Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TrustKit initialisation fully blocks the main thread in NotificationServiceExtension if its attempted before first unlock. #315

Open
CaioSym opened this issue Oct 4, 2023 · 0 comments
Open

TrustKit initialisation fully blocks the main thread in NotificationServiceExtension if its attempted before first unlock. #315

CaioSym opened this issue Oct 4, 2023 · 0 comments

Comments

@CaioSym
Copy link

CaioSym commented Oct 4, 2023

Problem description

TrustKit initialisation fully blocks the main thread ina NotificationServiceExtension if its attempted before first unlock BFU. This makes it impossible to use trustkit to pin network calls made from extensions which imo is a major issue.

Steps to reproduce

  1. Create an application with a NotificationServiceExtension.
  2. Either on the implementation of UNNotificationServiceExtension.init or UNNotificationServiceExtension.didReceive(_:withContentHandler:) attempt to instantiate TrustKit via TrustKit(configuration: someconfiguration). The configuration object seems irrelevant to reproduce the issue.
  3. Install the app+extension on a real device, launch and make sure to grab the push notification token.
  4. Make sure to set a PIN/Password on your phone.
  5. Restart your phone. DO NOT UNLOCK IT
  6. Send a notification to the phone via your preferred method (I recommend APNS console which should just require the PN token from step 3.). The payload is not important aside from making sure it has an aps.alert dictionary and aps.content-mutable: 1 so that it gets processed by the service extension.
  7. There should be an abnormal delay in the PN arriving.
  8. Perform a sysdiagnose. (I recommend using the trick with assistive touch mentioned in https://developer.apple.com/forums/thread/99634?answerId=354659022#354659022).
  9. Export the sysdiagnose to your computer and you should see something along these lines in the system_logs.logarchive file:
default	2023-10-04 13:16:30.938216 +0100	NotificationExtension	Hello, I'm launching as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = <private>
default	2023-10-04 13:16:30.980808 +0100	NotificationExtension	Will initialize TrustKit <- I added this log line
error	2023-10-04 13:16:31.073940 +0100	NotificationExtension	Attempting to create a background session before first device unlock!
default	2023-10-04 13:16:31.073976 +0100	NotificationExtension	Waiting for first unlock
default	2023-10-04 13:16:31.074028 +0100	NotificationExtension	Device is locked - waiting
error	2023-10-04 13:17:00.605212 +0100	SpringBoard	[your.extension.bundle.id] Extension will be killed because it used its runtime in starting up

Explanation:

Expected Results:

Initialising trustKit should still be possible from a BFU context. Failing that, we should at least throw an error or have some warnings in the docs that it cannot be used by extensions reliably. (Save the next guy the insane amount of time it took me to diag this.)

Kindly,

Caio
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CaioSym