I have a code signed HAL plugin driver. What is the appropriate way to check authenticity of my driver to ensure nothing in my resource folder has been modified?
I'm currently trying the SecStaticCodeCreateWithPath approach from Security framework that I use on my other projects. similar to this link
However, I'm getting tons of error messages in my console:
kernel[0]: Sandbox: coreaudiod(64363) deny(1) file-read-metadata /Library/Audio
and SecStaticCodeCreateWithPath function would return
errSecCSStaticCodeNotFound = -67068, /* cannot find code object on disk */
It seems like a sandboxing restriction to me. I've also tried the entitlement
com.apple.security.temporary-exception.files.absolute-path.read-only
/Library/Audio/Plug-Ins/HAL/
with no luck.
I simply want to verify the code signing information within my codes.
Any suggestion would be nice.
Thanks.
Related
I cannot sign in with Sandbox tester ID (the fields are not even displayed in Settings-App Store).
I am running Xcode 14.2 and attempting to test on a developer-signed physical device (iOS 16.1.2). Following the steps in Apple documentation ("Setting up StoreKit Testing in Xcode"), I have been able to run tests using using local StoreKit configuration file. All works well. I next wanted to try to use Sandbox Testing. Following the same documentation,
I set up a Sandbox Tester in Apple Store Connect.
I saved a Public Certificate from the storekit configuration file in
the project.
I removed the local StoreKit configuration file from the scheme’s run
options (by setting to "none").
I added the following conditional compilation block to my store
manager:
#if DEBUG
let certificate = "StoreKitTestCertificate"
#else
let certificate = "AppleIncRootCertificate"
#endif
It is my understanding that an option to sign in with the SandBox ID should appear in device's App Store Settings after the first time I attempt to make a purchase when running on the device physically connected to my Mac.
This is not happening. Am I missing a step? One possible mistake I made was placing the (above) conditional compilation block in the wrong place. Can someone recommend the best place for this? The documentation says to paste it in with my receipt validation code. Another suspected oversight might be something else I need to do in Apple Store Connect. Not sure. Any help appreciated!
Addendum - I get this message in the console:
Error enumerating unfinished transactions for first transaction
listener: Error Domain=ASDErrorDomain Code=509 "No active account"
UserInfo={storefront-country-code=USA,
client-environment-type=Sandbox, AMSServerErrorCode=0,
NSLocalizedDescription=No active account}
I have a webapp in production that interacts with Google Drive through Google Drive API.
I need to change some settings in Drive interaction but I can't save.
When I save the Drive UI integration page, I receive this error:
There's a problem at our end.
Please try again. If the problem persists, please let us know using
the "Send feedback" link below. Thanks!
(spying Network console: there is an Internal Server Error in a POST call)
I tried to send feedback for months: nobody answers and the bug is still there.
I tried also to create another project: I can save the first time but then the bug returns.
How can I do? Has someone the same problem?
Is there a way to receive a reply from Google? Is there some workaround?
Thank you.
i think that problem must be Client ID
before adding Client ID, go to the Credentials -> OAuth 2.0 Client IDs
then select edit your Client ID. after that your production site url add to Authorized JavaScript origins and Authorized redirect URIs.
then enter your Client ID in Drive UI integration page
For myself trying to get the Drive UI configured I noticed a couple of errors (that don't have any specific error messages)
When adding in an Open URL it has to be a valid domain, so for instance I tried to test it out with local host, to no avail. However something like https://devbox.app.com worked, but something like https://localhost:8888 does not. Even though https://localhost is a valid javascript origin in the client_id configuration (at least for the app I am working on, not sure about other apps), localhost doesn't work as an open URL.
When adding in the mimeTypes it needs to be in the format */* and can include custom mimeTypes like application/custom+xml and application/custom-name+json not sure for other custom types that are not in a particular format like xml or json. Also not sure about wildcards.
When adding in file extensions do not add in the '.' just the name of the file extension.
The app icon I found only failed to upload the image when the image wasn't the exact dimensions, I actually ended up editing some icons in photoshop to change the pixel x pixel values as a quick work around during dev.
That worked for me to get it to save and I tested it with a file that had a custom mimeType (application/custom-name+xml specifically) and custom file extension!
I have written a Firefox Extension using Web Extension APIs. It has passed the Preliminary review but the reviewer said that he cannot proceed with the full review cause when he installs it, he gets the following error -
"Unable to parse JSON data for extension storage"
Upon inspecting for quite sometime, I figured that Firefox creates a file called "storage.js" in the profile folder for each extension where it writes and reads from, all the local storage data for that particular extension. And if the extension tries to write to this file before this file is created, the error "Unable to write JSON data to extension storage" is thrown and if the extension code tries to read from this file before this file is created, the error "Unable to parse JSON data for extension storage" is thrown.
Now, my concern is how do I know for sure that the file has been created and that it can be written to or read from?
PS : This happens when the extension is just installed. For consequent sessions, this error wont come as that file is no longer missing.
This seems to be a bug in the current Firefox implementation, and your assessment is spot on:
The underlying ExtStorage module will always call read before get, set etc. even write and clear.
read will unconditionally try to access the underlying, extension specific storage file, that may not exist yet for freshly installed add-ons using the storage API for the first time.
This will therefore result in the logging of one such Unable to parse JSON data for extension storage message, no matter what you do with the storage API.
Therefore triggering the message cannot be avoided.
I suggest you do the following:
Contact the editors team, requesting they re-evaluate your add-on based on:
The message in question is really only a warning (when appearing after first access of the storage API by your addon).
Even when the message would be an actual error (the storage is corrupt), it would still not be your error, as the storage API implementation by mozilla needs to be more resilient then and there is nothing you can do anyway.
The message being issued on first regular use of the storage API, unrelated to what WebExtensions add-on uses that API and in what way, is a mozilla bug, and not something you caused or can fix yourself or at least work around.
Therefore denying a full review just because a mozilla bug erroneously logs a spurious message once without any other severe effects is... questionable.
File a bug about this so mozilla developers can address this issue. You'll wanna CC at least Bill McCloskey (:billm) since he wrote that code ;)
I have problem with launching Google-Cast application similar to sample CastHelloText-chrome. I slightly modified example code for my specific purposes. The goal for creating this application is to send and show image data directly in Chromecast device.
Particularly the difference between official sample and my code is in message format and its content, sent by sender application. Sender application took png image coded by base64 and send through message bus with custom namespace. Receiver application get this message and use this as data source for html object <img>.
Error appears when I do this steps:
Reload sender page, checking console if any device found.
Send the form by just pushing enter on input box (text is ignored).
Now a popup from Chromecast extension shows. Next there are two scenarios:
3a) I confirm casting to device by choosing one from the list, then I get this error message in console:
onError: {"code":"channel_error","description":"Error: Timeout","details":null}
3b) I just click somewhere else, I get this error:
onError: {"code":"cancel","description":"User closed popup menu","details":null}
Both of errors are caused by calling function chrome.cast.requestSession in chromehellotext.html at line 161, but what's really wrong I don't know.
When I step sender script I realize that function sessionListener is never called. I know that something go wrong when code try to call chrome.cast.requestSession, where described error raises. So I need help if I missed about right way to use Google-Cast API or If this problem has something to do with networking issues.
Receiver application is registered on Google Cast SDK Developer Console and I'm testing on registered device with some serial number. I'm using Google Chrome in version 42.0.2300.2 canary (64-bit) and Chrome version 40.0.2214.111 (current stable I suppose). For testing I also tried to turn off Windows Firewall entirely but with no luck.
Edit:
There were some syntactic errors that caused error message described above.
It seems like you are trying to use the data/control channel to send an image; please don't do that; that channel is not meant to be used for large data communications; in fact it cannot send anything which approaches or exceeds 64k. If your goal is to send images from your local machine, you would need to run a local web server on your local machine and serve images through the web server.
For and easiest tutorial you can have a look to this tutorial.
It is well explained in this tutorial.
Chromecast Sender application
There is no need to maintain session by yourself.
just add button and enjoy casting
mCastManager.addMediaRouterButton(mediaRoutebtn);
I found a source of my problem. There was something wrong in receiver code - syntactic and runtime errors, so I must admit that my code wasn't functional. Now its working in terms of launching application and getting session.
Unfortunate thing is that the error message generated by Chromecast extension didn't match the actual error - at least it was a bit confusing when I didn't know what's really happening on receiver side without ability to debug the code.
I'm new to using IOKit and have noticed what I think is the sandbox making it fail.
Here is the test I'm trying (in Pascal) which runs fine outside the sandbox but when I enable it IOServiceOpen returns the error kIOReturnNotPermitted every time.
Is IOKit not safe in the sandbox for certain services? I was trying to get some fan speeds/cpu temperatures and I see there are some apps in the AppStore (sandboxed) doing this so I believe it's possible. The only one I could confirm appears to have an XPC service bundled with the app as a helper so maybe that's a clue to make IOKit work? I tried basically all the entitlements and none of them seemed to help any.
Thanks for any ideas you may have.
procedure TestIOKit;
var
err: kern_return_t;
masterPort: mach_port_t;
iterator: io_iterator_t;
device: io_object_t;
matchingDictionary: CFMutableDictionaryRef;
conn: io_connect_t;
begin
IOMasterPort(0, masterPort);
matchingDictionary := IOServiceMatching('AppleSMC');
err := IOServiceGetMatchingServices(masterPort, matchingDictionary, iterator);
if err <> kIOReturnSuccess then
writeln('IOServiceGetMatchingServices: ', err);
device := IOIteratorNext(iterator);
IOObjectRelease(iterator);
if device = 0 then
writeln('no smc found');
err := IOServiceOpen(device, mach_task_self_, 0, conn);
if err <> kIOReturnSuccess then
writeln('IOServiceOpen: ', err);
end;
I found the same problem trying to read SMC keys in order get sensor temps and fan speeds from inside an OSX Yosemite 'Today extension'. The extension needs to be sandboxed, and I was also getting the kIOReturnNotPermitted error every time I tried to read the temp and fan sensors.
The only way I got it working was by creating a XPC service that manages all the SMC stuff, configured as a launch agent. This way, the sandboxed app (the 'today' extension) asks the XPC service for all the relevant data, instead of messing with IOKit directly.
So far, it seems to be working properly.
You don't need an XPC (not sure I understand that answer given it would also need to be sandboxed).
You can use this temporary entitlement although I don't hold any hope of apple approving it for MAS - you'd need to make your case to try and justify its use in iTunes connect. I have a similar problem and it's the only "solution" i've found so far:
com.apple.security.temporary-exception.sbpl string (allow iokit-open)
I don't see the answer from Luis Glez provide a solution but wrong information.
In fact there is currently no way to access this I/O Kit functionality from a sandboxed app neither would it be approved by Apple for the App Store.
If you check sandbox status of the app from from Luis Glez you will see that it's not sandboxed at all. Also it's not available at the App Store and I assume this is the reason.
Terminal:
codesign --display --entitlements - VitalStats.app
There was a recent discussion on the Developer Forums and someone from Apple confirmed that there is no way.
https://devforums.apple.com/message/1082393#1082393
The solution is very simple. You need to add a few lines in the file entitlements
<key>com.apple.security.temporary-exception.sbpl</key>
<array>
<string>(allow iokit-open)</string>
<string>(allow iokit-set-properties (iokit-property "ConsoleUID"))</string>
<string>(allow mach-lookup (global-name "com.apple.AssetCacheLocatorService"))</string>
</array>
My app was just rejected for using IOKit in general. Does anyone else have the same problem? The app was approved for 60 earlier builds, but all of the sudden, Apple seems to have a problem with that now. I use IOKit to read battery information like current voltage etc.
Rejected because of 1.1.6 - Safety.
Thank you for your submission. During our review, we found that your app is not appropriate for the App Store.
We encourage you to review your app concept and evaluate whether you
can incorporate different content and features to bring it into
compliance with the App Store Review Guidelines.
For those who may still look for answer, in Catalina, the problem might be that the app first needs to get the Input Monitoring permission, if it's not granted or denied - You would certainly get kIOReturnNotPermitted error.
To try if this is the case, go to System Settings, Privacy, select Input Monitoring and check if Your app is allowed.
After granting the permission the error should disappear