search

vChewing / vChewing-macOS

威注音輸入法 macOS 版,恐怕是截至目前為止在功能多樣性方面最強的第三方免費 macOS 系統專用輸入法,採純 Swift 語言寫就。威注音的著力點是盡可能在力所能及的範圍內將整個產品的功能做得更好用,搭配特製的簡體中文與繁體中文專用辭庫。是純粹的簡體中文注音輸入法(也內贈原生繁體中文輸入模式),更具諸多威注音特色功能。目前研發管理工作均在 CSDN GitCode 進行。
https://vchewing.github.io/
Other
303 stars 10 forks source link

[備忘] 怎樣偵測有哪些軟體在濫用 Secure Input。 #496

Closed ShikiSuen closed 10 months ago

ShikiSuen commented 10 months ago

因為濫用 SecureEventInput 而導致第三方輸入法全部罷工的情況困擾了 macOS 副廠輸入法開發者至少十幾年。 但因為這些積年的怒氣就大砲打蒼蠅的話也太荒唐,不如盡量將打擊範圍弄得精準一些。

大體原理如下: 一、用 ioreg -l -w 0 取得當前全部的 ioregEntry 條目清單。 二、grep SecureInput

兩者合併就是 ioreg -l -w 0 | grep SecureInput。找出結果之後,只要相關結果對應的 bundleIdentifier 不是當前應用,就可以認定該 app 有在濫用 SecureInput。

然而,威注音是 Sandbox 處理過的軟體,不能直接跑終端指令。於是唯有用 Swift 程式碼手段重現 ioreg 這款工具的行為。 https://opensource.apple.com/source/IOKitTools/IOKitTools-97/ioreg.tproj/ioreg.c.auto.html 沒準可以趁此用 Swift 徹底重寫整個 IOKitTools,但這又有點大砲打蒼蠅了。

ShikiSuen commented 10 months ago

研究成功:https://gist.github.com/ShikiSuen/493babbcc032c6b9bb6332537051f2cb

ShikiSuen commented 10 months ago

Title: SecureEventInput Abuse Detected.

vChewing has detected that the following background processes are abusing the SecureEventInput, hindering all 3rd-party input methods from being able to switch to.

It is fine to use SecureEventInput for sensitive input fields. However, an app calling EnableSecureEventInput() is responsible to call DisableSecureEventInput() immediately right after the input field loses focus. This situation may also happen if an app is hanging in the background (or working as a helper application in the background) with its SecureEventInput left enabled.

The found processes are:

[PID: 114514] Yajuu Senpai.app (com.coatClub.SeniorTheBeast) → /Applications/Yajuu Senapi.app

When you are seeing this message, vChewing has already attempted to call DisableSecureEventInput() trying to make itself selectable in the input method menu again. Your suggested further steps:

  1. Keep a screenshot of this dialog (if you don't have one) for further purposes.

  2. If vChewing is still not selectable in the input method menu, you are suggested to manually terminate the processes listed above to force-release their SecureEventInput states. This will make vChewing available immediately.

  3. If the process belongs to an app from Mac App Store, please report its abuse of SecureEventInput to Apple. Apple may take actions to such apps if necessary, including pulling them off from the Mac App Store until the problem gets solved by their individual developers.

  4. Whether this process is from Mac App Store or not, you report this abuse to the related app vendor / developer. You may give them the screenshot of this alert message since it should have enough information to help the vendor / developer troubleshoot the issue.