How do I blacklist certain applications in OSX programmatically? - objective-c

I am trying to develop some software similar to selfcontrol (it blacklists certain websites for a certain amount of time). However, I want to be able to do this with applications on OSX (for example, a person would have to answer some math questions before accessing the MineCraft App).
Is there some sort of parental control API in the OSX SDK? I'm familiar with some kernel development, but I'm just looking for a starting point of where to look.

System preferences does include parental control options. Search for com.apple.familycontrols to find options for how you can interact with the available settings.

I don't believe there's any high level API that allows you to do this.
However, as you state you're familiar with Kernel development, that's the way to go and indeed it's how the parental controls work; with a kernel extension (kext).
This article explains about 4 scopes of interest for authorization in the kernel. You'll need to write a kernel extension and monitor the VNode scope, which will inform your kext of all vnode access by calling a function defined in your kext. This function must then return one of either Accept, Deny or Defer. If you call Deny on access to a vNode that is making an Execute operation, then it will be blocked.
Finally, if you're going to write any kernel code, then I recommend you get a copy of this book, which includes example code based around monitoring the vnode scope.

Related

Applying Non-Standard Power Assertions & Creating Virtual HIDs

I've got a big ask here, but I am hoping someone might be able to help me. If there's another site you think this should be posted on, please let me know.
I'm the developer of the free app Amphetamine for macOS and I'm hoping to add a new feature to the app - keeping a Mac awake while in closed-display (clamshell) mode while not having a keyboard/mouse/power adapter/display connected to the Mac. I get requests to add this feature on an almost daily basis.
I've been working on a solution (and it's mostly ready) which uses a non-App Store helper app that must be download and installed separately. I could still go with that solution, but I want to explore one more option before pushing the separate app solution out to the world.
An Amphetamine user tipped me off that another app, AntiSleep can keep a Mac awake while in closed-display mode, while not meeting Apple's requirements. I've tested this claim, and it's true. After doing a bit of digging into how AntiSleep might be accomplishing this, I've come up with 2 possible theories so far (though there may be more to it):
In addition to the standard power assertion types, it looks like AntiSleep is using (a) private framework(s) to apply non-standard power assertions. The following non-standard power assertion types are active when AntiSleep is keeping a Mac awake: DenySystemSleep, UserIsActive, RequiresDisplayAudio, & InternalPreventDisplaySleep. I haven't been able to find much information on these power assertion types beyond what appears in IOPMLibPrivate.h. I'm not familiar at all with using private frameworks, but I assume I could theoretically add the IOPMLibPrivate header file to a project and then create these power assertion types. I understand that would likely result in an App Store review rejection for Amphetamine, of course. What about non-App Store apps? Would Apple notarize an app using this? Beyond that, could someone help me confirm that the only way to apply these non-standard power assertions is to use a private framework?
I suspect that AntiSleep may also be creating a virtual keyboard and mouse. Certainly, the idea of creating a virtual keyboard and mouse to get around Apple's requirement of having a keyboard and mouse connected to the Mac when using closed-display mode is an intriguing idea. After doing some searching, I found foohid. However, I ran into all kinds of errors trying to add and use the foohid files in a test project. Would someone be willing to take a look at the foohid project and help me understand whether it is theoretically possible to include this functionality in an App Store compatible app? I'm not asking for code help with that (yet). I'd just like some help determining whether it might be possible to do.
Thank you in advance for taking a look.
Would Apple notarize an app using this?
I haven't seen any issues with notarising code that uses private APIs. Currently, Apple only seems to use notarisation for scanning for inclusion of known malware.
Would someone be willing to take a look at the foohid project and help me understand whether it is theoretically possible to include this functionality in an App Store compatible app?
Taking a quick glance at the code of that project, it's clear it implements a kernel extension (kext). Those are not allowed on the App Store.
However, since macOS 10.15 Catalina, there's a new way to write HID drivers, using DriverKit. The idea is that the APIs are very similar to the kernel APIs, although I suspect it'll be a rewrite of the kext as a DriverKit driver, rather than a simple port.
DriverKit drivers are permitted to be included in App Store apps.
I don't know if a DriverKit based HID driver will solve your specific power management issue.
If you go with a DriverKit solution, this will only work on 10.15+.
I suspect that AntiSleep may also be creating a virtual keyboard and mouse.
I haven't looked at AntiSleep, but I do know that in addition to writing an outright HID driver, it's possible to generate HID events using user space APIs such as IOHIDPostEvent(). I don't know if those are allowed on the App Store, but as far as I'm aware, IOKitLib is generally fine.
It's possible you might be able to implement your virtual input device using those.

RealityKit How to create custom meshes at runtime?

RealityKit has a bunch of useful functionality like built-in multiuser synchronization over a network to support shared worlds, but I can’t seem to find much documentation regarding mesh / object creation at runtime. RealityKit has some basic mesh generation functions (box, sphere, etc.) but I’d like to create my own procedural meshes at runtime (vertices and indices), and likely regenerate them every frame immediate-mode rendering style.
Firstly, is there a way to do this, or is RealityKit too closed-in without a way to do much custom rendering?
Secondly, would there be an alternative solution that might let me use some of RealityKit’s synchronization? For example, is that part really just another library I can use with ARKit 3? What is it called? I’d like to be able to synchronize arbitrary data between users’ devices as well, so the built-in system would be helpful as well.
I can’t really test this because I don’t have any devices that can support the beta software at the moment. I am trying to learn whether I’ll be able to do what I want for my program(s) if I do get the necessary hardware, but the documentation is sparse.
Feb 2022
As of macOS 12 / iOS 15, RealityKit includes API to allow you to provide your own procedurally generated meshes, primarily through the following methods:
generate(from:)
generate(from:)
generateAsync(from:)
generateAsync(from:)
These provide means to do create the MeshResource instances - synchronously and asynchronously - either constructing the models and instances yourself, or by providing a list of MeshDescriptor that you create yourself.
The Apple documentation (as I'm writing this) is non-existent, but the APIs themselves are reasonably well documented if you look into the generated swift interfaces. Max Cobb has an article (on Medium): Getting Started with RealityKit: Procedural Geometries that goes into some description of how to use a MeshDescriptor to describe a surface mesh, and also has a swift package with some additional geometries that use this technique: RealityGeometries that's not hard to read through to see examples of using it in action.
As far as I know RealityKit can only use primitives or usdz files as models. While you can generate usdz files using ModelIO on device but that isn't feasible for your use case.
The synchronization however is built into ARKit although you have to do a little bit more work when you are not using RealityKit.
Create a MultipeerConnectivity session between the devices (that's something you need to to for RealityKit as well)
Configure your ARSession and set isCollborationEnabled which makes your session output CollaborationData in the session(_:didOutputCollaborationData:) delegate callback.
Send this data using your MultipeerConnectivity session.
When receiving data from other users integrate it into your session using update(with:)
To send arbitrary information between users you can either send them via MultipeerConnectivity independently from ARKit or use custom ARAnchors, which is the preferred option when your dealing with positional data, e.g. when a users has placed an object at a specific location.
Instead of adding objects directly (by using something like scene.rootNode.addChildNode() in SceneKit you create a special ARAnchor subclass with all the information needed to add your model and add it to your session.
Then you add the object in the rendered(_:didAdd:forAnchor:) callback. This has the benefits of better tracking around your object (because you added an anchor to the position, indicating to ARKit that it should remember the position) and that you don't need to do anything special for multiuser experiences, because ARKit calls the rendered(_:didAdd:forAnchor:) method for both manually added anchors as well as automatically added ones, for example when it receives collaboration data.

How to get the device platform on Windows 10

Since one release binary will run on pc, xbox and phones, I need a way to fetch the device type on runtime.
It is doable by checking with the ApiInformation for present types, methods etc., but I believe there should be a more reliable way.
Currently (with the preview tools released 23-Mar-2015) there isn't an easy way to do this, other than (as you mention) using the ApiInformation methods to detect implementations of things that only exist on the specific platform you're after.
It would be nice if there were some helpers to do this and if none are in the final tooling I'm sure some will be created by helpful people in the community.
However, there is a really good reason not to have this in that it encourages broad assumptions about the device.
If it was possible to say "Am I running on a phone?" then if you got the response 'Yes' then it would be easy to make assumptions about what was possible with that device but not all phones have the same capabilities.
It looks like there will be a "mobile" version of Windows 10 for both phones and small tablets. If you were able to say "am I the 'mobile' version?" then again that wouldn't potentially answer all your questions and you'd have to still check individual API availabilities as the capabilities of a cheap tablet and a high end phone could be vastly different. (The inclusion of physical buttons on the device and the ability to make phone calls are two obvious examples.)
Extending this further there are plenty of scenarios where you'd treat different platforms the same as the functionality exists on all of them. In this scenario you're code would be better of saying "Is such and such API available?", rather than saying "Am I running on desktop, Xbox or SurfaceHub?".
The IOT platform will likely further complicate this due to the range of functionality and capabilities different IOT devices will have available.
There are very few scenarios where you want to know the platform you're running on and not whether a specific API is available. Hopefully, by only exposing API availability Microsoft are encouraging developers to think about checking for what they actually need, rather than relying on broad, potentially incomplete, classifications of devices.
Just as with web development where you don't know what platform or browser you are running on, you shouldn't detect the platform and make assumptions about what capabilities that device will therefore have, you should detect if the specific capability you require is supported/enabled on the device before using it or exposing associated UI in your app.
It seems there is a new API to detect Device Family:
Windows.System.Profile.AnalyticsInfo.VersionInfo.DeviceFamily
You can find more information here: https://msdn.microsoft.com/en-us/library/windows/apps/dn705767.aspx
Updated:
https://msdn.microsoft.com/en-us/library/windows/apps/windows.system.profile.analyticsversioninfo.aspx
[Edit July 3 to replace //build-era information with current information]
Although you can try and infer the device you're on by using the ApiInformation APIs to detect APIs, this is a very bad solution since APIs can be added to devices over time. Please don't do that; your future self (or your replacement ;-) ) will thank you.
If you really do need to programmatically detect the device family that you're running on (and in most cases you don't) then you can use AnalyticsInfo.VersionInfo.DeviceFamliy. This returns a string for which there is no published standard set of values, because device families could be introduced or retired at any time.
If you want to provide different resources per device-family (strings, images, XAML files, HTML pages, etc.) then you don't need to detect the device-family in code; instead you can use an MRT qualifier DeviceFamily (such as Logo.DeviceFamily-Mobile.png). Just make sure you always have a fallback resource (image, string, etc) for use when the app is running on a device family you've never heard of before. And don't fall into the trap of assuming things like "Desktop requires higher-res assets than Mobile" because that is often not true.
Additionally to support the scenario Alan describes in his comment you can check for a Contract rather than a specific type as this indicates a block of related functionality. There is one such contract for the Windows Phone specific APIs - I described in here http://inthehand.com/2015/03/26/determine-if-running-on-windows-phone-from-a-uap-application/
Since this contract provides compatibility APIs for current Windows Phone apps we can assume at this point that it won't be implemented in small tablets as they won't have this. Obviously since the OS or APIs are not final this is not set in stone yet. This is a useful thing to know for Windows Phone especially if during the transition you want to cross promote legacy WP apps only on WP devices. For custom IoT devices I would check availability at the API level.
You can specify device family exclusive resources and views using specially named folders: (http://www.sharpgis.net/post/2015/04/01/Creating-DeviceFamily-specific-layouts-in-a-Universal-App).
You could, for the "advertising only same family apps" scenario described above, place a JSON or XML file in that device family's folder and fetch it at runtime using the storage API's.
I use this for phone (mobile):
if (Windows.System.Profile.AnalyticsInfo.VersionInfo.DeviceFamily == "Windows.Mobile")
{
// code for phone
}
else
{
// other code
}
extample is here
This is just repeating one of the previous answers which suggests using Windows.System.Profile.AnalyticsInfo.VersionInfo.DeviceFamily but I thought I'd include the complete code for a check:
// ----------------------------------------------------------------------
// IsRunningOnXbox
// Determines whether or not the game is running on an xbox console
bool IsRunningOnXbox()
{
// Skip if already checked
static bool bChecked = false;
static bool bRunningOnXbox = false;
if (bChecked)
return bRunningOnXbox;
// Retrieve the platform device family
Platform::String^ strVersionInfoDeviceFamily = Windows::System::Profile::AnalyticsInfo::VersionInfo->DeviceFamily;
if (strVersionInfoDeviceFamily != nullptr)
{
// Check to see if the device belongs to the xbox family
std::wstring strDeviceFamily = strVersionInfoDeviceFamily->Data();
std::transform(strDeviceFamily.begin(), strDeviceFamily.end(), strDeviceFamily.begin(), ::tolower);
if (strDeviceFamily.find(L"xbox") != std::wstring::npos)
bRunningOnXbox = true;
}
// Check complete
bChecked = true;
// Return whether or not the host platform is xbox
return bRunningOnXbox;
}
I do agree with Chuck's comment that this is probably not what AnalyticsInfo is intended for... but at the same time, we're talking about the xbox - a device with a single manufacturer who is also responsible for the OS. So in my mind at least, this seems pretty safe. Plus, if you wrap it like this, it's incredibly easy to swap in a different check should something better come along.

How is it possible to access function of app A from app B

I was wondering if and in how many way an app can access specific funcions of another app.
for example
open an url in safari/firefox/chrome
run a javascript in current browser-tab
play/pause itunes
rename selected files in Finder
I am aware of the existence of applescript but i was wondering if that's the only way i have to interact with those apps and others
thanks
There are three main ways an app exposes its function to the outside world.
One is by supporting an URL protocol. To open an URL, just use NSWorkspace. There are many methods; if an app registers a specific protocol like x-my-app://some-work, you can just do
[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:#"x-my-app://some-work"] ];
If you want to open an URL whose protocol (say http) is supported by many apps and if you want to specify which app to use, use openURLs:withAppBundleIdentifier:options:additionalEventParamDescriptor:launchIdentifiers:
.
Another is the System Services. With this, an app can add entries in the Service menu and in the context menu of other apps; you can also call it programmatically.
Otherwise, it's via Apple events. Applescript is one way to deal with them, but not the only one. It's just a language to issue Apple events. There are many ways to deal with Apple events from Cocoa, see this detailed document by Apple.
Basically, an app can export its internal as an object-oriented manner (which is not just its Objective-C hierarchy; you can control how much of its internal objects and methods you expose, etc.) by an sdef file. Then, another app can use this object-oriented system via Apple events.
To send and receive Apple events, you can of course construct them by hand, but you can use higher-level objects like
Applescript via NSAppleScript
Scripting Bridge
or AppScript.
To learn what kind of aspects an app exposes, just open the AppleScript Editor and choose the menu File → Open Dictionary, and choose an app.
Now, it's rather hard to use features of an app which the app does not expose via any of these methods. You still have a few workaround.
UI Scripting. This is done by sending Apple Events to a headless app called System Events which is one of the core program in OS X. This way, you can programmatically emulate clicking a button, choosing a menu, etc. of another app. So, almost whatever you can do using GUI with another app can be done programmatically from another app. To see the hierarchy of UI objects accessible from UI scripting, use a utility which comes with XCode tools, at
/Developer/Applications/Utilites/Accessibility Tools/Accessibility Inspector.app
This is very rudimentary but does the job; if you regularly use UI scripting, consider obtaining UI browser, as Zygmunt suggests.
Finally, if you want to use a non-GUI non-exposed feature of another app, you can inject a code into another app.
Just expanding on Yuji's answer. If you were forced to go the UI scripting path, there's a nice application to analyze the interface - hxxp://pfiddlesoft.com/uibrowser/. However, the examples you mentioned should expose some APIs.
I might also recommend using Sikuli hxxp://groups.csail.mit.edu/uid/sikuli/ as an IDE to script around user interface robustly.
For some applications usually coming from GNU/Linux there is D-BUS hxxp://en.wikipedia.org/wiki/D-Bus - although I haven't used it on a Mac on my own yet. And let me also quote Wikipedia about Cocoa "It is one of five major APIs available for Mac OS X; the others are Carbon, POSIX (for the BSD environment), X11 and Java." hxxp://en.wikipedia.org/wiki/Cocoa_%28API%29 That's just a loose tip for further exploration as Yuji has already explained Apple events that are key to your question.

Is this a reasonable "Application entry point"?

I have recently come across a situation where code is dynamically loading some libraries, wiring them up, then calling what is termed the "application entry point" (one of the libraries must implement IApplication.Run()).
Is this a valid "Appliation entry point"?
I would always have considered the application entry point to be before the loading of the libraries and found the IApplication.Run() being called after a considerable amount of work slightly misleading.
The terms application and system are terms that are so widely and diversely used that you need to agree what they mean upfront with your conversation partner. E.g. sometimes an application is something with a UI, and a system is 'UI-less'. In general it's just a case of you say potato, I say potato.
As for the example you use: that's just what a runtime (e.g. .NET or java) does: loading a set of libraries and calling the application entry point, i.e. the "main" method.
So in your case, the code loading the libraries is doing just the same, and probably calling a method on an interface, you could then consider the loading code to be the runtime for that application. It's just a matter of perspective.
The term "application" can mean whatever you want it to mean. "Application" merely means a collection of resources (libraries, code, images, etc) that work together to help you solve a problem.
So to answer your question, yes, it's a valid use of the term 'application'.
Application on its own means actually nothing. It is often used by people to talk about computer programs that provide some value to the user. A more correct term is application software and this has the following definition:
Application software is a subclass of
computer software that employs the
capabilities of a computer directly
and thoroughly to a task that the user
wishes to perform. This should be
contrasted with system software which
is involved in integrating a
computer's various capabilities, but
typically does not directly apply them
in the performance of tasks that
benefit the user. In this context the
term application refers to both the
application software and its
implementation.
And since application really means application software, and software is any piece of code that performs any kind of task on a computer, I'd say also a library can be an application.
Most terms are of artificial nature anyway. Is a plugin no application? Is the flash plugin of your browser no application? People say no, it's just a plugin. Why? Because it can't run on it's own, it needs to be loaded into a real process. But there is no definition saying only things that "can run on their own" are applications. Same holds true for a library. The core application could just be an empty container and all logic and functionality, even the interaction with the user, could be performed by plugins or libraries, in which case that would be more an application than the empty container that just provides some context for the application to run. Compare this to Java. A Java application can't run on it's own, it must run within a Java Virtual Machine (JVM), does that mean the JVM is the application and the Java Code is just... well what? Isn't the Java code the real application and the JVM just an empty runtime environment that provides nothing to the end user without the loaded Java code?
I think in this context "application entry point" means "the point at which the application (your code) enters the library".
I think probably what you're referring to is the main() function in C/C++ code or WinMain in a Windows app. That is, it's the point where execution is normally started in an app. Your question is pretty broad and vague--for example, which OS are you running this on--but this may be what you're looking for. This might also address the question.
Bear in mind when you're asking questions, details are your friend. People can give you a much better, more informed answer when you provide them with details.
EDIT:
In a broader context consider what has to happen from the standpoint of the OS. When the user specifies that they want to run an app, the OS has to load the app from the hard drive and then when the app is loaded into memory, it has to pass control to some point in the memory blocked occupied by the newly loaded app to continue execution. That would be the "Application Entry Point". When an app is constructed with dynamically linked code the OS has to load all that dynamically linked code in order to get the correct app image into memory. Loading up those shared bits of code does not change the fact that the OS must have a point to which to pass control when the app is loaded into memory.