1

In a Xcode project (macOS app), I'm using the DriverKit(and HIDDriverKit) framework. I have encountered a problem in the connection between the client app and the driver, which is implemented by the "IOKit" framework. By calling the function "IOServiceGetMatchingServices" the value of "iterator" returns correctly and then communication with the driver is done. However, after releasing the version on the TestFlight, on some systems, the value of the "iterator" returned 0 and it is not possible to communicate with the driver. I checked the status of the activated driver with the command "systemextensionsctl list" and there are no problems on the driver side and the values of "Enabled" and "Active" are starred.

AppSandbox = True, SIP: enable

ret = IOServiceGetMatchingServices(kIOMainPortDefault, IOServiceNameMatching(dextIdentifier), &iterator);
if (ret != kIOReturnSuccess)
{
    goto fail;
}

while ((service = IOIteratorNext(iterator)) != IO_OBJECT_NULL) {
    ret = IOServiceOpen(service, mach_task_self(), 0, &connection);
    if(ret == kIOReturnSuccess)
    {
        break;
    }
    else 
    {
        syslog(LOG_WARNING, "Error");
    }
    IOObjectRelease(service);
}

The returned value of the "ret" is 0 (kIOReturnSuccess) always, But the "iterator" is null (0).

Solved: By adding the com.apple.security.temporary-exception.iokit-user-client-class entitlement it's solved. thanks to @pmdj

Improve this question
3
  • Regarding disabling sandboxing: This is definitely not necessary, not on macOS 12 or any other version. Are you setting the com.apple.security.temporary-exception.iokit-user-client-class entitlement correctly? Commented Nov 27, 2023 at 10:58
  • Oh thank you @pmdj, I forgot to add this entitlement and after adding this, It's solved. Commented Nov 28, 2023 at 14:21
  • Hi @JafarHeidary, could you help me share how to communicate between HIDDriverKit and Client app?, it's difference with DriverKit because in info.plist, IOClass is AppleUserHIDEventService and IOProviderClass is IOHIDInterface, so I can not use IOServiceOpen function. Commented Jul 25, 2024 at 18:33

1 Answer 1

Reset to default
0

A null iterator is (unfortunately?) a valid output from IOServiceGetMatchingServices when there are no matching services. There's no guarantee it'll be null when there are no matches, but you have to accept it as possible output.

For example, the following tiny program triggers a null iterator on my system:

#include <IOKit/IOKitLib.h>
#include <stdio.h>

int main()
{
    io_iterator_t iterator = IO_OBJECT_NULL;
    IOReturn ret = IOServiceGetMatchingServices(MACH_PORT_NULL,
        IOServiceNameMatching("MadeUpNameThatDefinitelyDoesntExist"), &iterator);
    printf("IOServiceGetMatchingServices -> 0x%x, iterator = 0x%x\n", ret, iterator);
    if (iterator != IO_OBJECT_NULL)
        IOObjectRelease(iterator);
}

When run:

$ ./matching-services-null-iterator 
IOServiceGetMatchingServices -> 0x0, iterator = 0x0

You would expect no matching services when your driver hasn't matched any devices, for example. So you should be able to reproduce the issue by running the code with no device plugged in.

Update:

It seems that the app is sandboxed, in which case you need to specify any user client classes you expect to be using in the app's entitlements. This can be done using the com.apple.security.temporary-exception.iokit-user-client-class entitlement, which for a DriverKit extension should be "IOUserUserClient", the kernel I/O Kit class that acts as the back-end for any dext userclient subclass.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You are right, but I was wondering why the driver cannot match and the service cannot find the driver, considering that the driver is correctly installed and activated on the system also this issue happens only on some systems, not all. The question is: what is the root cause of this problem?
The driver won’t actually be loaded and therefore won’t show up in the I/O registry if there are no devices for it to drive, unless it matches IOUserResources, in which case there should be one instance, but of course it can crash, etc. which could cause it to disappear.
Hi @pmdj, I have setup project to work on HIDStylusDriver here: developer.apple.com/documentation/hiddriverkit/…. To open a communication with Driver, I use IOServiceOpen(device, mach_task_self_, 0, &connection) to open service and use connection for callback, but there is an error: Failed opening connection to dext with error. Could you help me in this case?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.