Hello, Let's imagine an application (Application A) which launch another application (Application B). These applications are bundle apps. What happens if Application B tries to read a file in current user's Documents folder ? TCC will check if the application is allowed to access to Documents folder. But will it check this right for application A or application B (or both ?) I have tried to run an application from Terminal. My terminal is authorized to access to Documents folder. And i am surprised because TCC did not asked me to allow the application itself. It seems TCC is looking for parent process rights. Can you confirm ? Thanks

Hello, I am setting up a Linux virtual machine with Virtualization framework. It works fine. Here is how i am creating a network interface: let network_device = VZVirtioNetworkDeviceConfiguration() network_device.attachment = VZNATNetworkDeviceAttachment() vm_config.networkDevices = [network_device] As you can see, this is a NAT network. I would like to know the IP address assigned to this interface. macOS emulates a DHCP server and i would like to know the IP in my Xcode program. How can i do that ? Thanks

Hello, I am trying to create a dmg file by launching hdiutil through my swift program. This swift program is sandboxed. Here is what i've done: let hdd_file:String = NSHomeDirectory() + "hdd.dmg.sparseimage" let process = Process() process.launchPath = "/usr/bin/hdiutil" process.arguments = ["create", "-size", "30g", "-fs", "'APFS'", "-volname", "myvolume", "-type", "SPARSE", hdd_file] let pipe = Pipe() process.standardOutput = pipe process.launch() let data = try pipe.fileHandleForReading.readToEnd() print(data) I get this error: hdiutil: create failed - Device not configured I don't understand why i get this error because the dmg file is created in application's sandbox home directory. Or maybe hdiutil is forbidden but i am just creating a dmg file. I am not trying to mount a device. Do you have any idea of how i can create a dmg file from my sandboxed application ? Thanks

Hello, I am trying to download a macOS image with the swift code bellow. I would like to update a NSProgressIndicator component to show download progress. The closure is run on a background thread so i need to do something to force execution on main thread. This is what i am trying to do with DispatchQueue.main.async but it does not work. I have also tried with DispatchQueue.global().async (and both). I have a runtime error saying i can't update UI from background thread. I don't understand why DispatchQueue.main.async does not force execution on main thread. Do you have any idea ? Thanks @IBOutlet weak var progression: NSProgressIndicator! ... func method1() { let downloadTask = URLSession.shared.downloadTask(with: restoreImage.url) { localURL, response, error in ... downloadObserver = downloadTask.progress.observe(\.fractionCompleted, options: [.initial, .new]) { (progress, change) in DispatchQueue.global().async { DispatchQueue.main.async { self.progression.doubleValue = (change.newValue! * 100) // Execution error on this line } } ... }

Hello, I am downloading macOS restore image with VZMacOSRestoreImage, in order to deploy virtual machines. I have just upgraded my host mac to last Sonoma version. So, macOS restore image has just been downloaded on my computer during upgrade procedure. Is there a way to avoid a second download and ask VZMacOSRestoreImage to fetch my last local macOS image ? I think this image is still stored somewhere on my computer... Thanks

Hello I have looked at Virtualization framework samples source code provided by Apple. There is something strange: For a linux guest OS, i can see a variable store: let variableStore = try VZEFIVariableStore(creatingVariableStoreAt: xxxx) ... let bootloader = VZEFIBootLoader() ... bootloader.variableStore = variableStore It seems this variable store is linked with NVRAM. For a macOS guest OS, there is no variable store. (The bootloader is created with VZMacOSBootLoader) My question is why macOS guest doesn't need variable store ? Thanks

Hello, I am working with Virtualization framework in an Xcode swift project. I have also installed Parallels Desktop on my mac (Apple Silicon). I would like to convert a Parallels Desktop hard drive (hds file) to an image compatible with my Virtualization framework project. My goal is to run my Parallels Desktop virtual machine in my Xcode project. Is there a way to do that ? Thanks

I would like to develop a macOS application in Swift. This application will consist of 2 programs: a main program to be run by the user (standard account) and another one that will run with root privileges. The second program will only be invoked to perform privileged tasks. Running the main program under root permanently would be too risky. XPC will be used to trigger calls from the main program to the privileged program. How can I secure the privileged program to ensure that the calling program is indeed my main program and not another unauthorized program?

Hello, I don't understand what is /System/Applications/ folder (macOS Sonoma). It is not an (hard)link to /Applications/. /Applications/ is not a (hard)link to /System/Applications/ Can anyone explain me what is /System/Applications/ ? Isn't it redundant to /Applications/ ? Thanks

Hello, I've come across information regarding macOS endpoint protection software: It seems Apple no longer allows them to create kernel extensions. It seems that endpoint software should now function with MACF by implementing hooks from userland. Does this mean the Endpoint Security Framework will soon become deprecated? I'm currently searching for a sample source code for MACF hooks, but I haven't found anything in the Apple developer documentation. Thanks

Hello, I am trying to simulate a keystroke inside a macOS application. Here is what i've done: let src = CGEventSource(stateID: CGEventSourceStateID.hidSystemState) let cmd_down = CGEvent(keyboardEventSource: src, virtualKey: 0x38, keyDown: true) let cmd_up = CGEvent(keyboardEventSource: src, virtualKey: 0x38, keyDown: false) cmd_down?.post(tap: .cghidEventTap) cmd_up?.post(tap: .cghidEventTap) macOS is asking me to allow my application on TCC accessibility. This is a global privilege and needs admin rights. And i want to avoid that. Is there an alternative to simulate a key stroke inside my application ? Thanks

Hello, I am writing a Desktop application for macOS with XCode. This application will be available on app store. So, i have to put sandbox entitlement. So, this application won't be able to access Desktop folder. It will be jailed into a specific directory to store datas. I have installed a macOS application from appstore. When I launched this application, I got a TCC prompt, asking me to allow this application to access Desktop (or Downloads I don't remember). How can this be possible ? I have tried to write a sandboxed application which tries to access to Desktop folder. I didn't get any TCC prompt: My access was rejected. How can I ask to access Desktop folder from I sandboxed application ? Thanks a lot

Hello, I have tried to create a VZVirtualMachine macOS virtual machine on an Apple Silicon Mac. I have installed Docker Desktop inside this virtual machine. Docker is not working: I get this error message: "Hyopervisor check failed". Is there a way to run Docker inside a VZVirtualMachine ? Thanks a lot

Hello, It is possible to restrict Documents folder access with TCC. But when an applications shows a standard "file open" dialog, it is possible to access this directory to open a file. macOS allows file access in this case because it is an intentional action from user. So i suppose there is a kind of whitelist for all files path opened through "file open" dialog. I would like to know how i can access this whitelist and how i can remove entries. Thanks

Hello, I am trying to enumerate all ways on macOS for launching an application when a user opens a session. Please note i am not looking for a way which requires root or sudo privileges. I have found this: ~/Library/LaunchAgents/ Login Items (in macOS System Settings) But are there others ? Thanks