All geek questions in one place

IOKit not allowed in Sandbox?

I am new to using IOKit and noticed that I think this is a sandbox, due to which it fails.

Here is the test I'm trying (in Pascal) that works fine outside of the sandbox, but when I turn it on, IOServiceOpen returns a kIORturnNotPermitted error every time.

Is IOKit safe in the sandbox for certain services? I tried to get some fan speeds / CPU temperatures, and I see that there are applications in the AppStore (sandbox), so I think this is possible. The only thing I could confirm seems to be the XPC service associated with the application as an assistant, so maybe the key to IOKit? I tried basically all the rights, and none of them seemed to help.

Thanks for any ideas you may have.

procedure TestIOKit;
var
    err: kern_return_t;
    masterPort: mach_port_t;
    iterator: io_iterator_t;
    device: io_object_t;
    matchingDictionary: CFMutableDictionaryRef;
    conn: io_connect_t;
begin
    IOMasterPort(0, masterPort);
    matchingDictionary := IOServiceMatching('AppleSMC');
    err := IOServiceGetMatchingServices(masterPort, matchingDictionary, iterator);
    if err <> kIOReturnSuccess then
        writeln('IOServiceGetMatchingServices: ', err);

    device := IOIteratorNext(iterator);
    IOObjectRelease(iterator);
  if device = 0 then
        writeln('no smc found');

    err := IOServiceOpen(device, mach_task_self_, 0, conn);
  if err <> kIOReturnSuccess then
        writeln('IOServiceOpen: ', err);
end;
+4
source share
4 answers

I found the same problem while trying to read SMC keys to get the sensor rates and fan speeds from within the OSX Yosemite 'Today extension'. The extension must be isolated, and I also got a kIOReturnNotPermited error every time I tried to read temperature and fan sensors.

The only way I worked with was to create an XPC service that manages all the SMC stuff configured as a launch agent. Thus, an isolated application (today's extension) requests the XPC service for all relevant data, rather than interacting directly with IOKit.

.

+5

XPC ( , , ).

, , Apple MAS - , iTunes connect. , "", :

com.apple.security.temporary-exception.sbpl string (allow iokit-open)
+2

.

<key>com.apple.security.temporary-exception.sbpl</key>
<array>
    <string>(allow iokit-open)</string>
    <string>(allow iokit-set-properties (iokit-property "ConsoleUID"))</string>
    <string>(allow mach-lookup (global-name "com.apple.AssetCacheLocatorService"))</string>
</array>

Screenshot

+1

, .

I/O , Apple App Store. Luis Glez, , . App Store, , .

:

codesign --display --entitlements - VitalStats.app

, - Apple , .

https://devforums.apple.com/message/1082393#1082393

0
source

Source: https://habr.com/ru/post/1537703/

More articles:


All Articles