrace(PTRACE_SETREGS, child_pid, NULL, &regs); kill(child_pid, SIGCONT); So my question is: How does lldb managed to change ARM64 registers of a remote process ? Thanks

Hello, I have tried to create a thread with thread_create_running API. It works but i would like to suspend this thread. I can call thread_suspend, but my thread has already been start before i call this API. Is there a way to create a thread without running it automaticaly. Thanks

Hello, Let's imagine an application (Application A) which launch another application (Application B). These applications are bundle apps. What happens if Application B tries to read a file in current user's Documents folder ? TCC will check if the application is allowed to access to Documents folder. But will it check this right for application A or application B (or both ?) I have tried to run an application from Terminal. My terminal is authorized to access to Documents folder. And i am surprised because TCC did not asked me to allow the application itself. It seems TCC is looking for parent process rights. Can you confirm ? Thanks

Hello, I am trying to create a dmg file by launching hdiutil through my swift program. This swift program is sandboxed. Here is what i've done: let hdd_file:String = NSHomeDirectory() + "hdd.dmg.sparseimage" let process = Process() process.launchPath = "/usr/bin/hdiutil" process.arguments = ["create", "-size", "30g", "-fs", "'APFS'", "-volname", "myvolume", "-type", "SPARSE", hdd_file] let pipe = Pipe() process.standardOutput = pipe process.launch() let data = try pipe.fileHandleForReading.readToEnd() print(data) I get this error: hdiutil: create failed - Device not configured I don't understand why i get this error because the dmg file is created in application's sandbox home directory. Or maybe hdiutil is forbidden but i am just creating a dmg file. I am not trying to mount a device. Do you have any idea of how i can create a dmg file from my sandboxed application ? Thanks

Hello, I am trying to download a macOS image with the swift code bellow. I would like to update a NSProgressIndicator component to show download progress. The closure is run on a background thread so i need to do something to force execution on main thread. This is what i am trying to do with DispatchQueue.main.async but it does not work. I have also tried with DispatchQueue.global().async (and both). I have a runtime error saying i can't update UI from background thread. I don't understand why DispatchQueue.main.async does not force execution on main thread. Do you have any idea ? Thanks @IBOutlet weak var progression: NSProgressIndicator! ... func method1() { let downloadTask = URLSession.shared.downloadTask(with: restoreImage.url) { localURL, response, error in ... downloadObserver = downloadTask.progress.observe(\.fractionCompleted, options: [.initial, .new]) { (progress, change) in DispatchQueue.global().async { DispatchQueue.main.async { self.progression.doubleValue = (change.newValue! * 100) // Execution error on this line } } ... }

Hello, I am downloading macOS restore image with VZMacOSRestoreImage, in order to deploy virtual machines. I have just upgraded my host mac to last Sonoma version. So, macOS restore image has just been downloaded on my computer during upgrade procedure. Is there a way to avoid a second download and ask VZMacOSRestoreImage to fetch my last local macOS image ? I think this image is still stored somewhere on my computer... Thanks

Hello, I've come across information regarding macOS endpoint protection software: It seems Apple no longer allows them to create kernel extensions. It seems that endpoint software should now function with MACF by implementing hooks from userland. Does this mean the Endpoint Security Framework will soon become deprecated? I'm currently searching for a sample source code for MACF hooks, but I haven't found anything in the Apple developer documentation. Thanks

Hello, It is possible to restrict Documents folder access with TCC. But when an applications shows a standard "file open" dialog, it is possible to access this directory to open a file. macOS allows file access in this case because it is an intentional action from user. So i suppose there is a kind of whitelist for all files path opened through "file open" dialog. I would like to know how i can access this whitelist and how i can remove entries. Thanks