Bug 42177 - Sandbox errors from a Unified app relating to GameController / IOHIDLibUserClient
Summary: Sandbox errors from a Unified app relating to GameController / IOHIDLibUserCl...
Status: VERIFIED FIXED
Alias: None
Product: Xamarin.Mac
Classification: Desktop
Component: Library (Xamarin.Mac.dll) ()
Version: 2.8.0 (C7)
Hardware: Macintosh Mac OS
: Normal normal
Target Milestone: master
Assignee: Chris Hamons
URL:
Depends on:
Blocks:
 
Reported: 2016-06-26 14:54 UTC by John Conners
Modified: 2016-09-20 13:10 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
A sample app to test with - use the release build in Applications and ensure it's successfully sandboxed (i.e. you have valid developer certs installed) (349.17 KB, application/zip)
2016-06-26 14:54 UTC, John Conners
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
VERIFIED FIXED

Description John Conners 2016-06-26 14:54:20 UTC
Created attachment 16496 [details]
A sample app to test with - use the release build in Applications and ensure it's successfully sandboxed (i.e. you have valid developer certs installed)

Basically create a new Mac application, sandbox it, then run it in Applications and you'll see the following errors showing up in Console every time you launch it:

SandboxTest(2959) deny mach-lookup com.apple.GameController.gamecontrollerd
SandboxTest(2959) deny iokit-open IOHIDLibUserClient

Bottom line is it appears that the GameController / IOKit API is being initialised no matter what you do which violates sandbox rules. I could get rid of the second error by adding the 'com.apple.security.device.usb' entitlement but I can't see a way to get rid of the first one. Also, it should not be a requirement that that entitlement is required.

Original forum post here:

http://forums.xamarin.com/discussion/69835/sandbox-errors-from-a-unified-app-relating-to-gamecontroller-iohidlibuserclient

I'm running XD 6.0.1, Mono 4.4.1 and XamMac 2.8.1.4. 

Callstack for the first error is:

0   libobjc.A.dylib               	0x00007fff8acd00ed void std::__1::__insertion_sort<method_t::SortBySELAddress&, entsize_list_tt<method_t, method_list_t, 3u>::iterator>(entsize_list_tt<method_t, method_list_t, 3u>::iterator, entsize_list_tt<method_t, method_list_t, 3u>::iterator, method_t::SortBySELAddress&) + 13
1   libobjc.A.dylib               	0x00007fff8acc22d2 fixupMethodList(method_list_t*, bool, bool) + 225
2   libobjc.A.dylib               	0x00007fff8accf133 prepareMethodLists(objc_class*, method_list_t**, int, bool, bool) + 146
3   libobjc.A.dylib               	0x00007fff8accf5cf attachCategories(objc_class*, locstamped_category_list_t*, bool) + 1014
4   libobjc.A.dylib               	0x00007fff8acbd8d5 realizeClass(objc_class*) + 1779
5   libobjc.A.dylib               	0x00007fff8acbd2ea realizeClass(objc_class*) + 264
6   libobjc.A.dylib               	0x00007fff8acbd2ea realizeClass(objc_class*) + 264
7   libobjc.A.dylib               	0x00007fff8acbeefd _class_getNonMetaClass + 127
8   libobjc.A.dylib               	0x00007fff8acbed00 lookUpImpOrForward + 171
9   libobjc.A.dylib               	0x00007fff8acb9591 objc_msgSend + 209
10  Foundation                    	0x00007fff8d2a90f8 -[NSXPCConnection _sendInvocation:withProxy:remoteInterface:withErrorHandler:timeout:userInfo:] + 2560
11  Foundation                    	0x00007fff8d2a86f2 -[NSXPCConnection _sendInvocation:withProxy:remoteInterface:withErrorHandler:] + 32
12  CoreFoundation                	0x00007fff9288d382 ___forwarding___ + 514
13  CoreFoundation                	0x00007fff9288d0f8 _CF_forwarding_prep_0 + 120
14  GameController                	0x0000000104f82601 GCControllerManagerInitXPC + 338
15  GameController                	0x0000000104f827be GCControllerManagerInit + 405
16  dyld                          	0x00007fff680a4feb ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 265
17  dyld                          	0x00007fff680a5164 ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40
18  dyld                          	0x00007fff680a179d ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 305
19  dyld                          	0x00007fff680a1732 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 198
20  dyld                          	0x00007fff680a1623 ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 127
21  dyld                          	0x00007fff680a1893 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 75
22  dyld                          	0x00007fff68096eb0 dyld::runInitializers(ImageLoader*) + 89
23  dyld                          	0x00007fff6809e1e8 dlopen + 555
24  libdyld.dylib                 	0x00007fff9918179c dlopen + 59
25                                	0x00000001045bfdd1
26  SandboxTest                   	0x0000000103fb0e55 mono_jit_runtime_invoke + 1765 (mini-runtime.c:2578)
27  SandboxTest                   	0x00000001040586e2 mono_runtime_invoke + 130 (object.c:2897)
28  SandboxTest                   	0x0000000104058bf9 mono_runtime_class_init_full + 793 (object.c:400)
29  SandboxTest                   	0x0000000103f465f2 mono_method_to_ir + 145106 (method-to-ir.c:11639)
30  SandboxTest                   	0x0000000103fb91ca mini_method_compile + 3018 (mini.c:3610)
31  SandboxTest                   	0x0000000103fbb79c mono_jit_compile_method_inner + 684 (mini.c:4263)
32  SandboxTest                   	0x0000000103fad5f4 mono_jit_compile_method_with_opt + 516 (mini-runtime.c:1952)
33  SandboxTest                   	0x0000000103fad3aa mono_jit_compile_method + 42 (mini-runtime.c:2008)
34  SandboxTest                   	0x0000000103fb2ea2 common_call_trampoline + 1218 (mini-trampolines.c:694)
35                                	0x000000010459d295
36                                	0x00000001045be08a
37                                	0x00000001045be5c1
38  SandboxTest                   	0x0000000103fb0e55 mono_jit_runtime_invoke + 1765 (mini-runtime.c:2578)
39  SandboxTest                   	0x00000001040586e2 mono_runtime_invoke + 130 (object.c:2897)
40  SandboxTest                   	0x0000000103eaf1d7 xamarin_initialize + 679 (runtime.m:1001)
41                                	0x00000001045bdab3
42  SandboxTest                   	0x0000000103fb0e55 mono_jit_runtime_invoke + 1765 (mini-runtime.c:2578)
43  SandboxTest                   	0x00000001040586e2 mono_runtime_invoke + 130 (object.c:2897)
44  SandboxTest                   	0x000000010405dfab mono_runtime_exec_main + 379 (object.c:4221)
45  SandboxTest                   	0x0000000103f0c477 mono_main + 7943 (driver.g.c:2163)
46  SandboxTest                   	0x0000000103eb5267 main + 775 (launcher.m:551)
47  libdyld.dylib                 	0x00007fff991825ad start + 1

Callstack for the second error is:

0   libsystem_kernel.dylib        	0x00007fff980a1f72 mach_msg_trap + 10
1   IOKit                         	0x00007fff971ce7f7 io_service_open_extended + 128
2   IOKit                         	0x00007fff9716ecba IOServiceOpen + 45
3   IOHIDLib                      	0x000000010c9bed21 IOHIDDeviceClass::start(__CFDictionary const*, unsigned int) + 71
4   IOKit                         	0x00007fff97170fd1 IOCreatePlugInInterfaceForService + 1174
5   IOKit                         	0x00007fff97191d82 IOHIDDeviceCreate + 335
6   IOKit                         	0x00007fff971955b8 __IOHIDManagerDeviceAdded + 75
7   IOKit                         	0x00007fff97194bd2 __IOHIDManagerSetDeviceMatching + 255
8   GameController                	0x0000000104f82906
9   GameController                	0x0000000104f82800
10  Foundation                    	0x00007fff8d2ce7fb -[__NSObserver _doit:] + 320
11  CoreFoundation                	0x00007fff928a8bbc __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
12  CoreFoundation                	0x00007fff928a8b4f ___CFXRegistrationPost_block_invoke + 63
13  CoreFoundation                	0x00007fff928a8ac7 _CFXRegistrationPost + 407
14  CoreFoundation                	0x00007fff928a8832 ___CFXNotificationPost_block_invoke + 50
15  CoreFoundation                	0x00007fff928655e2 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1922
16  CoreFoundation                	0x00007fff92864835 _CFXNotificationPost + 693
17  Foundation                    	0x00007fff8d281fda -[NSNotificationCenter postNotificationName:object:userInfo:] + 66
18  AppKit                        	0x00007fff99d81459 -[NSApplication _postDidFinishNotification] + 297
19  AppKit                        	0x00007fff99d811c3 -[NSApplication _sendFinishLaunchingNotification] + 203
20  AppKit                        	0x00007fff99c3be9d -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] + 557
21  AppKit                        	0x00007fff99c3b947 -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] + 250
22  Foundation                    	0x00007fff8d2d062d -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] + 290
23  Foundation                    	0x00007fff8d2d04a7 _NSAppleEventManagerGenericHandler + 102
24  AE                            	0x00007fff88b52261 aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned int, unsigned char*) + 531
25  AE                            	0x00007fff88b51fe8 dispatchEventAndSendReply(AEDesc const*, AEDesc*) + 31
26  AE                            	0x00007fff88b51f04 aeProcessAppleEvent + 288
27  HIToolbox                     	0x00007fff973e2af9 AEProcessAppleEvent + 55
28  AppKit                        	0x00007fff99c37394 _DPSNextEvent + 2245
29  AppKit                        	0x00007fff99c3632a -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
30  AppKit                        	0x00007fff99c2ae84 -[NSApplication run] + 682
31  AppKit                        	0x00007fff99bf446c NSApplicationMain + 1176
32                                	0x000000010a508b6e
33                                	0x000000010a5089e4
34  SandboxTest                   	0x0000000103fb0e55 mono_jit_runtime_invoke + 1765 (mini-runtime.c:2578)
35  SandboxTest                   	0x00000001040586e2 mono_runtime_invoke + 130 (object.c:2897)
36  SandboxTest                   	0x000000010405dfab mono_runtime_exec_main + 379 (object.c:4221)
37  SandboxTest                   	0x0000000103f0c477 mono_main + 7943 (driver.g.c:2163)
38  SandboxTest                   	0x0000000103eb5267 main + 775 (launcher.m:551)
39  libdyld.dylib                 	0x00007fff991825ad start + 1
Comment 1 Chris Hamons 2016-07-19 21:47:40 UTC
I can confirm.

7/19/16 4:39:48.318 PM sandboxd[135]: ([97527]) SandboxTest(97527) deny mach-lookup com.apple.GameController.gamecontrollerd
7/19/16 4:39:50.893 PM sandboxd[135]: ([97527]) SandboxTest(97527) deny iokit-open IOHIDLibUserClient
7/19/16 4:39:50.899 PM sandboxd[135]: ([97527]) SandboxTest(97527) deny iokit-open IOHIDLibUserClient
7/19/16 4:39:50.905 PM sandboxd[135]: ([97527]) SandboxTest(97527) deny iokit-open IOHIDLibUserClient
7/19/16 4:39:50.910 PM sandboxd[135]: ([97527]) SandboxTest(97527) deny iokit-open IOHIDLibUserClient
7/19/16 4:39:50.916 PM sandboxd[135]: ([97527]) SandboxTest(97527) deny iokit-open IOHIDLibUserClient
Comment 2 Chris Hamons 2016-07-20 15:53:30 UTC
So for the general case, this is not an easily solvable solution. We load the native library in NSObject.mac.cs to make sure it is loaded before first use. In the general case, where you could use reflection to load additional assemblies / we don't do linking it would be difficult if not impossible to get right.

However, if you are using Mobile and enable SDK linking, the problem scope because much smaller and we already had code that tried to handle this. It was not updated for new libraries, but that was easy to fix:

https://github.com/xamarin/xamarin-macios/pull/448
Comment 3 John Conners 2016-07-20 15:57:45 UTC
That'd be great as I am indeed on Mobile with SDK linking on!
Comment 4 Chris Hamons 2016-07-21 18:07:52 UTC
Fixed in master / 9530bdf608469b02c6e849aca6975a9eed92814f.

This won't make C8 (the next major release), since it's already been branched.



QA - Build a XM Mobile app, release mode. SDK Linking. Launch console and clear it. Run app.

If you see:

SandboxTest(2959) deny mach-lookup com.apple.GameController.gamecontrollerd
SandboxTest(2959) deny iokit-open IOHIDLibUserClient

then it fails.
Comment 5 Naqeeb 2016-09-20 13:10:54 UTC
I have checked this issue with attached sample and latest master build and observed that it is working fine. I am not getting any build error. Here is tyhe screencast for the same: http://www.screencast.com/t/WpOxGS1gISem

Hence closing this issue.

Environment info: https://gist.github.com/NaqeebAnsari/e96743c74f8e3caf146c49c9662a67d3