What does this sandboxing message "deny mach-lookup" mean? - macos

My app did not work properly on a customer machine. Here is a line from console messages:
sandboxd: ([14252]) aText(14252) deny mach-lookup com.apple.familycontrols
What does this mean ?

It means just what it says: Your app (or some code injected into your app or running in a child process) is trying to do lookup a Mach service named com.apple.familycontrols, probably at global scope, and you don't have an entitlement to do so, and therefore it's being denied.
If you need this to work, you need to add a temporary-exception entitlement com.apple.security.temporary-exception.mach-lookup.global-name = [com.apple.familycontrols]. But you'll have to figure out why you need this exception, and file a bug with Apple asking them to provide a better way to do the same thing.
If you don't need this to work, you need to figure out why your code is trying to look up this service and stop doing whatever is causing it. (If it's not your code, but code injected into your app via SIMBL or something, then it's your user's problem, and he has to not use whatever plugin is at fault.)

Related

Send file URL and args to (running) macOS app via command line

I've been trying to create a way to tell my (running) macOS app to open some files and supply some additional arguments to the command.
For cold-start apps, using the
$ open MyApp.app fileA.txt --args --foo-arg
would launch the app and I would be able to inspect the --foo-arg via UserDefaults/CommandLine/ProcessInfo. However, if the app is already running, the --foo-arg is missing from UserDefaults/ProcessInfo‌/CommandLine.
I've been struggling to wrap my head around a solution here because I have a few requirements which make things a tad more difficult.
Requirements
File paths sent to app must be opened/saved with sandbox permissions
Arguments and file paths must be intercepted by app at the same time.
Potential Solutions
XPC
Some people have suggested I use XPC but after reading about it, I'm not sure how that solution might look?
Do I have to create a Launch Agent app-companion which is always running so that it can detect command line operations and pass it to my app?
How does this work with sandboxing because each process has their own permission entitlements?
Apple Script
Should I use Apple script to tell my app to open these files with arguments, thus getting around the sandboxing feature?
When opening files via AppleScript, can I save those files swell?
URL Scheme
I can register my app to have its own URL scheme but the way NSApplicationDelegate handles the incoming URLs comes in two batches. First, the URLs it can open, followed by the URL schemes or the file paths it can't open. ie:
open -a MyApp.app myapp:foo; open -a MyApp.app file.txt
I can probably make this work but it's a tad tacky and I really want to do this the right way.
A command-line tool which ingests its arguments and turns them in to Apple Events is the way to go. You can see how this works from the user's point of view by installing the BBEdit command-line tools and then running man bbedit or man bbdiff in a Terminal window.
From your command-line tool's point of view, the "interesting" parts are:
Figure out whether the application is running: +[NSRunningApplication runningApplicationsWithBundleIdentifier:] will help with that.
If the application is not running, then use -[NSWorkspaceURLForApplicationWithBundleIdentifier:] to first locate the application by bundle ID, then -[NSWorkspace launchApplicationAtURL:options:configuration:error:] to launch the application. This will return an NSRunningApplication instance, or NIL and an error. (Make sure to handle the error case.)
Using the NSRunningApplication instance obtained from either step 1 or step 2, you can now use either the NSAppleEventDescriptor APIs or the low-level AppleEvent C APIs to construct an event. (The higher-level API is probably easier to use.)
That would go something like this:
Construct a target descriptor using the processIdentifier from your running application:
targetDesc = [NSAppleEventDescriptor descriptorWithProcessIdentifier: myRunningApplication.processIdentifier;
Construct an "open documents" event, addressed to your target application:
event = [NSAppleEventDescriptor appleEventWithEventClass: kCoreEventClass eventID: kAEOpenDocuments targetDescriptor: targetDesc returnID: kAutoGenerateReturnID transactionID: kAnyTransactionID];
Note: I use kCoreEventClass/kAEOpenDocuments as an example - if you're trying to open one or more files with additional information, that's fine. If you're doing some other work, then you should invent a four-character code for an event class which is specific to your application, and a four-character event ID which is unique to the operation you're requesting.
Add the command arguments to the event. For each argument, this consists of creating an appropriate descriptor based on the argument's intrinsic type (boolean, int, string, file URL), and then adding it to the event using a keyword parameter.
(An Apple Event "keyword" is a four-character code. You can invent your own, with constraints (don't use all-lowercase, and you can use ones defined in AEDataModel.h or AERegistry.h where they fit with your needs).
For each descriptor you create, add it to the event using -[setParamDescriptor: forKeyword:]:
myURLParamDesc = [NSAppleEventDescriptor descriptorWithFileURL: myFileURL];
[event setParamDescriptor: myURLParamDesc forKey: kMyFileParamKeyword];
When you've added all of the parameters to the event, send it:
[event sendWithOptions: kAENoReply timeout: FLOAT_MAX error: &error];
On the application side, you'll need to use -[NSAppleEventManager setEventHandler: andSelector: forEventClass: andID:]. This will get called for your custom event class and ID that you invented above, at which point you can use the descriptor APIs to pull the event apart and run your operation.
Sandboxing takes care of itself: your application automatically gets a sandboxing extension for files that it's been passed via Apple Events.
Your command-line tool is not sandboxed -- it can't be, because it's run from Terminal and (potentially) other nonsandboxed apps.
However, the tool must be signed with the hardened runtime, and with com.apple.security.automation.apple-events = YES and a com.apple.security.temporary-exception.apple-events naming your application's bundle identifier, so that the tool can send Apple Events to your application.
(And the tool will need an Info.plist with an NSAppleEventsUsageDescription string.)
I've left a fair amount as an exercise for the reader; but hopefully this will get you started.

How can I know what entitlement items should be added for Mac sandbox app?

In Apple's document about App Sandbox, I found something about Temporary Exception, and the value of Global Mach Service Temporary Exception is an array, but I do know what items can this array contains.
Actually, I hope there is place where I can check what entitlement items should be added for a specific function in sandbox app. For example, for a certain function, maybe I should add some com.apple.security.temporary-exception.mach-lookup.global-name and com.apple.security.temporary-exception.files.absolute-path.read-write, but the problem is what they are.
For now, when the function is unable to work in sandbox, I can find error message in system log, but still do not know what entitlements are needed.
documentation of sandbox is pretty inconsistent. what it suggests is to just use whatever you want to do, run the app and check console to see which functions fail. https://developer.apple.com/library/mac/documentation/Security/Conceptual/AppSandboxDesignGuide/DesigningYourSandbox/DesigningYourSandbox.html#//apple_ref/doc/uid/TP40011183-CH4-SW1
EDIT: if you're using temporary exceptions you'll need to add them in iTunes connect and explain each one in detail.

can you load external executable javascript from a firefox extension?

Does anyone know if there is a way to load any external executable javascript from a firefox add-on extension? I looked into scriptloader.loadSubScript, but it appears that it can only load from a local resource.
Any help would be appreciated.
You can always xhr for a file, save the contents to disk, then use scriptloader.loadSubScript with an add-on
this would violate the AMO policies though, so you wouldn't be able to upload the add-on to http://addons.mozilla.org
As #erikvold already pointed out, doing so would be a security hazard AND it also violates AMO rules (because it is a security hazard).
Consider your server gets compromised, or there is a way to MITM the connection retrieving the remote script (TLS bugs anyone :p), or you sell your domain and the new owner decides to ship a script to collect credit card information straight from a user's hard disk...
However, it is possible to run a remote script in an unprivileged environment, much like it would run in a website.
Create a Sandbox. The Sandbox should be unprivileged, e.g. pass an URL in your domain into the constructor.
Retrieve your script, e.g. with XHR.
Evaluate your script in the Sandbox and pull out any data it might have generated for you.
This is essentially what tools like Greasemonkey (executing user scripts) do.
Creating and working with Sandboxes in a secure fashion is hard, and the Sandbox being unprivileged prohibits a lot of use cases, but maybe it will work for your stuff.
Try using Components.utils.import .
Example :
const {Cc,Ci,Cu} = require("chrome");
Cu.import("url/path of the file");
Note :
js file which uses DOM objects like window, navigator, etc. will return error saying "window/navigator is undefined". This is simply because the main.js code does not have access to DOM.
Refer this thread for more information.

Application that simulates copy/paste doesn't work after being sandboxed. How to get it working?

I am building an application that simulates user input (command+c and command+v). Before sandboxing it, everything worked fine, but now I am getting these errors from the console:
Firstly, when I fire it up:
5/27/13 1:35:11.980 AM appleeventsd[54]: A sandboxed application with pid 5343, "CopyBoard" checked in with appleeventsd, but its code signature could not be validated ( either because it was corrupt, or could not be read by appleeventsd ) and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Error=ERROR: #100013 { "NSDescription"="SecCodeCopyGuestWithAttributes() returned 100013, -." } (handleMessage()/appleEventsD.cp #1755) com.apple.coreservices.appleevents.peer.0x7fa9b0411260.xpcq
Then, when I try to simulate command+c, I get:
5/27/13 1:52:22.980 AM WindowServer[85]: post_filtered_event_tap_data: Sender is prohibited from synthesizing events
5/27/13 1:52:23.000 AM kernel[0]: Sandbox: sandboxd(6515) deny mach-lookup com.apple.coresymbolicationd
5/27/13 1:52:24.252 AM sandboxd[6515]: ([5343]) CopyBoard(5343) deny hid-control
I'm looking for a solution that would allow me to copy and paste globally in a sandboxed environment. Is it possible that the Accessibility API is a good answer? Has my problem got anything to do with how I'm simulating user input? I'm very confused, thank you very much for helping.
The sandbox is designed to prevent exactly what you seem to be trying - allowing an application to simulate a user is defined as a security issue. If you have a narrow requirement which can be done safely you can submit it to Apple thorough bug reporter as an needed improvement to the sandbox.
The Accessibility API is not supported in general for this reason - no playing with other apps! This did not go down so well with all the developers which used it...
You can use AppleEvents in limited constrained circumstances and with the appropriate entitlements.
You'll probably need to go to developer.apple.com and read all the documents/view videos/etc you can find to see if what you wish is going to be possible.
The only point of hope I can offer you is that the sandbox is a moving target, so you may find you can do more than the above suggests. Go read. Good luck.

Blackberry setting permission to inject events (esc button to jump back to app)

I am taking photo by invoking the camera, and as many have explained I get back to the app using...
EventInjector.KeyEvent inject = new EventInjector.KeyEvent(EventInjector.KeyEvent.KEY_DOWN, Characters.ESCAPE, 0);
inject.post();
inject.post();
... in a FileSystemJournalListener.
This works on the simulator but does not on my device (Bold 9900). How do I set the permission for the app programatically so that this will work on a device without the user having to set permissions manually?
Cheers
You have to test for the permissions you have, then request the ones you don't have but need. Here's a hint. Don't be a shmuck like so many other app developers. Ask for permissions on first run and take what you're given. If you aren't given a permission that you need inform the user that you can't run without that permission, and give them the option of going through your permission dialog again. If you don't get a permission which is not critical, and InputSimulation is far to dangerous a permission IMHO to be considered critical to put the camera away, run but inform the user (at the appropriate time) that s/he has to do some manual stuff. Like put the camera away after taking a picture.
The classes you will need to use are ApplicationPermission, ApplicationPermissionManager and ReasonProvider.

Resources