I'm beating my head against Apple here and it hurts. We made the request for Endpoint Security, and got it granted. However, it was only for development (and as we're looking to do non-app store distribution, I explicitly asked for one to go with our Developer ID Application certificate). At this point, I have used a TSI (thanks Quinn!) and possibly upset an internal contact by asking what I'm supposed to do, and gotten nowhere. At this point, I am sending an email message to the endpoint-review address every week, and I have gotten no responses at all. Has anyone successfully gotten this? If so... how? (No, let me amend that: I know some have, since I've seen it in the wild. I just have no idea what I'm supposed to do!)

Unless I'm missing something (always possible)... there is no way to tell if you get a valid proxy back -- the error handler is asynchronous, and I don't see a way to say "this proxy is valid." Am I missing something?

I've got a system extension. There's a daemon that talks to it. Because I want the sysex to be able to reach out on its own, the daemon talks to the sysex over XPC, and passes over an anonymous endpoint, so that either side can initiate a message. This all works pretty well, and I'm happy with it. But the design, as is, means that if the sysex goes away for some reason, the daemon can't ever talk to it again. This shouldn't be too difficult a problem to fix -- I can tell when the XPC connections are invalidated, I just have to wait for the sysex to come back up. I am using notify(3) for this, and this does work. And this is the part that is frustrating, and I obviously think should even be impossible: after starting back up, sending a notification, and getting the anonymous endpoint from the daemon, and setting the connection to an NSXPCConnection, the connection ... gets set to nil. The problem is that since I've written this in Swift, I put an observer on the endpoint and log whenever it changes. And in the log, I see "changing it from nil to ", and then a log message saying "connection is non-nil, as it should be" and then... later it says the connection is nil. Without a "changing it from to nil". I am very, very frustrated.

I was trying to figure out how to monitor keychain events, and wrote:         dispatch_async(dispatch_get_main_queue(), ^{             OSStatus kr = SecKeychainAddCallback(MyKeychainEventCallback, kSecEveryEventMask, NULL);             printf("Got result %d\n", kr);         });         dispatch_main(); However, the callback never gets called. I put the same code into a simple GUI app (invoked from the didFinishLaunching method), and it does work. So presumably this is something run-loop related. But I can't seem to figure it out -- so what am I doing wrong?

We have a network extension. It is bundled in an app, that is launched as a launch agent for each user. When doing the install, the installer bootstraps the agent for each currently-logged-in console user. When the agent runs, it checks to see if it is the current active console user, and if so, goes through the process of activating the extension. This part works fine. But... if the installation is done while two users [haven't tried more than 2, sorry] are simultaneously logged in, SysPrefs gets launched for both users. Is this expected behaviour?

Yes, actual process ID: on upgrades, our network extension sometimes decides to become completely incommunicado as far as XPC is concerned -- any attempt to send an XPC message to it results in "couldn't communicate with a helper application" or similar. The only workaround I've been able to come up with is unloading and reloading the extension. It was suggested that I try killing it. Which, great, but... how would I get it's pid? I do not at all feel comfortable launching pkill; I could get all the processes on the system and look for the name. But is there a way for the wrapping process to be able to get the pid?

I couldn't find anything too recent, but everything seems to say that no, asl_search-like APIs are non-existent for os_log. And the source code for log isn't available so I can't see how it does it...

This seems to show that a bunch of memory being allocated in... mach_vm_deallocate. That doesn't seem likely, so I have to assume I'm misreading the output? (This is on macOS.)

Is it actually usable as a fireawall in macOS? I tried (as an example) adding a rule to block port 80, and it did not seem to work. But, that's all I tried -- just added a line to /etc/pf.conf

I looked at other posts with this problem and didn't find anything that worked. I used Keychain Access and Certificate Assistant to create a CSR; I uploaded that on the portal. Downloaded the certificate, and I get that error whenever I try to import it. I can import it into the System one, but then it's untrusted, and I still can't export it as a p12 file. This is one of the few times I did everything by reading the documentation as I did it, so I'm very confused.

I got tried of the compiler telling me that .onChange(of:) was deprecated, so I thought, find, I'll simply stub it out for the older versions. Only... I can't seem to do that? I can use @available(macOS 14, *) to build for that and later, but is there any way to do the opposite? (I'd hoped there was a #if available support, but there isn't.)

If there's another version of our app on the volume, it'll relocate the installed one there. This is particularly delightful, since nothing will work if it's not in /Applications. We use pkgbuild and productbuild to create the .pkg file.

Is there a way to find out when the set of keychains changes? ie, when a keychain is added or removed? I searched here and grepped through the headers in Security.framework but nothing leaped out at me -- which could just mean I missed something, as happens frequently. (This is on macOS.)

Looking at the path name for reasons, and ran into a thing: one of my coworkers was not getting /Applications/Safari.app as expected, but instead got /System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app. Which is annoying because I'm actually using spotlight to find the paths for applications, and that one doesn't show up. Has anyone run into this? And know why? (I figure I'll simply remove the prefix if it's there, and that should be fine, but I'm curious why it only seems to happen sometimes.)

I have this code in a network extension: private func pathForToken(token: audit_token_t) -> String? { var tokenCopy = token let bufferSize = UInt32(4096) let bytes = UnsafeMutablePointer<UInt8>.allocate(capacity: Int(bufferSize)) let length = proc_pidpath_audittoken(&tokenCopy, bytes, bufferSize) if length != 0 { return String(cString: bytes).lowercased() } return nil } bytes appears to be leaked -- the call stack is pathForToken(token:) to specialized static UnsafeMutablePointer.allocate(capacity:) Do I need to do something to ensure bytes is released, since it doesn't seem to be happening on its own?