CalvinBackup/apple-internals
1
0
Fork 0
mirror of https://github.com/mroi/apple-internals.git synced 2026-02-13 01:22:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: CalvinBackup:10.15-catalina
Branches Tags
CalvinBackup:main
CalvinBackup:26.3-tahoe CalvinBackup:26.0-tahoe CalvinBackup:tags/15.4-sequoia CalvinBackup:15.2-sequoia CalvinBackup:15.0-sequoia CalvinBackup:14.4-sonoma CalvinBackup:14.2-sonoma CalvinBackup:13.5-ventura CalvinBackup:13.4-ventura CalvinBackup:13.2-ventura CalvinBackup:12.4-monterey CalvinBackup:12.3-monterey CalvinBackup:12.1-monterey CalvinBackup:11.4-big-sur CalvinBackup:11.3-big-sur CalvinBackup:11.0-big-sur CalvinBackup:10.15-catalina
...
compare: CalvinBackup:14.2-sonoma
Branches Tags
CalvinBackup:main
CalvinBackup:26.3-tahoe CalvinBackup:26.0-tahoe CalvinBackup:tags/15.4-sequoia CalvinBackup:15.2-sequoia CalvinBackup:15.0-sequoia CalvinBackup:14.4-sonoma CalvinBackup:14.2-sonoma CalvinBackup:13.5-ventura CalvinBackup:13.4-ventura CalvinBackup:13.2-ventura CalvinBackup:12.4-monterey CalvinBackup:12.3-monterey CalvinBackup:12.1-monterey CalvinBackup:11.4-big-sur CalvinBackup:11.3-big-sur CalvinBackup:11.0-big-sur CalvinBackup:10.15-catalina

81 Commits
10.15-cata ... 14.2-sonom

Author SHA1 Message Date
Michael Roitzsch
b5166d34f4 internals: update for macOS 14.2 Sonoma 2023-12-13 16:12:03 +01:00
Michael Roitzsch
1c959c27bb Makefile: iOS simulator now also in mounted image 2023-10-29 18:55:40 +01:00
Michael Roitzsch
4e5147d0c8 flake: update for Xcode 15.0.1 2023-10-29 18:54:21 +01:00
Michael Roitzsch
add57def1e internals: update for macOS 13.5 Ventura 2023-08-20 20:55:46 +02:00
Michael Roitzsch
4ed7ef68db flake: update for Xcode 14.3.1 
makeSetupHook parameters changed
 2023-08-20 20:55:46 +02:00
Michael Roitzsch
9d57a5527f Makefile: catch Nix build errors early 2023-08-20 20:55:46 +02:00
Michael Roitzsch
afaa4c55e5 Makefile: fix wildcard resolution 2023-08-20 20:55:38 +02:00
Michael Roitzsch
9db223a1dc flake: fix sandboxed builds 
disable sandboxing when we symlink the platform Xcode
 2023-04-29 16:02:22 +02:00
Michael Roitzsch
af5c420f43 internals: update for macOS 13.4 Ventura 2023-04-02 15:25:56 +02:00
Michael Roitzsch
eeab6a8bfa Makefile: scan Xcode templates for extensions 
extension definitions and their extension point names appear in Xcode
project templates
• scan all of Xcode’s Developer directory, not just selected subdirs
• extract plist part regarding extensions from TemplateInfo.plist files
• check for macOS and iOS extension keys
 2023-04-02 12:04:55 +02:00
Michael Roitzsch
4d8f14e4a6 Makefile: silence Nix git dirty warning 2023-04-02 09:06:16 +02:00
Michael Roitzsch
04d82534d8 flake: update for Xcode 14.3 2023-04-02 09:05:36 +02:00
Michael Roitzsch
9542568442 internals: update for macOS 13.2 Ventura 2022-12-26 18:33:03 +01:00
Michael Roitzsch
05eed46555 flake: update for Xcode 14.2 2022-12-26 10:02:28 +01:00
Michael Roitzsch
72af1896ec flake: update for Xcode 14.1 2022-11-06 20:37:58 +01:00
Michael Roitzsch
40b2576d55 internals: update for macOS 12.4 Monterey 2022-06-06 21:45:17 +02:00
Michael Roitzsch
909ec8a160 flake: update for Xcode 13.4 2022-05-25 18:45:24 +02:00
Michael Roitzsch
b92ed8e175 internals: update for macOS 12.3 Monterey 2022-03-25 08:20:11 +01:00
Michael Roitzsch
e33fabd772 flake: update for Xcode 13.3 2022-03-25 08:19:46 +01:00
Michael Roitzsch
b494b38956 flake: update for Xcode 13.2 2022-01-02 15:02:24 +01:00
Michael Roitzsch
8d62d3e215 formally conform to the TSV file format 
• move internals.txt to internals.tsv (bonus: GitHub built-in rendering)
• add a header in the first line
• ignore first line for sort checking
• ignore first line for HTML rendering
 2022-01-02 15:02:24 +01:00
Michael Roitzsch
5e92d0e636 internals: update for macOS 12.1 Monterey 2021-11-22 14:11:48 +01:00
Michael Roitzsch
33947b2f46 Makefile: test for tool build errors 2021-11-08 10:44:59 +01:00
Michael Roitzsch
81f318f1e1 flake: fix acextract build (again) 2021-11-08 10:38:11 +01:00
Michael Roitzsch
07288c72e1 flake: update Xcode version 2021-11-08 10:37:33 +01:00
Michael Roitzsch
f3150df424 Makefile: fix entitlements export for Monterey 2021-10-29 19:52:30 +02:00
Michael Roitzsch
ef992d99d1 flake: enable snapshot reverting 
snapUtil -r
 2021-10-25 12:04:53 +02:00
Michael Roitzsch
28560df58f flake: fix Swift compiler crash 2021-10-25 12:03:31 +02:00
Michael Roitzsch
31fcb59c80 Makefile: extract DriverKit dyld cache 2021-10-25 12:03:31 +02:00
Michael Roitzsch
2deea7c208 flake: Monterey-compatible dyld cache extractor 2021-10-25 12:03:12 +02:00
Michael Roitzsch
563347a6db Makefile: assume a flake-capable Nix is installed 2021-10-20 10:43:55 +02:00
Michael Roitzsch
345d5a24c0 Makefile: configurable Xcode installation 2021-10-20 10:43:55 +02:00
Michael Roitzsch
40216ef6d4 flake: use unstable branch of nixpkgs 2021-10-20 10:43:55 +02:00
Michael Roitzsch
f79226a965 flake: use attribute naming convention, add lock 2021-10-20 10:43:55 +02:00
Michael Roitzsch
2cec40761a internals: update for macOS 11.4 2021-05-25 10:32:25 +02:00
Michael Roitzsch
1036b6326c Makefile: renew database if current system is newer 2021-05-25 10:31:22 +02:00
Michael Roitzsch
cfd54c9d8c flake: update to Xcode 12.5 2021-04-28 10:52:32 +02:00
Michael Roitzsch
30bdc30392 internals: update for macOS 11.3 2021-04-24 14:22:02 +02:00
Michael Roitzsch
aeae2a6157 Makefile: use most current compressed database 2021-04-24 14:21:31 +02:00
Michael Roitzsch
73de585019 flake: unquoted URLs are deprecated 2021-03-30 21:24:32 +02:00
Michael Roitzsch
9dfebf24ff internals: update with February 2021 security info 2021-03-28 10:00:00 +02:00
Michael Roitzsch
924e53e9b6 Makefile: tolerate errors with interactive SQlite 2021-03-27 16:01:19 +01:00
Michael Roitzsch
7ad7ac85f2 improve interactive SQLite completions 
rename index to avoid it having the same prefix as the files table
 2021-03-24 19:52:38 +01:00
Michael Roitzsch
b84e3ba5cf clear extended attributes 2021-03-24 18:07:00 +01:00
Michael Roitzsch
eaba592bcc handle URL fragment as search term 
allows direct linking to specific searches
 2021-03-11 10:02:40 +01:00
Michael Roitzsch
c26b374f48 update Xcode and fix crash in snapUtil 2021-02-22 09:37:29 +01:00
Michael Roitzsch
7bfdb02cc9 add a textual database dump of most relevant info 
useful for diffing databases of multiple OS versions against each other
 2020-12-31 18:41:47 +01:00
Michael Roitzsch
320cee87e0 fix passing DB as command line variable 2020-12-31 18:12:51 +01:00
Michael Roitzsch
23f5c368e0 better Nix flakes documentation link 2020-12-31 17:26:04 +01:00
Michael Roitzsch
f85006a1c9 convenience target for interactive database access 2020-12-31 17:25:47 +01:00
Michael Roitzsch
2128e5251f update to Xcode 12.3 2020-12-31 17:25:21 +01:00
Michael Roitzsch
6306ad242c document SQLite database and internals check 2020-11-24 19:37:06 +01:00
Michael Roitzsch
bfa963b23d internals: update for macOS 11 Big Sur 2020-11-24 18:43:40 +01:00
Michael Roitzsch
5b7829bc1a flake: run wrapped snapUtil with original name 2020-11-24 18:43:24 +01:00
Michael Roitzsch
239768785f flake: update to Xcode 12.2 2020-11-24 18:43:06 +01:00
Michael Roitzsch
3a23468f89 create sqlite database and check internals content 2020-11-24 18:42:40 +01:00
Michael Roitzsch
7a892360c8 check: extension points 
listed extension points should be valid NSExtensionPointIdentifiers
 2020-11-24 14:33:25 +01:00
Michael Roitzsch
17478b0144 db: collect Info.plist files 2020-11-24 14:33:10 +01:00
Michael Roitzsch
b5bcc70bd6 check: launchd services 
• check listed service labels
• check host/task special ports
 2020-11-24 14:30:24 +01:00
Michael Roitzsch
e1278f9a21 db: collect launchd service information 2020-11-24 14:30:24 +01:00
Michael Roitzsch
5c7181b1f9 db: collect contents of asset catalogs 2020-11-24 14:30:24 +01:00
Michael Roitzsch
e03a6cd0ca check: executables and frameworks 
• check command line tools
• check framework names
• check server names as strings in binaries
 2020-11-24 14:30:24 +01:00
Michael Roitzsch
051dd0f167 db: extract dylibs from dyld cache and scan 
uses dyld_shared_cache_util tool from the Nix flake
 2020-11-24 14:29:51 +01:00
Michael Roitzsch
ee5938c46f db: include developer tools in scan 2020-11-24 14:29:51 +01:00
Michael Roitzsch
6853a9111d db: collect information about binaries 
• library linkage
• entitlements
• strings in the binary
 2020-11-24 14:29:51 +01:00
Michael Roitzsch
d85af9cea8 check: existence of mentioned files 
first check also sets up checks infrastructure
 2020-11-24 14:29:51 +01:00
Michael Roitzsch
76c9417244 db: use transactions 
for better database performance
 2020-11-24 14:29:51 +01:00
Michael Roitzsch
caa1b1dce3 db: store compressed database file 
automatically decompress before using
 2020-11-24 14:29:51 +01:00
Michael Roitzsch
91f62823cd db: refactor to separate iterator function 2020-11-24 14:29:51 +01:00
Michael Roitzsch
98bc5f9af1 db: collect information of files in the system 2020-11-23 16:12:15 +01:00
Michael Roitzsch
6949a664b7 flake: add dyld-shared-cache-util 2020-11-05 21:20:58 +01:00
Michael Roitzsch
d052951c22 flake: update for Xcode 12.1 2020-11-05 21:19:21 +01:00
Michael Roitzsch
0ecf14dce6 add HTML-based web viewer 2020-10-19 19:11:29 +02:00
Michael Roitzsch
7d128a1eb4 MIT license 2020-10-19 19:08:37 +02:00
Michael Roitzsch
5b3c254539 document the internals website 2020-10-19 19:08:07 +02:00
Michael Roitzsch
c4904eea37 button to clear filter 2020-10-19 19:08:07 +02:00
Michael Roitzsch
1241dfc400 select filter text on return 2020-10-19 19:08:07 +02:00
Michael Roitzsch
1f1ad17d02 highlight filter term in content 
use <mark> tag and style accordingly
 2020-10-19 19:08:07 +02:00
Michael Roitzsch
c8ad794b5e refactor and hook up filter control 
filter content after at least three characters have been typed
 2020-10-19 19:08:07 +02:00
Michael Roitzsch
270096c620 parse out structural elements from the text 
row, term, definition
 2020-10-19 19:08:07 +02:00
Michael Roitzsch
c6c461b088 initial version of web viewer 
• converter class
• fetch internals document
• setup filter input
 2020-10-19 19:08:07 +02:00
9 changed files with 948 additions and 314 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
/internals-*.db.lz

21
LICENSE.txt Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2020 Michael Roitzsch
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

217
Makefile
View File

@@ -1,10 +1,219 @@
override DB := $(if $(DB),$(DB:.lz=),$(lastword $(sort internals-$(shell sw_vers -productVersion).db $(basename $(wildcard internals-*)))))
MY_INTERNALS = $(HOME)/Library/Mobile\ Documents/com~apple~TextEdit/Documents/Apple\ Internals.rtf
DB_TARGETS = db_files db_binaries db_manifests db_assets db_services
CHECK_TARGETS = check_files check_binaries check_manifests check_services
.PHONY: all
.PHONY: all check view sqlite $(DB_TARGETS) $(CHECK_TARGETS)
.INTERMEDIATE: $(DB)
all: internals.txt
all: $(DB).lz check
ifneq ($(wildcard $(MY_INTERNALS)),)
internals.txt: $(MY_INTERNALS)
textutil -cat txt "$<" -output $@
internals.tsv: $(MY_INTERNALS)
printf 'Term\tDescription\n' > $@
textutil -cat txt $@ "$<" -output $@
xattr -c $@
endif
ifneq ($(wildcard $(DB).lz),)
$(DB): $(DB).lz
compression_tool -decode -i $< -o $@
else
$(DB):
@$(MAKE) --silent --jobs=1 $(DB_TARGETS) | sqlite3 -bail $@
$(DB).lz: $(DB)
compression_tool -encode -i $< -o $@
tmutil addexclusion $@
rm -rf dyld
endif
check: internals.tsv
@(head --lines=1 ; LANG=en sort --ignore-case) < $< | diff -uw $< -
@$(MAKE) --silent --jobs=1 $(CHECK_TARGETS)
define VIEW
SELECT path,os FROM files;
SELECT path,os,name FROM files NATURAL JOIN assets;
SELECT path,os,dylib FROM files NATURAL JOIN linkages;
SELECT files.path,os,key,value FROM files NATURAL JOIN services, json_each(plist);
SELECT files.path,os,key,value FROM files NATURAL JOIN entitlements, json_each(plist);
endef
export VIEW
view: $(DB)
echo "$$VIEW" | sqlite3 -bail $< | LC_COLLATE=C sort
sqlite: $(DB)
sqlite3 $< || true
# MARK: - data extraction helpers
ACEXTRACT = $(shell nix build --no-write-lock-file --no-warn-dirty .\#acextract && \
readlink result && rm result)/bin/acextract
DSCEXTRACTOR = $(shell nix build --no-write-lock-file --no-warn-dirty .\#dsc-extractor && \
readlink result && rm result)/bin/dyld-shared-cache-extractor
$(DB_TARGETS)::
# evaluate helper tools to catch Nix build errors early
: $(ACEXTRACT)
: $(DSCEXTRACTOR)
dyld: /System/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h /System/Cryptexes/OS/System/DriverKit/System/Library/dyld/dyld_shared_cache_x86_64h
if ! test -x $(DSCEXTRACTOR) ; then \
printf '\033[1mdscextractor tool unavailable\033[m\n' >&2 ; \
echo 'FAIL;' ; \
exit 1 ; \
fi
for i in $+ ; do $(DSCEXTRACTOR) $$i $@ ; done > /dev/null
find $@ -type f -print0 | xargs -0 chmod a+x
XCODE = $(lastword $(wildcard /Applications/Xcode.app /Applications/Xcode-beta.app))
prefix = $$(case $(1) in \
(macOS) ;; \
(macOS-dyld) echo $(dir $(realpath $(firstword $(MAKEFILE_LIST))))/dyld ;; \
(iOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/iOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
(tvOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/tvOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/tvOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
(watchOS) echo $(wildcard /Library/Developer/CoreSimulator/Volumes/watchOS_*/Library/Developer/CoreSimulator/Profiles/Runtimes/watchOS*.simruntime/Contents/Resources/RuntimeRoot) ;; \
esac)
find = \
{ \
$(2) find /Library /System /bin /dev /private /sbin /usr ! \( -path /Library/Developer/CoreSimulator/Volumes -prune \) ! \( -path /System/Volumes/Data -prune \) $(1) 2> /dev/null | sed 's/^/macOS /' ; \
find $(XCODE)/Contents/Developer $(1) | sed 's|^$(XCODE)|macOS /Applications/Xcode.app|' ; \
test -d "$(call prefix,macOS-dyld)" && cd "$(call prefix,macOS-dyld)" && find . $(1) | sed '1d;s/^\./macOS-dyld /' ; \
cd "$(call prefix,iOS)" ; find . $(1) | sed '1d;s/^\./iOS /' ; \
cd "$(call prefix,tvOS)" ; find . $(1) | sed '1d;s/^\./tvOS /' ; \
cd "$(call prefix,watchOS)" ; find . $(1) | sed '1d;s/^\./watchOS /' ; \
}
file = SELECT id, $(1) FROM files WHERE os = '$$os' AND path = '$$(echo "$$path" | sed "s/'/''/g")'
, = , # for entering a literal comma as part of a function argument
# MARK: - generator targets for database
$(DB_TARGETS)::
echo 'BEGIN IMMEDIATE TRANSACTION;'
db_files:: dyld
if ! csrutil status | grep -Fq disabled ; then \
printf '\033[1mdisable SIP to get complete file information\033[m\n' >&2 ; \
echo 'FAIL;' ; \
exit 1 ; \
fi
printf '\033[1mcollecting file information...\033[m\n' >&2
echo 'DROP TABLE IF EXISTS files;'
echo 'CREATE TABLE files (id INTEGER PRIMARY KEY, os TEXT, path TEXT, executable BOOLEAN);'
$(call find,,sudo) | sed -E "s/'/''/g;s/([^ ]*) (.*)/INSERT INTO files (os, path) VALUES('\1', '\2');/"
find $(HOME)/Library | sed "s|^$(HOME)|~|;s/'/''/g;s/.*/INSERT INTO files (os, path) VALUES('macOS', '&');/"
echo 'CREATE INDEX _files_path ON files (path);'
db_binaries:: dyld
printf '\033[1mcollecting executable information...\033[m\n' >&2
echo 'DROP TABLE IF EXISTS linkages;'
echo 'DROP TABLE IF EXISTS entitlements;'
echo 'DROP TABLE IF EXISTS strings;'
echo 'CREATE TABLE linkages (id INTEGER REFERENCES files, dylib TEXT);'
echo 'CREATE TABLE entitlements (id INTEGER REFERENCES files, plist JSON);'
echo 'CREATE TABLE strings (id INTEGER REFERENCES files, string TEXT);'
$(call find,-follow -type f -perm +111) | while read -r os path ; do \
echo "UPDATE files SET executable = true WHERE os = '$$os' AND path = '$$path';" ; \
if test -r "$(call prefix,$$os)$$path" && file --no-dereference --brief --mime-type "$(call prefix,$$os)$$path" | grep -Fq application/x-mach-binary ; then \
objdump --macho --dylibs-used "$(call prefix,$$os)$$path" | \
sed "1d;s/^.//;s/ ([^)]*)$$//;s/'/''/g;s|.*|INSERT INTO linkages $(call file,'&');|" ; \
codesign --display --xml --entitlements - "$(call prefix,$$os)$$path" 2> /dev/null | \
plutil -convert json - -o - | \
sed "/^<stdin>: Property List error/d;/^{}/d;s/'/''/g;s|.*|INSERT INTO entitlements $(call file,json('&'));\n|" ; \
strings -n 8 "$(call prefix,$$os)$$path" | \
LANG=C sed "s/'/''/g;s|.*|INSERT INTO strings $(call file,'&');|" ; \
fi ; \
done
db_manifests::
printf '\033[1mcollecting Info.plist information...\033[m\n' >&2
echo 'DROP TABLE IF EXISTS info;'
echo 'CREATE TABLE info (id INTEGER REFERENCES files, plist JSON);'
$(call find,-type f -name 'Info.plist') | while read -r os path ; do \
test -r "$(call prefix,$$os)$$path" && plutil -convert json "$(call prefix,$$os)$$path" -o - | \
sed "/: invalid object/d;s/'/''/g;s|.*|INSERT INTO info $(call file,json('&'));\n|" ; \
done
$(call find,-type f -name 'TemplateInfo.plist') | while read -r os path ; do \
test -r "$(call prefix,$$os)$$path" && { \
echo '<dict>' ; \
PlistBuddy -c 'Print Definitions:Info.plist\:NSExtension' "$(call prefix,$$os)$$path" ; \
PlistBuddy -c 'Print Definitions:Info.plist\:EXAppExtensionAttributes' "$(call prefix,$$os)$$path" ; \
PlistBuddy -c 'Print Options:0:Units:Swift:Definitions:Info.plist\:NSExtension' "$(call prefix,$$os)$$path" ; \
PlistBuddy -c 'Print Options:0:Units:Swift:Definitions:Info.plist\:EXAppExtensionAttributes' "$(call prefix,$$os)$$path" ; \
echo '</dict>' ; \
} 2> /dev/null | plutil -convert json - -o - | \
sed "/Property List error:/d;s/'/''/g;s|.*|INSERT INTO info $(call file,json('&'));\n|" ; \
done
db_assets::
if ! test -x $(ACEXTRACT) ; then \
printf '\033[1macextract tool unavailable\033[m\n' >&2 ; \
echo 'FAIL;' ; \
exit 1 ; \
fi
printf '\033[1mcollecting asset catalog information...\033[m\n' >&2
echo 'DROP TABLE IF EXISTS assets;'
echo 'CREATE TABLE assets (id INTEGER REFERENCES files, name TEXT);'
$(call find,-type f -name '*.car') | while read -r os path ; do \
test -r "$(call prefix,$$os)$$path" && $(ACEXTRACT) --list --input "$(call prefix,$$os)$$path" | \
sed "1d;s/'/''/g;s|.*|INSERT INTO assets $(call file,'&');|" ; \
done
db_services::
printf '\033[1mcollecting launchd service information...\033[m\n' >&2
echo 'DROP TABLE IF EXISTS services;'
echo 'CREATE TABLE services (id INTEGER REFERENCES files, kind TEXT, plist JSON);'
$(call find,-type f -name '*.plist' -path '*/LaunchAgents/*' -o -path '*/LaunchDaemons/*') | while read -r os path ; do \
case "$$path" in (*/LaunchAgents/*) kind=agent ;; (*/LaunchDaemons/*) kind=daemon ;; esac ; \
test -r "$(call prefix,$$os)$$path" && plutil -convert json "$(call prefix,$$os)$$path" -o - | \
sed "s/'/''/g;s|.*|INSERT INTO services $(call file,'$$kind'$(,)json('&'));\n|" ; \
done
$(DB_TARGETS)::
echo 'COMMIT TRANSACTION;'
# MARK: - check targets for internals.tsv
check_files: internals.tsv $(DB)
printf '\033[1mchecking files...\033[m\n' >&2
grep -ow '~\?/[^,;]*' $< | sed -E 's/ \(.*\)$$//;s/^\/(etc|var)\//\/private&/' | \
sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM files WHERE path GLOB '&';|" | \
sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
check_binaries: internals.tsv $(DB)
printf '\033[1mchecking command line tools...\033[m\n' >&2
grep -o 'command line tools\?: [^;]*' $< | sed 's/^[^:]*: //;s/ //g;s/([^)]*)//g' | tr , '\n' | \
sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM files WHERE executable = true AND path GLOB '*/&';|" | \
sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
printf '\033[1mchecking frameworks...\033[m\n' >&2
grep -ow '[[:alnum:]]*\.framework[[:alnum:]/.]*' $< | \
sed "s|/|/*/|g;s/'/''/g;s|.*|SELECT count(*), '&' FROM files WHERE executable = true AND path GLOB '*/&/*';|" | \
sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
printf '\033[1mchecking servers...\033[m\n' >&2
grep -o 'servers\?: [^;]*' $< | sed 's/^[^:]*: //;s/ //g;s/([^)]*)//g' | tr , '\n' | \
sed "s/'/''/g;s/.*/SELECT count(*), '&' FROM strings WHERE string GLOB '*&*';/" | \
sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
check_manifests: internals.tsv $(DB)
printf '\033[1mchecking extension points...\033[m\n' >&2
grep -o 'extension points\?: [^;]*' $< | sed 's/^[^:]*: //;s/ //g;s/([^)]*)//g' | tr , '\n' | \
sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM (SELECT value FROM info, json_each(plist, '$$.NSExtension') WHERE key = 'NSExtensionPointIdentifier' UNION SELECT value FROM info, json_each(plist, '$$.EXAppExtensionAttributes') WHERE key = 'EXExtensionPointIdentifier') WHERE value = '&';|" | \
sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
check_services: internals.tsv $(DB)
printf '\033[1mchecking launchd services...\033[m\n' >&2
grep -o 'launchd services\?: [^;]*' $< | sed 's/^[^:]*: //;s/ //g;s/([^)]*)//g' | tr , '\n' | \
sed "s/'/''/g;s|.*|SELECT count(*), '&' FROM services, json_each(plist) WHERE key = 'Label' AND value = '&';|" | \
sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"
printf '\033[1mchecking special ports...\033[m\n' >&2
grep -o '[^ ]* special port [0-9]*' $< | \
sed -E "s/'/''/g;s/(host|task) special port ([0-9]+)/SELECT count(*), '&' FROM services, json_tree(plist, '$$.MachServices') WHERE key LIKE '\1SpecialPort' AND value = \2;/" | \
sqlite3 $(DB) | sed -n "/^0|/{s/^0|//;p;}"

24
README.md
View File

@@ -2,12 +2,30 @@ Apple Internals
===============
This repository provides tools and information to help understand and analyze the internals
of Apples operating system platforms. Specifically, a [Nix
flake](https://github.com/tweag/rfcs/blob/flakes/rfcs/0049-flakes.md) allows to build the
following externally hosted tools:
of Apples operating system platforms. Information is collected in a text file and
[presented on a website](https://mroi.github.io/apple-internals). A [Nix
flake](https://nixos.wiki/wiki/Flakes) allows to build the following externally hosted
tools:
[**acextract**](https://github.com/bartoszj/acextract)
Unpacks asset catalogs to individual files.
[**dyld-shared-cache-util**](https://github.com/antons/dyld-shared-cache-big-sur)
Extracts dynamic libraries from the dyld linker cache.
[**snapUtil**](https://github.com/ahl/apfs)
Manages APFS snapshots.
The Makefile aggregates various kinds of information from the system in a SQLite database
and checks the internals text file against this information. Collected details include:
* all file names of the installed macOS and the iOS, tvOS, and watchOS simulators
* linkages of binaries to libraries
* entitlements for all executables
* plain-text strings embedded in binaries
* launchd service descriptions and bundle Info.plist content
* lists of assets inside asset catalogs
___
This work is licensed under the [MIT license](https://mit-license.org) so you can freely use
and share as long as you retain the copyright notice and license text.

106
flake.lock generated Normal file
View File

@@ -0,0 +1,106 @@
{
"nodes": {
"acextract": {
"flake": false,
"locked": {
"lastModified": 1556467432,
"narHash": "sha256-Yh437j5HLwh+s2qBKo3YruBHSJxqH142LuM/Unf+rV4=",
"owner": "bartoszj",
"repo": "acextract",
"rev": "df3b018d53cd4b684a5f6d63535dcc4156be1a97",
"type": "github"
},
"original": {
"owner": "bartoszj",
"repo": "acextract",
"type": "github"
}
},
"command-line": {
"flake": false,
"locked": {
"lastModified": 1556260068,
"narHash": "sha256-3BvUfIbbSsv8AHeg+nEjGVNDbgSOf/P7l6EFo+DvE/I=",
"owner": "iHTCboy",
"repo": "CommandLine",
"rev": "b8209dc17ac1dd0f97ebfbd6a77a0633552626ca",
"type": "github"
},
"original": {
"owner": "iHTCboy",
"repo": "CommandLine",
"type": "github"
}
},
"dsc-extractor": {
"flake": false,
"locked": {
"lastModified": 1688099356,
"narHash": "sha256-NaPFOiPwGdwVxxZr5eRklhD41IKw8DvYoZg0kLReY5k=",
"owner": "keith",
"repo": "dyld-shared-cache-extractor",
"rev": "ac746c15a62f51e1ff32e4d101b5d8c70f2cb2fe",
"type": "github"
},
"original": {
"owner": "keith",
"repo": "dyld-shared-cache-extractor",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1692494774,
"narHash": "sha256-noGVoOTyZ2Kr5OFglzKYOX48cx3hggdCPbXrYMG2FDw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3476a10478587dec90acb14ec6bde0966c545cc0",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"acextract": "acextract",
"command-line": "command-line",
"dsc-extractor": "dsc-extractor",
"nixpkgs": "nixpkgs",
"snap-util": "snap-util",
"snapshot-header": "snapshot-header"
}
},
"snap-util": {
"flake": false,
"locked": {
"lastModified": 1647211082,
"narHash": "sha256-zQ/0Cpo6CCeKXafeERjBCQ2gv9396c7UZU+VmViQVIc=",
"owner": "ahl",
"repo": "apfs",
"rev": "2bcf604966949f618e6a6ce33ca8ae1721494e6d",
"type": "github"
},
"original": {
"owner": "ahl",
"repo": "apfs",
"type": "github"
}
},
"snapshot-header": {
"flake": false,
"locked": {
"narHash": "sha256-/2aR6n5CbUobwbxkrGqBOAhCZLwDdIsoIOcpALhAUF8=",
"type": "tarball",
"url": "https://github.com/apple/darwin-xnu/archive/refs/tags/xnu-6153.141.1.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/apple/darwin-xnu/archive/refs/tags/xnu-6153.141.1.tar.gz"
}
}
},
"root": "root",
"version": 7
}

178
flake.nix
View File

@@ -2,78 +2,134 @@
description = "tools to understand the internals of Apples operating systems";
inputs = {
acextract = {
url = github:bartoszj/acextract;
url = "github:bartoszj/acextract";
flake = false;
};
command-line = {
url = github:iHTCboy/CommandLine;
url = "github:iHTCboy/CommandLine";
flake = false;
};
dsc-extractor = {
url = "github:keith/dyld-shared-cache-extractor";
flake = false;
};
snapshot-header = {
url = "https://opensource.apple.com/tarballs/xnu/xnu-6153.141.1.tar.gz";
url = "https://github.com/apple/darwin-xnu/archive/refs/tags/xnu-6153.141.1.tar.gz";
flake = false;
};
snap-util = {
url = github:ahl/apfs;
url = "github:ahl/apfs";
flake = false;
};
};
outputs = { self, nixpkgs, acextract, command-line, snapshot-header, snap-util }: {
acextract =
with import nixpkgs { system = "x86_64-darwin"; };
let xcode12 = makeSetupHook {
deps = [ (xcodeenv.composeXcodeWrapper { version = "12.0"; }) ];
} "${xcbuildHook}/nix-support/setup-hook";
in stdenv.mkDerivation {
name = "acextract-${lib.substring 0 8 self.inputs.acextract.lastModifiedDate}";
src = acextract;
nativeBuildInputs = [ xcode12 ];
preBuild = "LD=$CC";
# FIXME: want to have submodule support for Nix flakes, workaround by explicit instantiation
postUnpack = "rmdir source/CommandLine ; ln -s ${command-line} source/CommandLine";
installPhase = ''
mkdir -p $out/bin
cp Products/Release/acextract $out/bin/
'';
dontStrip = true;
};
snap-util =
with import nixpkgs { system = "x86_64-darwin"; };
stdenv.mkDerivation {
name = "snap-util-${lib.substring 0 8 self.inputs.snap-util.lastModifiedDate}";
src = snap-util;
nativeBuildInputs = [ (xcodeenv.composeXcodeWrapper { version = "12.0"; }) ];
preBuild = "NIX_CFLAGS_COMPILE='-idirafter ${snapshot-header}/bsd'";
installPhase = ''
mkdir -p $out/bin
cp snapUtil $out/bin/.snapUtil-wrapped
cat > $out/bin/snapUtil <<- EOF
#!/bin/sh
if csrutil status | grep -Fq disabled && sysctl kern.bootargs | grep -Fq amfi_get_out_of_my_way ; then
exec $out/bin/.snapUtil-wrapped "\$@"
else
echo 'snapUtil requires SIP and AMFI to be disabled:'
echo ' boot recovery system'
echo ' run csrutil disable'
echo ' run nvram boot-args=amfi_get_out_of_my_way=0x1'
exit 1
fi
EOF
chmod a+x $out/bin/snapUtil
'';
postFixup = ''
cat > snapUtil.entitlements <<- EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.vfs.snapshot</key>
<true/>
</dict>
</plist>
EOF
codesign -s - --entitlement snapUtil.entitlements $out/bin/.snapUtil-wrapped
'';
};
outputs = { self, nixpkgs, acextract, command-line, dsc-extractor, snapshot-header, snap-util }: {
packages.x86_64-darwin = let
xcode = (nixpkgs.legacyPackages.x86_64-darwin.xcodeenv.composeXcodeWrapper {
version = "15.0.1";
}).overrideAttrs (attrs: { __noChroot = true; });
in {
acextract =
with import nixpkgs { system = "x86_64-darwin"; };
let xcodeHook = makeSetupHook {
name = "xcode-hook";
propagatedBuildInputs = [ xcode ];
} "${xcbuildHook}/nix-support/setup-hook";
in stdenv.mkDerivation {
name = "acextract-${lib.substring 0 8 self.inputs.acextract.lastModifiedDate}";
src = acextract;
nativeBuildInputs = [ xcodeHook ];
preBuild = "LD=$CC";
# FIXME: want to have submodule support for Nix flakes, workaround by explicit instantiation
postUnpack = "rmdir source/CommandLine ; ln -s ${command-line} source/CommandLine";
# FIXME: fix for Swift compiler crash
patchPhase = ''
patch -p0 <<- EOF
--- acextract/CoreUI.h
+++ acextract/CoreUI.h
@@ -24,6 +24,7 @@
// SOFTWARE.
@import Foundation;
+@import CoreGraphics;
// Hierarchy:
// - CUICatalog:
--- acextract/Operation.swift 2021-10-20 10:35:39.000000000 +0200
+++ acextract/Operation.swift 2021-10-20 10:35:46.000000000 +0200
@@ -24,6 +24,7 @@
// SOFTWARE.
import Foundation
+import ImageIO
// MARK: - Protocols
protocol Operation {
@@ -152,7 +153,7 @@
throw ExtractOperationError.cannotCreatePDFDocument
}
// Create the pdf context
- let cgPage = CGPDFDocument.page(cgPDFDocument) as! CGPDFPage // swiftlint:disable:this force_cast
+ let cgPage = cgPDFDocument.page(at: 0)!
var cgPageRect = cgPage.getBoxRect(.mediaBox)
let mutableData = NSMutableData()
EOF
'';
installPhase = ''
mkdir -p $out/bin
cp Products/Release/acextract $out/bin/
'';
dontStrip = true;
__noChroot = true;
};
dsc-extractor =
with import nixpkgs { system = "x86_64-darwin"; };
stdenv.mkDerivation {
name = "dsc-extractor-${lib.substring 0 8 self.inputs.dsc-extractor.lastModifiedDate}";
src = dsc-extractor;
nativeBuildInputs = [ cmake ];
};
snap-util =
with import nixpkgs { system = "x86_64-darwin"; };
stdenv.mkDerivation {
name = "snap-util-${lib.substring 0 8 self.inputs.snap-util.lastModifiedDate}";
src = snap-util;
nativeBuildInputs = [ xcode ];
preBuild = "NIX_CFLAGS_COMPILE='-idirafter ${snapshot-header}/bsd'";
installPhase = ''
mkdir -p $out/bin
cp snapUtil $out/bin/.snapUtil-wrapped
cat > $out/bin/snapUtil <<- EOF
#!/bin/sh
if csrutil status | grep -Fq disabled && sysctl kern.bootargs | grep -Fq amfi_get_out_of_my_way ; then
exec -a ./snapUtil $out/bin/.snapUtil-wrapped "\$@"
else
echo 'snapUtil requires SIP and AMFI to be disabled:'
echo ' boot recovery system'
echo ' run csrutil disable'
echo ' run nvram boot-args=amfi_get_out_of_my_way=0x1'
exit 1
fi
EOF
chmod a+x $out/bin/snapUtil
'';
postFixup = ''
cat > snapUtil.entitlements <<- EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.vfs.snapshot</key>
<true/>
<key>com.apple.private.apfs.revert-to-snapshot</key>
<true/>
</dict>
</plist>
EOF
codesign -s - --entitlement snapUtil.entitlements $out/bin/.snapUtil-wrapped
'';
__noChroot = true;
};
};
};
}

120
index.html Normal file
View File

@@ -0,0 +1,120 @@
<!DOCTYPE html>
<meta charset="utf-8">
<title>Apple Internals</title>
<script>
// generate HTML markup from plain text internals document
class Converter {
constructor(text) {
this.text = text;
this.filter = "";
}
generate() {
const dl = document.createElement("dl");
dl.setAttribute("class", "row");
for (const rowText of this.text.split("\n").slice(1))
if (rowText.length && rowText.toLowerCase().includes(this.filter.toLowerCase()))
dl.append.apply(dl, this.generateRow(rowText));
return dl;
}
generateRow(text) {
let result = new Array();
const parts = text.split("\t");
result.push(this.generateTerm(parts[0]));
result.push(this.generateDefinition(parts.slice(1).join("; ")));
return result;
}
generateTerm(text) {
const dt = document.createElement("dt");
dt.setAttribute("class", "col-sm-2");
dt.append.apply(dt, this.highlight(text));
return dt;
}
generateDefinition(text) {
const dd = document.createElement("dd");
dd.setAttribute("class", "col-sm-10");
dd.append.apply(dd, this.highlight(text));
return dd;
}
highlight(text) {
if (!this.filter.length) return Array(text);
let result = new Array();
let index = 0;
while (index = text.toLowerCase().indexOf(this.filter.toLowerCase()), index >= 0) {
result.push(text.substr(0, index));
const mark = document.createElement("mark");
mark.append(text.substr(index, this.filter.length));
result.push(mark);
text = text.substr(index + this.filter.length);
}
result.push(text);
return result;
}
}
document.addEventListener("DOMContentLoaded", event => {
// load main content
fetch("internals.tsv").then(function(response) {
if (!response.ok) return "";
return response.text();
}).then(function(text) {
const converter = new Converter(text);
const update = filter => {
converter.filter = filter;
const content = document.getElementById("content");
while (content.firstChild) content.firstChild.remove();
content.append(converter.generate());
};
// update content when typing a filter word
document.getElementById("filter").addEventListener("input", event => {
update(event.target.value.length >= 3 ? event.target.value : "");
});
// select filter text and update URL on return
document.getElementById("filter").addEventListener("change", event => {
event.target.select();
if (history.pushState)
history.pushState(null, null, "#" + event.target.value);
});
// clear filter button
document.getElementById("clear").addEventListener("click", event => {
document.getElementById("filter").value = "";
document.getElementById("filter").focus();
update("");
});
// initialize filter control
if (location.hash.length) {
document.getElementById("filter").value = location.hash.slice(1);
document.getElementById("filter").dispatchEvent(new Event("input"));
} else {
document.getElementById("clear").click();
}
});
});
</script>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/5.0.0-alpha2/css/bootstrap.min.css" integrity="sha384-DhY6onE6f3zzKbjUPRc2hOzGAdEf4/Dz+WJwBvEYL/lkkIsI3ihufq9hk9K4lVoK" crossorigin="anonymous">
<style type="text/css">
body {
font-size: 90%;
}
mark {
position: relative;
z-index: -1;
padding: .2em;
margin: -.2em;
}
</style>
<body class="container-fluid p-4">
<h1 class="mb-3">Apple Internals</h1>
<p class="my-0">Collected knowledge about the internals of Apples platforms.</p>
<p class="my-0">Sorted by keyword, abbreviation, or codename.</p>
<p>Feel free to contribute on <a href="https://github.com/mroi/apple-internals">GitHub</a> or share under <a href="https://github.com/mroi/apple-internals/blob/main/LICENSE.txt">MIT license</a>.</p>
<div class="input-group" style="max-width:30em">
<input id="filter" type="text" class="form-control" placeholder="Filter">
<div id="clear" class="input-group-text">
<svg width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-x-circle-fill" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM5.354 4.646a.5.5 0 1 0-.708.708L7.293 8l-2.647 2.646a.5.5 0 0 0 .708.708L8 8.707l2.646 2.647a.5.5 0 0 0 .708-.708L8.707 8l2.647-2.646a.5.5 0 0 0-.708-.708L8 7.293 5.354 4.646z"/>
</svg>
</div>
</div>
<div id="content" class="mt-3">
</body>

349
internals.tsv Normal file
View File

@@ -0,0 +1,349 @@
Term Description
1TR One True Recovery; booting into macOS recovery on Apple Silicon by holding the power button to verify physical presence; enables interaction with SEP to change Boot Policy
AA Apple account
AA Apple Archive, see also Apple Encrypted Archive; command line tools: aa, aea, compression_tool
AAC Automatic Assessment Configuration; AutomaticAssessmentConfiguration.framework; puts device in a locked mode for exam-style test applications
AAT Apple Advanced Typography; font format and rendering engine
Accounts launchd service: com.apple.accountsd; /System/Library/Accounts
ACDE Apple Connect Device External? ACDEClient.framework, old two-step verification, derived from a company-internal AppleConnect system?
ACFS Apple Clustered File System; deprecated file system for Xsan; acfs.framework
Acoustic ID Siri feature to recognize songs
Activation cryptographic check-in with iCloud to lock devices reported by the user as lost; verified by iBoot; MobileActivationMacOS.framework; launchd service: com.apple.mobileactivationd; servers: humb.apple.com, albert.apple.com
Activity jobs, coarse-grained work units of applications; tracked by the system across XPC, bears a QoS class for scheduling; low-level mechanism not to be confused with User Activity
AE Apple Events; messaging system to invoke application functionality; CoreServices.framework/AE.framework; launchd services: com.apple.coreservices.appleevents, com.apple.AEServer (AE over network)
Aegir astronomy watch face and lock screen; /System/Library/CoreServices/AegirProxyApp.app
AGC Apple Graphics Control, management of multiple displays and display port connections; launchd service: com.apple.displaypolicyd
AHAP Apple Haptic Audio Pattern; file format for simultaneous audio and haptic data; CoreHaptics.framework
AIR Apple Intermediate Representation; synthetic bytecode architecture target for GPU binary toolchain
ALF Application-Layer Firewall, launchd service: com.apple.alf (socketfilterfw)
Alloy substrate for communication between user devices over Bluetooth and devices to iCloud, implemented over IDS; /System/Library/IdentityServices/ServiceDefinitions; launchd service: com.apple.identityservicesd
ALS Ambient Light Sensor, AmbientDisplay.framework
Amber Swift UI; SwiftUI.framework
AMFI Apple Mobile File Integrity, checks code integrity based on code signature, stronger enforcement with hardened runtime, validates entitlement restrictions; launchd service: com.apple.MobileFileIntegrity (amfid, invoked by kernel through host special port 18); disabled by setting amfi_get_out_of_my_way=0x1 in boot-args
AMP Apple Media Protocol? former parts of iTunes for iPod and iOS device access in Finder, Home Sharing; AMPDevices.framework, AMPSharing.framework; launchd services: com.apple.AMPDeviceDiscoveryAgent, com.apple.AMPDevicesAgent, com.apple.amp.mediasharingd
AMP Asynchronous Multiprocessing; performance and power-efficiency cores on Apple Silicon
AMS Apple Media Services; formerly the iTunes stores and media services: App Stores, Apple Music, Apple TV, iCloud media library, Apple Podcasts, Podcast sync, Books Store, Books sync; AppleMediaServices.framework; server: phobos.apple.com
AMX Apple Matrix Extension; ARM instruction set extension for matrix operations
ANE Apple Neural Engine, hardware accelerator for neural network operations; ANECompiler.framework, ANEServices.framework; launchd service: com.apple.aned
Anisette two-factor authentication creates security codes on trusted devices using TOTP, probably using Circle keys, checked by HSA; AuthKit.framework; launchd service: com.apple.akd
AOP Always On Processor, part of Apple SoCs, runs RTKit as operating system
AOS Apple Online Services? historical name for iCloud
Apache built-in web server; command line tool: apachectl
APFS Apple File System; copy-on-write file system with support for volume space-sharing, per-file encryption, and snapshots
APNS Apple Push Notification service, server infrastructure for remote push notifications over a single connection, clients subscribe to push topics, can be authenticated by app (remote notifications), device (Find My …), or Apple ID login (DSID); credentials in apsd keychain; launchd service: com.apple.apsd; server: push.apple.com
App Nap quiescence detection for applications and corresponding self-demotion in scheduler parameters, implemented within application frameworks and RunningBoard, listens for occlusion notifications from WindowServer
App Sandbox Seatbelt-based sandbox for apps; /System/Library/Sandbox/Profiles/application.sb; enabled with com.apple.security.app-sandbox entitlement; launchd service: com.apple.secinitd
AppleCare extended warranty; NewDeviceOutreach.framework; launchd service: com.apple.ndoagent
APT Adaptive Picture Timing? ProMotion; dynamic screen updates with 120Hz base frequency; AppleDisplayTCONControl.framework
Ask To parental-controlled user can ask parent for exceptions; launchd service: com.apple.asktod; AskToCore.framework
ASL Apple System Logger, superseded by Unified Logging; /etc/asl; stored in /var/log/asl; launchd service: com.apple.syslogd; command line tool: syslog
ASR Apple Software Restore; restore entire volumes from sources like disk images (HDI, SIU), also restores based on APFS snapshots and snapshot deltas; command line tool: asr
Assertions power state management allowing applications to prevent sleeping; launchd service: com.apple.powerd; command line tools: caffeinate, pmset
Assessment checking of System Policy; term also used for AAC
Asset Cache discretionary caching server for Mobile Assets, Packages, iOS updates, App Store content, ODR, MMCS data; launchd services: com.apple.AssetCache.builtin, com.apple.AssetCacheLocatorService, com.apple.AssetCacheManagerService, com.apple.AssetCacheTetheratorService; command line tools: AssetCacheLocatorUtil, AssetCacheManagerUtil, AssetCacheTetheratorUtil
Assistant Siri; dictation and semantic understanding, Intent is communicated to and enacted on the client, uses TTS for output, Snippets to embed mini UIs into responses; /System/Library/Assistant, /System/Library/Snippets, AssistantServices.framework; server: *.siri.apple.com
ATS App Transport Security, sandbox mechanism only allowing TLS-secured connections
ATSUI Apple Type Services for Unicode Imaging; rendering engine superseded by CoreText.framework, font management; ApplicationServices.framework/ATS.framework; launchd service: com.apple.xtyped (fontd); command line tools: atsutil
ATT App Tracking Transparency; apps declare user tracking on app store
Attestation cryptographic proof of a genuine SEP; used for web authentication and app attestation; DeviceCheck.framework; SEP responds to challenge using hardware-key (GID, PKA), online service verifies; used to pair Touch ID keyboards, used to pair RemoteXPC channel?
Authorization discretionary access control policies for high-level services; similar to PAM; policy stored in /var/db/auth.db
Avatar Memoji and Animoji, including pre-rendered iMessage stickers; AvatarKit.framework
AVB Audio Video Bridging, low-latency audio over Ethernet; launchd service: com.apple.avbdeviced; command line tool: avbdiagnose, avbutil
AWD Apple Wireless Diagnostics, sends system telemetry to Apple; CoreAnalytics.framework, WirelessDiagnostics.framework; launchd services: com.apple.awdd, com.apple.analyticsd
AWDL Apple Wireless Direct Link; secondary WiFi interface that runs in parallel to an active WiFi access point connection, similar to WiFi Direct (p2p interface), uses a randomized MAC, used for peer-to-peer networking: AirDrop, AirPlay; DeviceToDeviceManager.framework
Background Assets assets that an app extension loads without the app being launched; BackgroundAssets.framework; extension point: com.apple.background-asset-downloader-extension; launchd service: com.apple.backgroundassets.user
Bezel on-screen overlays for hardware volume buttons, screen brightness, Bluetooth HID, and others; /Library/Application Support/Apple/BezelServices, launchd services: com.apple.loginwindow, com.apple.OSDUIHelper
Bifrost emergency satellite connectivity; /System/Library/LocationBundles/Bifrost.bundle
Biome CloudKit-synced real-time event streaming and processing; widely used, primarily Avatars/People? Siri?; BiomeStreams.framework, BiomeSync.framework; launchd services: com.apple.BiomeAgent, com.apple.biomesyncd
Blast Door sandboxed sanitization process for untrusted iMessage input; BlastDoor.framework
BOM Bill of Materials; format to store contents of installer Packages; command line tool: lsbom
Bonjour mDNS; launchd service: com.apple.mDNSResponder.reloaded; command line tool: dns-sd
Boot Cache disk cache pre-heating at boot time with typically loaded applications; /var/db/BootCaches; launchd service: com.apple.warmd
Boot Policy decides by signature check which OSes can be booted, boot-time equivalent for System Policy; LocalPolicy stores user settings, configurable from 1TR, stored by SEP, enforced by iBoot; command line tools: bputil, kmutil (to enroll custom kernels)
BPR Boot Progress Register; set-only flags to track boot mode (normal, DFU, recovery), part of Keybag class key derivation within SEP, so passcode-protected keys are inaccessible in DFU and recovery
Bridge T2 ARM CPU in Intel Macs to drive Touch Bar and Boot Policy; runs bridgeOS, a derivative of watchOS; boots the platform and the Intel CPU, communication from macOS uses RemoteXPC; launchd service: com.apple.multiversed; /System/Library/MultiversePlugins
Brook hand washing encouragement on watch; BrookServices.framework
Bulletin Board application push notification management, aggregates local and remote push notifications; BulletinBoard.framework
Cache Delete cleanup for various caches; /System/Library/CacheDelete; launchd service: com.apple.cache_delete (deleted)
CAML Core Animation Markup Language; XML file format for layers, shapes and animations
Carousel derivative of SpringBoard for Watch home screen, watch face, and notification center
CDM Continuous Dialog Manager; dialog with Siri; ContinuousDialogManagerService.framework, Marrs.framework;
Celestial media streaming used by ReplayKit for game broadcasts; Celestial.framework
Certificates validity checked using CRLs, OCSP stapling, and transparency logs; /System/Library/Security/Certificates.bundle; launchd services: com.apple.trustd, com.apple.trustd.agent, com.apple.ocspd; command line tool: crlrefresh
Chamois Stage Manager
CHIP Connected Home over IP; Matter; integrated into HomeKit; HomeKitMatter.framework
Circle cryptographic primitive to exchange public keys of trusted devices of a user, signed by Circle peers; iCloud identity added as additional Circle peer, private key synced across all trusted devices, new devices can pull this key from Secure Backup to join the Circle; per-device Circles stored in CKKS for two-factor accounts (Octagon); KeychainCircle.framework; command line tools: otctl (Octagon)
CKKS CloudKit Key Sync, end-to-end secure syncing for credentials, seeded by Circle; currently includes ApplePay, AutoUnlock, CreditCards, DevicePairing, Engram, Health, Home, Manatee, SOS, WiFi and other keys; launchd service: com.apple.secd; command line tool: ckksctl
Clarity customizable accessibility mode for simplified UI; ClarityFoundation.framework
Classroom school teachers can create assignments for student iPads and track progress in Schoolwork app; ClassKit.framework; launchd service: com.apple.studentd
Cloud Pairing part of Alloy, Bluetooth out-of-band pairing over iCloud for Continuity; launchd service: com.apple.BTServer.cloudpairing (cloudpaird)
CMAS Commerial Mobile Alert System, now known as Wireless Emergency Alerts (WEA)
Commpage user-mapped kernel data, like vdso/vsyscall on Linux; mapped at 0x7fffffe00000
Communications Filter recipient blocking for iMessage, FaceTime, Mail; launchd service: com.apple.cmfsyncagent
Companion iPhone that is paired with Watch; communication uses Alloy over IPsec over Bluetooth
Contact Key Verification code for manual verification of iMessage keys; code identifies a long-lived account key stored in iCloud Keychain, which signs all ESS device keys
Continuity umbrella term for Handoff, Sidecar, SMS relay, Universal Clipboard, Watch unlock, WiFi call relay and others; SMS relay works by proxying to iMessage, other services use Alloy
Control Center icons in menu/status bar and Bento Box controls UI, gradually replaces SystemUIServer on macOS; handles incoming AirPlay content; launchd services: com.apple.controlcenter, com.apple.SystemUIServer.agent
CPML CorePrediction Machine Learning; CPMLBestShim.framework
CRD Conference Room Display; Apple TV mode
Cryptex Cryptographically sealed Extension of SSV, mount-invisible extension of the root volume, allows lightweight updates as part of Rapid Security Response; /System/Cryptexes (mountpoint), /System/Volumes/Preboot/*/cryptex1/current/*.dmg (disk images)
CSR Configurable Security Restrictions; XNU subsystem that is the basis for SIP
CTK Crypto Token Kit; smart card management, also for the Secure Element on iOS? launchd service: com.apple.ctkd; command line tool: sc_auth
CTS Centralized Task Scheduling; execution of DAS tasks; /System/Library/UserEventPlugins/com.apple.cts.plugin
CVMS Core VM Server/Service? compilation of GPU shaders; launchd service: com.apple.cvmsServ
DAAP Digital Audio Access Protocol; used by Home Sharing (with Rapport token) and by the Remote app to control Apple TV (with pairing token); payload unencrypted; DAAPKit.framework; Bonjour services: _atc._tcp, _home-sharing._tcp, _mediaremotetv._tcp, _touch-able._tcp
Daily Briefing Siri giving an overview of information for the day; SiriDailyBriefingInternal.framework
DART DMA Address Relocation Table; IOMMU implementation in Apple silicon, positioned in front of every DMA-capable co-processor and peripheral, offers sub-page protection; SART: streaming variant for high-throughput devices (like NVMe)
DAS Duet Activity Scheduler; scheduling policy engine behind NSBackgroundActivityScheduler and XPC activities; /System/Library/DuetActivityScheduler; launchd service: com.apple.dasd
Data Detectors text analysis to highlight phone numbers, street addresses, and the like; DataDetectors.framework
Data Vault directories with the UF_DATAVAULT special flag; CSR limits access to one application
DAV Distributed Authoring and Versioning; network protocol on top of HTTP for syncing calendars (CalDAV), contacts (CardDAV), and formerly also bookmarks (BookmarkDAV)
DCP Display Co-Processor
DDE Device Discovery Extension; detects devices on local network without app access to local network; DeviceDiscoveryExtension.framework, DeviceDiscoveryUICore.framework; extension point: com.apple.discovery-extension
DEP Device Enrollment Program; devices check in with Apple during Setup Assistant to query for their enrollment status, retrieve MDM server URL to fetch initial configuration profile
Developer Mode enables launching of self-compiled apps in iOS, rough equivalent to System Policy; command line tool: devmodectl
DFR Dynamic Function Row?, TouchBar; /System/Library/CoreServices/ControlStrip.app; DFRFoundation.framework
DFU Device Firmware Update; special boot mode where iOS has not booted and the system can be installed over the Lightning connection
Differential Privacy crowdsourcing without user tracking; privacy budget for management of anonymity set; used for keyboard words, emoji, Spotlight searches, Parsec deep links, HealthKit usage, Safari telemetry; /System/Library/DifferentialPrivacy; stored in /var/db/DifferentialPrivacy; launchd service: com.apple.dprivacyd
Digital Separation safety check feature to inhibit sharing relationships; DigitalSeparation.framework
DMC Device Management Client; part of MDM; DMCUtilities.framework
DMC Disk Mount Conditioner; simulates slow IO devices; command line tool: dmc
DND Do Not Disturb
DSID Destination Signaling Identifier, unique ID for IDS login on a specific device
DTrace system-wide tracing infrastructure, command line tools: dtrace, *.d, dappprof, dapptrace, dtruss, errinfo, execsnoop, fddist, fs_usage, imptrace, iopattern, iopending, iosnoop, iotop, lastwords, latency, opensnoop, plockstat, rwsnoop, sampleproc, sc_usage, topsyscall, topsysproc
Duet telemetry collection engine for system and user events, forecasting by machine learning, backend for DAS, Proactive, Relevance, Screen Time, thermal and battery management; /System/Library/DuetKnowledgeBase; CoreDuet.framework, CoreKnowledge.framework, CorePrediction.framework; launchd services: com.apple.coreduetd, com.apple.knowledge-agent, com.apple.ospredictiond
Dyld Shared Cache dynamic linker cache, stores all system libraries in prelinked form, original library files are removed; /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld; command line tools: dyld_info, dyld_usage, update_dyld_shared_cache
EAS Exchange Active Sync; network protocol for accessing Microsoft Exchange servers
EDR Extended Dynamic Range; rendering with transfer function extending beyond sRGB white; implemented natively on XDR displays and by backlight modulation on others; HDRProcessing.framework
Energy Impact unitless metric for per-application energy consumption, machine-specific coefficients; /usr/share/pmenergy, /usr/share/kpep; launchd services: com.apple.sysmond, com.apple.thermald; command line tool: powermetrics
Engram Messages in iCloud; devices store received iMessages in CloudKit; Engram.framework
Entitlements capability-like attributes bound to executables by code signing; some entitlements like App Sandbox restrict ambient authority, some gradually relieve those restrictions (using Seatbelt), some services or system calls grant privilege based on caller entitlements
ESS IDS user directory, public key distribution for iMessage and CloudKit sharing, uses Transparency; server: *.ess.apple.com; launchd service: com.apple.identityservicesd
Eye Relief screen distance warning for handheld devices; /Applications/EyeReliefUI.app
FaceTime video calls, employs the ICE (establishing peer-to-peer connection), STUN (session credential exchange) and SRTP (encrypted media streaming) protocols; FTServices.framework; launchd services: com.apple.videoconference.camera (avconferenced)
FairPlay DRM system used by app and media stores; CoreADI.framework, CoreFP.framework, CoreLSKD.framework; launchd services: com.apple.adid, com.apple.fairplayd (invoked by kernel through host special port 17), com.apple.lskdd; credentials stored in /var/db/fpsd
Family Circle Family Sharing; launchd services: com.apple.familycircled, com.apple.askpermissiond
FDE Full Disk Encryption, FileVault; command line tool: fdesetup, sysadminctl
FDR Factory Data/Device Reset? ensures that no downgrades are performed? servers: skl.apple.com, gg.apple.com; /System/Library/FDR
Feldspar Apple News; Silex.framework
FiDES Fi? Distributed Evaluation Service? aggregates Differential Privacy data for unlinkability? maybe private federated learning? used for emoji, Suggestions, Dictation; /System/Library/DistributedEvaluation; DistributedEvaluation.framework; server: fides-pol.apple.com
File Provider infrastructure and extension system for syncing with cloud providers; placeholder files based on SF_DATALESS attribute in APFS; FileProvider.framework; locally stored in ~/Library/CloudStorage; command line tool: fileproviderctl
Find My location sharing by explicitly querying devices remotely or collateral beacon detection using Search Party; FMCore.framework, FMF.framework; launchd service: com.apple.icloud.fmfd (find my friends)
Firmlink bi-directional non-symbolic link between the read-only system volume and the data volume, additional symlinks and mountpoints in the root directory are virtually allocated; /usr/share/firmlinks, /etc/synthetic.conf
Focus restriction modes for notification presentation; focus filters for in-app display restrictions, communicat by Intents; Focus.framework, DoNotDisturb.framework; local settings in ~/Library/DoNotDisturb
FollowUp user interaction for Secure Backup wrapping with device passcode, CoreFollowUp.framework; launchd service: com.apple.followupd
FoundationDB fundamental iCloud storage database, marketed as CloudKit, separated into containers; records, blobs, and large asset storage with MMCS, server-side continuous queries can trigger push notifications, user management by IDS, sharing between users by GroupKit; PCS keys used for hierarchical zone, record, and asset encryption; CloudKitDaemon.framework; launchd service: com.apple.cloudd; locally stored in ~/Library/Caches/CloudKit, ~/Library/Containers/*/Data/CloudKit; command line tool: cktool
FPR Fast Permission Restrictions; Apple CPU registers to downgrade (old APRRs do bitmasking) or remap (SPRRs since M1) actual permissions of memory pages (the CTRR region) per thread; used for JIT protection and by AMFI to freeze user code after checking
FSKit user space file system support; kernel stub file system is /System/Library/Extensions/lifs.kext; file systems are in /System/Library/ExtensionKit/Extensions/com.apple.fskit.*; launchd service: com.apple.filesystems.fskitd; extension point: com.apple.fskit.fsmodule
FUD Firmware Update Daemon; /var/db/fud; launchd service: com.apple.accessoryupdaterd
Game Mode auto-activates when games are shown full screen, throttles background work, lowers audio and input latency; launchd service: com.apple.gamepolicyd
GID group ID key, shared across all devices of the same SoC generation, derived keys are used to prove device type over the network, only accessible by SEP
Gizmo Apple Watch; watch settings managed by Companion; /Applications/Bridge.app, /System/Library/BridgeManifests
Group Activities SharePlay; sharing of media content and programmatic state over FaceTime calls; GroupActivities.framework, CopresenceCore.framework; launchd service: com.apple.telephonyutilities.callservicesd
GroupKit groups of IDS users with shared CloudKit (PCS) access; GroupKit.framework
GSS Generic Security Service; part of Kerberos; GSS.framework; launchd service: com.apple.gssd (invoked by kernel through host special port 19); command line tool: gsstool
GXF Guarded Execution Feature/Fault, additional exception levels on Apple Silicon, lateral to the usual exception levels; page tables remain the same, but interpretation of permission bits changes by way of FPR, genter and gexit instructions; implements lightweight intra-address-space protection contexts
HAP Home Automation Protocol; CoreHAP.framework
HDA High Definition Audio; HDAInterface.framework
HDI Hard Disk Image; command line tool: hdiutil
HeadBoard derivative of SpringBoard for tvOS home screen; /Applications/HeadBoard.app, /Applications/PineBoard.app
HLS HTTP Live Streaming
HSA Hardware Security Architecture; version 1 used for two-step verification, SOS with iCSC; version 2 for two-factor authentication, CKKS and Secure Backup with iCDP
HSM Hardware Security Module; HSM fleet runs escrow service for Secure Backup
Hyperion iCloud Photos, uses CloudKit; launchd service: com.apple.cloudphotod
IAP iPod Accessory Protocol; IAP.framework
iBoot boot loader stage after boot ROM or UEFI (macOS on Intel); intermediate Low-Level Bootloader (LLB); DFU mode is implemented here; /System/Library/CoreServices/boot.efi
iCDP iCloud Data Protection, codename for a set of enhancements to iCloud privacy: device passcodes used as iCSC for Secure Backup, root keys for CKKS-enabled services only synced between devices and not stored at Apple; launchd service: com.apple.cdpd
iCloud umbrella term for a conglomerate of services, consists of FoundationDB containers with PCS views for key management, supported by CKKS; uses IDS and APNS; some services under the iCloud name are actually served by AMS, IMAP, or DAV
iCSC iCloud Security Code, credential wrapping for Secure Backup, previously used a separate code, with HSA2/iCDP uses device passcodes
IDAM Inter-Device Audio and MIDI; audio connection between devices
IDS Identity Directory Service, also IDMS, Apple ID identity management for all of Apples online services; APNS topics for signaling and messaging, see also Alloy, ESS, FaceTime, iMessage; authentication to services with Kerberos
IDV Identity Verification? Touch ID and Face ID; /System/Library/AccessibilityBundles/CoreIDVUI.axbundle
IM Instant Messaging; usually means iMessage and FaceTime
IMG4 boot files (Mach-O binaries or configuration data) with ASN.1 signature, contains RemotePolicy certificate constraints to restrict Boot Policy evaluation
Intent use-case-driven interaction with 3rd-party apps from a host app; used for Siri, Maps, Shortcuts, Widgets (configuration); definition file or programmatically using AppIntents.framework; command line tool: appintentsmetadataprocessor (Xcode extracts Intent definition at compile time); extension points: com.apple.intents-service, com.apple.intents-ui-service
IOKit device driver subsystem for in-kernel and DriverKit drivers, command line tool: ioreg
Ironwood dictation, customized on server with selected user data (contacts, app names, music titles, HomeKit names, Siri Shortcut phrases), not tied to Apple ID; SpeechRecognitionCore.framework; server: guzzoni.apple.com
ISP Image Signal Processor; camera imaging circuit in iPhones
ITML iTunes Markup Language; metdata tagging for media services; ITMLKit.framework
ITP Intelligent Tracking Prevention, cross-site tracking defenses in Safari, statistics and user interaction classify sites, cookies are partitioned and access is restricted
JARVIS Just A Rather Very Intelligent Scheduler, Mesos cluster manager for Siri, iCloud, AMS
Jellyfish Animoji; /Applications/Jellyfish.app
Jetsam reclaiming of purgeable memory and termination of apps during memory pressure
JSC JavaScript Core; JavaScriptCore.framework; command line tool: jsc
Kalamata codename for the transition from x86 to ARM-based Apple Silicon
Kerberos single-sign-on mechanism; Heimdal.framework; command line tools: kinit, ktutil
Kext kernel extension mechanism, loaded at boot time as part of a Kext Collection; /Library/Extensions, /Library/StagedExtensions (for user approval), /System/Library/Extensions; command line tool: kextutil (manages deprecated runtime loading)
Kext Collection prelinked sets of kernel extensions; /System/Library/KernelCollections (for boot and system kexts), /Library/KernelCollections (for auxiliary third-party kexts); the latter is only loaded at a lower-security Boot Policy; launchd service: com.apple.kernelmanagerd (invoked by kernel through host special port 15); command line tool: kmutil
Keybag storage of protection class keys for Keychain and filesystem, protected by SEP using SKP; stored in user.kb; launchd services: com.apple.mobile.keybagd, com.apple.securityd_service, com.apple.secd
Keychain storage for credentials; launchd service: com.apple.securityd; command line tools: certtool, security, systemkeychain
KIP Kernel Integrity Protection, locking of physical memory pages to prevent changes to kernel
Launch Services management for application launches, association of UTIs to apps, uses Spotlight to update cached info; launchd services: com.apple.coreservices.launchservicesd, com.apple.lsd; CoreServices.framework/LaunchServices.framework; command line tools: lsappinfo, lsregister
Live Files user mode filesystems, currently FAT, ExFAT, NTFS on external storage; UserFS.framework, UVFSXPCService.framework; launchd service: com.apple.filesystems.userfsd
Liverpool PCS codename for CloudKit
LKDC Local Key Distribution Center, Kerberos on client machines
LSM Latent Semantic Mapping, text analysis, used for spam filtering, command line tool: lsm
Mac Buddy historic name for Setup Assistant
MAC Policy Mandatory Access Control subsystem in XNU, based on TrustedBSD, implements policy hooks for restricted kernel operations; current policies: AMFI, Seatbelt, Quarantine, CSR
Machine Learning Vision.framework, Espresso.framework, Futhark.framework, PhotoAnalysis.framework; used for Live Text and Visual Lookup; launchd service: com.apple.mediaanalysisd
Madrid iMessage; /System/Library/Messages
Manatee PCS key for some CloudKit containers are synced via CKKS, so data is unreadable to Apple (credential management codenames: Plesio, Stingray, Cuttlefish)
Mandrake emergency siren on Apple Watch Ultra; /Applications/Mandrake.app
Mangrove transfering UI tiles over XPC; Mangrove.framework, IOSurface.framework
Marco Marco.framework, something about IDS and communication (iMessage, Calls), logging?
Marklar codename from the PowerPC era for the port to x86, served the transition to Intel CPUs
Marzipan Catalyst; port of iOS frameworks to macOS, Catalyst apps are iOS apps with additional API to adapt macOS UI idioms; /System/iOSSupport; integration using UIKit system process; launchd service: com.apple.uikitsystemapp; input remapping by /Library/Apple/Library/Bundles/InputAlternatives.bundle
MCX Managed Client for OS X, preference management for settings from configuration profiles, /Library/Managed Preferences, command line tools: mcxquery, mcxrefresh
MDM Mobile Device Management; server software to manage fleets of iOS and macOS devices; uses configuration profiles to manage preferences; ConfigurationProfiles.framework
MDS Module Directory Services, ancient part of the old security APIs (CSDA, CSSM)
Memory Debugging uses Taskport; command line tools: heap, leaks, malloc_history, stringdups, vmmap
Mesa Touch ID; /Library/Catacomb; /var/db/bkad.db
Metadata Spotlight; file indexing on macOS; CoreServices.framework/Metadata.framework, CoreServices.framework/SearchKit.framework; stored in .Spotlight-V100; launchd service: com.apple.metadata.mds; command line tools: mddiagnose, mdfind, mdimport, mdls, mdutil; in addition to auto-indexing, apps can explicitly register searchable items; CoreSpotlight.framework; launchd service: com.apple.corespotlightd
MLHost background machine learning service; launchd service: com.apple.mlhostd; /System/Library/MLHost; DeepThought.framework, LighthouseBackground.framework, LighthouseBitacoraFramework.framework,
MMCS MobileMe Chunk Storage, used by iCloud, splits blobs into chunks and stores them at Apple/AWS/GCP with convergent encryption (content hash as key); MMCS.framework
Mobile prefix for iOS
Mobile Assets demand-downloaded system components like fonts, dictionaries, linguistic data; stored in /System/Library/Assets; launchd services: com.apple.languageassetd (language-dependent assets), com.apple.mobileassetd; server: mesu.apple.com
Mobile Device connectivity to iOS devices over USB or WiFi (AirTrafficHost) for syning, development, and debugging; MobileDevice.framework; launchd service: com.apple.usbmuxd; Bonjour service: _apple-mobdev2._tcp
MOC Managed Object Context; Core Data object space
Mondrian photo collage arrangement in Photos.app; Mondrian.framework
MRT Malware Removal Tool; /Library/Apple/System/Library/CoreServices/MRT.app; superseded by XProtect
Multipeer Connectivity ad-hoc networking; Bonjour for discovery; WiFi, AWDL, Bluetooth, or Ethernet as transport; optional encryption and certificate-based authentication; MultipeerConnectivity.framework
Nano prefix for watchOS
Nearby Interaction proximity-based interaction between devices; proximity measured using ultra wideband or derived from other technologies; used for Universal Control; NearbyInteraction.framework, Proximity.framework; launchd service: com.apple.nearbyd
Newton fall detection on watchOS
NLP Natural Language Processing; NLP.framework; related to mecabra libraries, a linguistic engine for Chinese and Japanese; /usr/share/mecabra, /usr/share/tokenizer
Notarization app security scan by Apple; cryptographic proof stapled to code signature, tested at launch by System Policy; for non-notarized apps sends code hash to Apple; command line tools: notarytool, altool, stapler
Noticeboard User Notifications for Software Update and App Store, Noticeboard.framework; launchd services: com.apple.noticeboard.state (nbstated), com.apple.noticeboard.agent (nbagent)
Notifications system notification bus, unrelated to the local/remote push notifications; launchd service: com.apple.notifyd, com.apple.kuncd (invoked by kernel through host special port 10); command line tool: notifyutil; complemented by framework-level notification system (CFNotification, NSNotification); launchd services: com.apple.distnoted.xpc.daemon, com.apple.distnoted.xpc.agent
NSP Network Service Proxy; per-app VPN and proxy settings, implements Private Relay; launchd service: com.apple.networkserviceproxy
OAH Rosetta; ahead-of-time compiler for Intel code on Apple Silicon, usable from Linux VMs by way of a custom binformat; /usr/libexec/rosetta
ODR On-Demand Resources; loaded from App Store; launchd service: com.apple.appstored
Onboarding data protection splash screen shown by service-connected apps; /System/Library/OnBoardingBundles; OnBoardingKit.framework
Open Directory directory service for user, group, and machine management; plugin-based to use different backend stores (LDAP, Active Directory), local accounts in /private/var/db/dslocal; launchd service: com.apple.opendirectoryd; command line tools: dscacheutil, dscl, dsconfigad, dsconfigldap, dseditgroup, dsenableroot, dserr, dsexport, dsimport, dsmemberutil, odutil
OpenBSM Open Basic Security Module; deprecated security audit subsystem; /etc/security, /var/audit; launchd service: com.apple.auditd; command line tool: audit
Opus create slide shows from photos; Slideshows.framework
OSA Open Scripting Architecture; scripting of applications from different fontend languages (currently AppleScript and JavaScript); backed by Apple Events; command line tools: osacompile, osadecompile, osalang, osascript, sdef, sdp
OTUT One-Time Unlock Token; security mechanism to allow keybag unwrapping after updates
PAC Pointer Authentication Codes; pointers signed in unused bits to prevent ROP attacks
Packages unit of software installation; command line tools: pkgutil, installer, softwareupdate; launchd services: com.apple.softwareupdated, com.apple.bootinstalld, com.apple.installd, com.apple.system_installd, com.apple.uninstalld; /var/db/softwareupdate, /Library/Apple/System/Library/Receipts (system), /System/Library/Receipts (read-only), /private/var/db/receipts (App Store)
Packet Filter network traffic filtering subsystem from OpenBSD; command line tool: pfctl
Parsec Spotlight web results and searching of crowdsourced User Activity deep links; server: *.smoot.apple.com; launchd services: com.apple.parsecd, com.apple.parsec-fbf (Feedback Flush to Differential Privacy)
Party Studio Karaoke mode on tvOS, where video from a paired phone is shown with effects; /System/Library/PrivateFrameworks/PartyStudio.*
Passkey keypair used for authentication instead of password, synced via SOS, implements WebAuthn standard; keys can be used to login on separate device via QR code and Bluetooth proximity proof; AuthenticationServices.framework
Password Breach monitoring of Keychain passwords against a breach database; round-robin matching in fixed-size batches, local match against common leaks, remote match using hash prefix; launchd service: com.apple.Safari.passwordbreachd
Pasteboard storage for cut, copy, and paste; type of content remembered as UTI; launchd service: com.apple.pboard; command line tools: pbcopy, pbpaste
PAT Private Access Tokens; blind challenge-response authentication; Apple server attests user validity to token issuer, issuer performs blind signature, websites receiving the token cannot identify user; used for Private Relay, can replace CAPTCHAs
PCS Protected Cloud Storage; key management for separate iCloud storage compartments (PCS calls them views), each can contain FoundationDB plus bulk data stored by MMCS; see also iCDP, CKKS, GroupKit, Manatee; ProtectedCloudStorage.framework; /System/Library/Preferences/ProtectedCloudStorage; command line tool: pcsstatus
PCSC Personal Computer Smart Card; PCSC.framework, uses CTK
PDE Print Dialog Extension; old name, not a proper Extension
PEC/PIR Private Encrypted Compute and Private Information Retrieval; used for parental controls for media and web; CipherML.framework; launchd service: com.apple.ciphermld
Pegasus meaning 1: picture-in-picture video playback; Pegasus.framework (iOS), PIP.framework (macOS); meaning 2: online search query engine for visual lookup; PegasusKit.framework
People contacts with Apple ID accounts within Group Activities and Shared With You
Pepper UI elements for Watch home screen and Chat, like Quickboard (canned replies), Animoji; PepperUICore.framework
Persona separation of sub-user-identities, like when using a private and managed Apple account; PersonaKit.framework; ~/Library/Personas; /System/Library/UserManagement; command line tool: umtool
PHASE Physical Audio Spatialization Engine; 3D sound rendering engine; Apple devices map audio sources (even mono and stereo) to virtual speakers in a 3D sound stage, which is simulated by the physical speakers via a head-related transfer function; PHASE.framework
Piano Mover Mail Drop; bulk mail attachments transfered over PCS; not to be confused with storage for iMessage attachments, which uses a CloudKit container
Plugin Extensions, XPC services bundled with apps or frameworks, discovery by Launch Services; launchd service: com.apple.pluginkit.pkd; command line tool: pluginkit
PMP Port Mapping Protocol; Apple alternative to UPnP, Bonjour service: _acp-sync._tcp
Poster iPhone lock screen; PosterBoard.framework, PosterKit.framework; /Library/Wallpaper
PowerUI battery management like smart charge and power save, learns from Duet and other data; PowerUI.framework; /var/db/PowerUI; launchd service: com.apple.PowerUIAgent
Preferences storage for user-configurable settings; launchd services: com.apple.cfprefsd.xpc.daemon, com.apple.cfprefsd.xpc.agent; stored in Library/Preferences, command line tool: defaults; interaction with Synced Defaults per /System/Library/DefaultsConfigurations
Preview Shell skeleton for on-device UI previews during development; /System/Library/CoreServices/PreviewShell.app; PreviewShellKit.framework, XOJIT.framework (code live patching)
Private Relay two-hop onion routing with one entry and one exit node; Apple operates entry, third-party services operate exit nodes; QUIC for payload, ODoH for DNS, approximate IP geolocation via Waldo, authentication via PAT
Proactive umbrella term for suggestions and completions based on Duet forecasting and User Activity context, also marketed as Siri features; PersonalizationPortrait.framework
Provenance per-file origin tracking, extended attribute com.apple.provenance stores ID into /var/db/SystemPolicyConfiguration/ExecPolicy
QoS Classes inheritable property for Activities; semantic priorities, influences scheduling parameters; initially set at user-level, priority inheritance within GCD queues and across XPC in kernel?
Quagga framework for QR and barcode decoding; Quagga.framework
Quick Action extension type for quick interaction with foreign content within a host app; extension points: com.apple.services, com.apple.ui-services
Quick Look file preview and thumbnail generation; comand line tool: qlmanage
RAOP Remote Audio Output Protocol, AirPlay; Bonjour service: _raop._tcp
Rapport device pairing by proximity using Alloy, with PIN entry, or using iCloud; once paired, devices can access services; used for HomeKit, HomePod, AirPlay, Home Sharing, SideCar; Rapport.framework; launchd service: com.apple.rapportd; Bonjour service: _companion-link._tcp
Recents recently used items (not files) in various applications, synced with Synced Defaults; CoreRecents.framework, /System/Library/Recents; launchd service: com.apple.recentsd
Relevance Engine backend for Siri suggestions (for example of Siri Shortcuts), Widget smart stacks (also Siri watch face); consumes Duet knowledge and app-provided timelines with relevance hints; /System/Library/RelevanceEngine; launchd service: com.apple.relevanced
Remote Pairing Mobile Device pairing without wired connection; RemotePairingDevice.framework; Bonjour services: _remotepairing._tcp, _remotepairing-manual-pairing._tcp
RemoteXPC connection to a non-SoC-integrated SEP like Bridge; uses HTTP/2 over a network interface, Bridge connected over USB, secured using Attestation; RemoteServiceDiscovery.framework, TrustedAccessory.framework; launchd service: com.apple.remoted, com.apple.tracd; command line tool: remotectl
Revisions document autosave and auto-versioning; stored in .DocumentRevisions-V100; GenerationalStorage.framework; launchd service: com.apple.revisiond
Routine frequently visited locations on iOS, interacts with Duet; launchd service: com.apple.routined
RTC Real-time Telemetry and Crash reporting; RTCReporting.framework; launchd service: com.apple.rtcreportingd
RTKit operating system used on Apple Silicon for firmware of co-processors
RunningBoard runtime management of apps, paradigm: app as service process invoked by system, check-in by frameworks, handles process assertions (frontmost app, see App Nap), memory pressure (see Jetsam) and compute resources (GPU), replacement for TAL?; launchd service: com.apple.runningboardd; /System/Library/LifecyclePolicy, /System/Library/RunningBoard
Safety Monitor Check In; short-term location sharing in iMessage until a destination is reached; /Applications/SafetyMonitorApp.app
SBPL Sandbox Profile Language; a TinyScheme-based embedded DSL for Seatbelt profiles
SCIP System Coprocessor Integrity Protection; like KIP, but for SEP, ISP, Motion coprocessor
Screen Reader VoiceOver and Braille; /System/Library/ScreenReader; ScreenReader.framework
Screen Time digital wellbeing and parental controls system, uses Device Management as policy engine, self-enforced within the application by frameworks; DeviceActivity.framework, ManagedSettings.framework, FamilyControls.framework; launchd services: com.apple.ScreenTimeAgent, com.apple.dmd
SDB SQL Database; CoreSDB.framework, used by iCloud communication
Search Party portion of Find My service for offline devices; devices emit public part of rotating key pair via Bluetooth LE, other devices encrypt current location with this key and send to Apple, private key shared over CloudKit
Seatbelt process sandbox by filtering system calls; profiles written in SBPL; /System/Library/Sandbox/Profiles, /usr/share/sandbox; default file access policy asks for TCC confirmation before access to folders with user data (like Documents) is allowed; command line tool: sandbox-exec; launchd service: com.apple.sandboxd (invoked by kernel through host special port 14 for logging)
Secure Backup escrow part of CKKS; escrow key individually wrapped with passcodes of trusted devices, stored in HSM to prevent brute forcing, uses SRP so passcodes are not visible to iCloud, limited number of recovery attempts; protocol called Lakitu, uses FollowUp; launchd service: com.apple.SecureBackupDaemon (com.apple.sbd); CloudServices.framework
SEP Secure Enclave Processor; dedicated ARM core for security services, runs L4/Darbat-based sepOS, inline encryption to DRAM, manages AES keys in storage DMA engine, factory-paired channels to Touch ID/Face ID hardware, Secure Element, Neural Engine; SEP can use but not read UID and GID keys; credential verification performed by hardware lockbox with retry count enforcement
Sequoia translation; downloadable language models can run on-device; /Applications/SequoiaTranslator.app, Translation.framework
Seymour Apple Fitness+; workout videos integrated with Watch sensors; SeymourCore.framework
SF Symbols scalable UI symbols; rendered with various color treatments; SFSymbols.framework
Shared File List lists of recently opened files from apps that are stored with Launch Services; command line tool: sfltool; also manages login items and app-installed background daemons
Shared With You collaboration features between apps and iMessage; content shared via iMessage is surfaced in apps (Swift Transferable protocol), content in apps can be collaboratively edited and connected to an iMessage group; collaborations are expressed by keys derived from participant device keys, padded with a number of random keys to prevent tracking of device count, a merkle tree of those keys is used to prove inclusion of a specific device to an app; SharedWithYou.framework
Sharing umbrella term for wireless proximity services: AirDrop, Continuity, Instant Hotspot, WiFi sharing; used by loginwindow for Watch unlock; Sharing.framework; launchd service: com.apple.sharingd; also serves connection sharing and remote disk
Shazam audio (especially music) recognition service; ShazamKit.framework; launchd service: com.apple.shazamd; command line tool: shazam
Shoebox Passbook
Sidecar using iPhone/iPad as Mac accessory: external camera and microphone (ContinuityCapture), camera for photos and scanning (DocumentCamera.framework), external display over low-latency WiFi (llw interface) using avconferenced encoding; SidecarCore.framework; launchd services: com.apple.sidecar-display-agent (SidecarDisplayAgent), com.apple.sidecar-relay (SidecarRelay)
Signpost telemetry API to report points of interest in code; launchd service: com.apple.signpost.signpost_reporter
Simulator running an iOS/tvOS/watchOS personality on macOS, uses sandboxing and a separate Mach bootstrap namespace for container-like isolation; installable simulators as disk images in /Library/Developer/CoreSimulator/Images; command line tool: simctl
SIP System Integrity Protection or rootless mode; collection of kernel-level security restrictions regarding file system modification, unsigned Kexts, Taskport access, NVRAM access, DTrace; /System/Library/Sandbox/rootless.conf; command line tool: csrutil, rootless-init
Site Association signed files in .well-known directory on websites; equivalent to Entitlements for websites, associates domains with app IDs for Universal Links; command line tool: swcutil
SKP Sealed Key Protection; measurement of system state (boot chain IMG4 manifests, BPR, Boot Policy data, UID key, user passcode) to derive Keybag keys
SKS Secure Key Store; handling of keybag keys within the SEP
SkyLight WindowServer; SkyLight.framework
Skywalk network subsystem in XNU, links together actual technologies (Bluetooth, WiFi, Thunderbolt) and interfaces/tunnels; transacts in nexus (for conduits) and agent (for endpoints) objects; DriverKit network drivers use Skywalk; command line tool: skywalkctl
SLC System-Level Cache, architectural feature of Apple Silicon; cache located within SoC at controllers for external DRAM, serves all compute units and stages transfers between them
Social Gaming Game Center; multiplayer gaming services on top of CloudKit, shared storage and low-latency multicast for multiplayer sessions; launchd service: com.apple.gamed
Sock Puppet Watch interaction that requires Companion device
SOS Secure Object Sync; syncing backend for iCloud Keychain, not to be confused with the emergency call feature; transferred items previously staged in Synced Defaults, for two-factor accounts in CKKS; launchd services: com.apple.secd (access to local keychain), com.apple.security.cloudkeychainproxy3 (connects to Synced Defaults), com.apple.security.keychain-circle-notification
SPI System Private Interface; /System/Library/PrivateFrameworks
SpringBoard iOS home screen; like Dock (Launchpad, Mission Control, desktop picture), Control Center, SystemUIServer (menu extras icons), loginwindow (lock screen), and WindowServer (compositor) on macOS; /System/Library/CoreServices/SpringBoard.app, /Applications/PreBoard.app, BaseBoard.framework, FrontBoard.framework, SplashBoard.framework; launchd service: com.apple.backboardd (compositor)
SPRR Shadow Permission Remap Register? feature of Apple Silicon to dynamically reintepret page permissions
SRP Secure Remote Password; standard cryptographic protocol for proving knowledge of a secret such that attackers cannot brute-force the secret; AppleSRP.framework
SSO Single Sign-On
SSV Signed System Volume, als called Authenticated Root Volume (ARV); macOS boots from blessed read-only APFS snapshot, merkle-tree and root-hash stored in Preboot volume; modifications require disabling root authentication with csrutil from recovery, then the live filesystem can be mounted, modified, and re-blessed; command line tools: apfs_systemsnapshot, bless, csrutil
Stark CarPlay
Stockholm Secure Element in Apple SoCs, a processor running crypto protocols on keys it protects; used for Apple Pay and Car Key; related codenames: Icefall, Warsaw
Storage Management freeing up disk space by managing bulky items; UI in System Information.app; StorageManagement.framework; launchd service: com.apple.diskspaced; extension point: com.apple.storagemanagement; extends Cache Delete service
Suggestions semantic analysis of mails and websites to suggest contacts, calendar events and the like; launchd services: com.apple.suggestd, com.apple.reversetemplated; custom JavaScript parsers in /System/Library/AssetsV2/com_apple_MobileAsset_CoreSuggestions
Symbols debug symbols for backtraces; CoreSymbolication.framework; launchd services: com.apple.coresymbolicationd; command line tools: atos, symbols, symbolscache
Symptoms network diagnostics; Symptoms.framework; /var/networkd/db/netusage.sqlite; launchd service: com.apple.symptomsd (invoked by kernel through host special port 27)
Synced Defaults simple key-value store for applications, no user control over data; can use iCloud key-value backend (old) or Manatee container (new, marked as com.apple.kvs) as storage; launchd service: com.apple.syncdefaultsd; locally stored in ~/Library/SyncedPreferences
System Configuration SystemConfiguration.framework; launchd service: com.apple.configd; command line tool: scutil
System Extension system-wide components formerly implemented as insecure plugins or kexts; current extension types: DriverKit, FSKit, Network, Endpoint Security, Core Media IO; /System/DriverKit, /System/Library/DriverExtensions; command line tool: systemextensionsctl; launchd services: com.apple.sysextd, com.apple.nesessionmanager, com.apple.endpointsecurity.endpointsecurityd; command line tool: eslogger
System Policy Gatekeeper; policy engine for application launches and kext loading, malware signatures from /Library/Apple/System/Library/CoreServices/XProtect.bundle; /var/db/SystemPolicy; launchd service: com.apple.security.syspolicy (invoked by kernel through host special port 29); command line tool: spctl
Tailspin sampling of process stack traces; launchd service: com.apple.tailspind; command line tool: tailspin
TAL Transparent App Lifecycle; process for macOS apps started and stopped independently of the user launching and quitting app; also handles session restore across reboots; ~/Library/Saved Application State; launchd service: com.apple.talagent
Taskport Mach kernel concept for ptrace-like access to task internals; access policy implemented by daemon; launchd service: com.apple.taskgated (invoked by kernel through task special port 9); command line tool: DevToolsSecurity
TCC Transparency, Consent, and Control; user control over app access to privacy-related services (kTCCService*); TCC.framework; launchd services: com.apple.tccd, com.apple.tccd.system; command line tool: tccutil; stored in /Library/Application Support/com.apple.TCC, ~/Library/Application Support/com.apple.TCC, /var/db/locationd (for kTCCServiceLocation)
Template App code-less app-bundle, passed to an actual executable by LauncServices; created when adding websites in Safari to Dock/Springboard; run by /System/Volumes/Preboot/Cryptexes/App/System/Library/CoreServices/Web App.app
Time Machine automatic backup service, command line tools: tmdiagnose, tmutil
Tin Can Walkie Talkie on watchOS; /Applications/TinCan.app
Tones ringtones; ToneLibrary.framework
Translocation app binary copied on launch to dedicated location; initiated by Launch Services for security (prevents path traversal for apps quarantined by System Policy) or path normalization (iOS apps do not expect to be moved, but can be moved on macOS)
Transparency key transparency for ESS keys, based on CONIKS, devices audit IDS records against transparency logs, log hashes gossiped over iMessage to detect split-view attacks; Transparency.framework; launchd service: com.apple.transparencyd; server: init-kt.apple.com
TSS Tatsu Signing Server; online verification for firmware signatures; server: gs.apple.com
TTS Text To Speech, neural-network-based synthesis engine (Gryphon); command line tool: say; /System/Library/Speech, /System/Library/TTSPlugins
TVML TV Markup Language; declarative UI language for TV apps; TVMLKit.framework
Ubiquity iCloud Drive; codename Bladerunner, uses CloudKit; CloudDocs.framework; launchd service: com.apple.bird; locally stored in ~/Library/Mobile Documents (was supposed to move to Library/CloudStorage/iCloud Drive but this was reverted)
UID unique ID key, used as root key for cryptographic subsystems, generated during manufacturing by SEP and fused into hardware, only accessible by SEP
Unified Logging system-wide logging and Activity tracking; launchd service: com.apple.logd, com.apple.diagnosticd; command line tool: log; /dev/oslog; data stored in /var/db/diagnostics, support files in /var/db/uuidtext
USD Universal Scene Description; storage format for 3D assets; /usr/lib/usd
User Activity abstraction for deep-linking into apps with structured context (people, places); used for Universal Links (schema.org on websites), Handoff, Parsec (app links in search), Siri Shortcuts, Quick Note (context awareness), Proactive; UserActivity.framework; launchd service: com.apple.coreservices.useractivityd
User Notifications user interface for notification center; launchd service: com.apple.usernoted
UTI Uniform Type Identifiers; system for document types; file extensions and MIME types are mapped to UTIs, UTIs form a conformance graph, apps register their UTIs with Launch Services; /System/Library/CoreServices/CoreTypes.bundle; also Apples hardware devices are represented as UTIs
VA Video Acceleration; AppleGVA.framework, AppleVA.framework, AppleVPA.framework
Viceroy video conferencing used by FaceTime and ReplayKit; ViceroyTrace.framework
Virtualisation running virtual machines on macOS; Hypervisor.framework (for basic VMs and vCPUs), Virtualization.framework (brings a robust set of device models)
VSDB volume status database; /var/db/volinfo.database; command line tool: vsdbutil
Waldo selects edge servers based on approximate location, part of Private Relay, seen in NSP
WFS WebDAV File Sharing; built-in file sharing with Apache; /etc/wfs; command line tool: wfsctl
Widgets content excerpt from apps; provided via a timeline of view hierarchies, configuration uses Intents; visible on home screen, lock screen, as live activities, as watch complications; WidgetKit.framework; extension point: com.apple.widgetkit-extension; launchd service: com.apple.chronod (timeline management and sync)
Willow HomeKit; end-to-end-encrypted communication protocol and API for IoT-accessories; pairing with SRP using code printed on device, credential sync by CKKS, transported over Alloy, remote access using Apple TV as proxy; launchd service: com.apple.homed
Window Manager implements Stage Manager; /System/Library/CoreServices/WindowManager.app
Workflow Shortcuts; user-programmable system-wide automation, built-in triggers cause a chain of actions to run; actions are synthesized from User Activities and Intents provided by apps; WorkflowKit.framework, ActionKit.framework; locally stored in ~/Library/Shortcuts; launchd service: com.apple.siriactionsd (voice-triggered shortcuts); command line tool: shortcuts
xART eXtended Anti-Replay Technology; persistent storage for SEP, used by Mesa; /System/Volumes/xarts; launchd service: com.apple.xartstorageremoted; command line tool: xartutil
XCS Xcode Server; continuous integration server; command line tools: xcscontrol, xcsdiagnose
XProtect signature-based malware scanner and remediation service; /Library/Apple/System/Library/CoreServices/XProtect.bundle
1 Term Description
2 1TR One True Recovery; booting into macOS recovery on Apple Silicon by holding the power button to verify physical presence; enables interaction with SEP to change Boot Policy
3 AA Apple account
4 AA Apple Archive, see also Apple Encrypted Archive; command line tools: aa, aea, compression_tool
5 AAC Automatic Assessment Configuration; AutomaticAssessmentConfiguration.framework; puts device in a locked mode for exam-style test applications
6 AAT Apple Advanced Typography; font format and rendering engine
7 Accounts launchd service: com.apple.accountsd; /System/Library/Accounts
8 ACDE Apple Connect Device External? ACDEClient.framework, old two-step verification, derived from a company-internal AppleConnect system?
9 ACFS Apple Clustered File System; deprecated file system for Xsan; acfs.framework
10 Acoustic ID Siri feature to recognize songs
11 Activation cryptographic check-in with iCloud to lock devices reported by the user as lost; verified by iBoot; MobileActivationMacOS.framework; launchd service: com.apple.mobileactivationd; servers: humb.apple.com, albert.apple.com
12 Activity jobs, coarse-grained work units of applications; tracked by the system across XPC, bears a QoS class for scheduling; low-level mechanism not to be confused with User Activity
13 AE Apple Events; messaging system to invoke application functionality; CoreServices.framework/AE.framework; launchd services: com.apple.coreservices.appleevents, com.apple.AEServer (AE over network)
14 Aegir astronomy watch face and lock screen; /System/Library/CoreServices/AegirProxyApp.app
15 AGC Apple Graphics Control, management of multiple displays and display port connections; launchd service: com.apple.displaypolicyd
16 AHAP Apple Haptic Audio Pattern; file format for simultaneous audio and haptic data; CoreHaptics.framework
17 AIR Apple Intermediate Representation; synthetic bytecode architecture target for GPU binary toolchain
18 ALF Application-Layer Firewall, launchd service: com.apple.alf (socketfilterfw)
19 Alloy substrate for communication between user devices over Bluetooth and devices to iCloud, implemented over IDS; /System/Library/IdentityServices/ServiceDefinitions; launchd service: com.apple.identityservicesd
20 ALS Ambient Light Sensor, AmbientDisplay.framework
21 Amber Swift UI; SwiftUI.framework
22 AMFI Apple Mobile File Integrity, checks code integrity based on code signature, stronger enforcement with hardened runtime, validates entitlement restrictions; launchd service: com.apple.MobileFileIntegrity (amfid, invoked by kernel through host special port 18); disabled by setting amfi_get_out_of_my_way=0x1 in boot-args
23 AMP Apple Media Protocol? former parts of iTunes for iPod and iOS device access in Finder, Home Sharing; AMPDevices.framework, AMPSharing.framework; launchd services: com.apple.AMPDeviceDiscoveryAgent, com.apple.AMPDevicesAgent, com.apple.amp.mediasharingd
24 AMP Asynchronous Multiprocessing; performance and power-efficiency cores on Apple Silicon
25 AMS Apple Media Services; formerly the iTunes stores and media services: App Stores, Apple Music, Apple TV, iCloud media library, Apple Podcasts, Podcast sync, Books Store, Books sync; AppleMediaServices.framework; server: phobos.apple.com
26 AMX Apple Matrix Extension; ARM instruction set extension for matrix operations
27 ANE Apple Neural Engine, hardware accelerator for neural network operations; ANECompiler.framework, ANEServices.framework; launchd service: com.apple.aned
28 Anisette two-factor authentication creates security codes on trusted devices using TOTP, probably using Circle keys, checked by HSA; AuthKit.framework; launchd service: com.apple.akd
29 AOP Always On Processor, part of Apple SoCs, runs RTKit as operating system
30 AOS Apple Online Services? historical name for iCloud
31 Apache built-in web server; command line tool: apachectl
32 APFS Apple File System; copy-on-write file system with support for volume space-sharing, per-file encryption, and snapshots
33 APNS Apple Push Notification service, server infrastructure for remote push notifications over a single connection, clients subscribe to push topics, can be authenticated by app (remote notifications), device (Find My …), or Apple ID login (DSID); credentials in apsd keychain; launchd service: com.apple.apsd; server: push.apple.com
34 App Nap quiescence detection for applications and corresponding self-demotion in scheduler parameters, implemented within application frameworks and RunningBoard, listens for occlusion notifications from WindowServer
35 App Sandbox Seatbelt-based sandbox for apps; /System/Library/Sandbox/Profiles/application.sb; enabled with com.apple.security.app-sandbox entitlement; launchd service: com.apple.secinitd
36 AppleCare extended warranty; NewDeviceOutreach.framework; launchd service: com.apple.ndoagent
37 APT Adaptive Picture Timing? ProMotion; dynamic screen updates with 120Hz base frequency; AppleDisplayTCONControl.framework
38 Ask To parental-controlled user can ask parent for exceptions; launchd service: com.apple.asktod; AskToCore.framework
39 ASL Apple System Logger, superseded by Unified Logging; /etc/asl; stored in /var/log/asl; launchd service: com.apple.syslogd; command line tool: syslog
40 ASR Apple Software Restore; restore entire volumes from sources like disk images (HDI, SIU), also restores based on APFS snapshots and snapshot deltas; command line tool: asr
41 Assertions power state management allowing applications to prevent sleeping; launchd service: com.apple.powerd; command line tools: caffeinate, pmset
42 Assessment checking of System Policy; term also used for AAC
43 Asset Cache discretionary caching server for Mobile Assets, Packages, iOS updates, App Store content, ODR, MMCS data; launchd services: com.apple.AssetCache.builtin, com.apple.AssetCacheLocatorService, com.apple.AssetCacheManagerService, com.apple.AssetCacheTetheratorService; command line tools: AssetCacheLocatorUtil, AssetCacheManagerUtil, AssetCacheTetheratorUtil
44 Assistant Siri; dictation and semantic understanding, Intent is communicated to and enacted on the client, uses TTS for output, Snippets to embed mini UIs into responses; /System/Library/Assistant, /System/Library/Snippets, AssistantServices.framework; server: *.siri.apple.com
45 ATS App Transport Security, sandbox mechanism only allowing TLS-secured connections
46 ATSUI Apple Type Services for Unicode Imaging; rendering engine superseded by CoreText.framework, font management; ApplicationServices.framework/ATS.framework; launchd service: com.apple.xtyped (fontd); command line tools: atsutil
47 ATT App Tracking Transparency; apps declare user tracking on app store
48 Attestation cryptographic proof of a genuine SEP; used for web authentication and app attestation; DeviceCheck.framework; SEP responds to challenge using hardware-key (GID, PKA), online service verifies; used to pair Touch ID keyboards, used to pair RemoteXPC channel?
49 Authorization discretionary access control policies for high-level services; similar to PAM; policy stored in /var/db/auth.db
50 Avatar Memoji and Animoji, including pre-rendered iMessage stickers; AvatarKit.framework
51 AVB Audio Video Bridging, low-latency audio over Ethernet; launchd service: com.apple.avbdeviced; command line tool: avbdiagnose, avbutil
52 AWD Apple Wireless Diagnostics, sends system telemetry to Apple; CoreAnalytics.framework, WirelessDiagnostics.framework; launchd services: com.apple.awdd, com.apple.analyticsd
53 AWDL Apple Wireless Direct Link; secondary WiFi interface that runs in parallel to an active WiFi access point connection, similar to WiFi Direct (p2p interface), uses a randomized MAC, used for peer-to-peer networking: AirDrop, AirPlay; DeviceToDeviceManager.framework
54 Background Assets assets that an app extension loads without the app being launched; BackgroundAssets.framework; extension point: com.apple.background-asset-downloader-extension; launchd service: com.apple.backgroundassets.user
55 Bezel on-screen overlays for hardware volume buttons, screen brightness, Bluetooth HID, and others; /Library/Application Support/Apple/BezelServices, launchd services: com.apple.loginwindow, com.apple.OSDUIHelper
56 Bifrost emergency satellite connectivity; /System/Library/LocationBundles/Bifrost.bundle
57 Biome CloudKit-synced real-time event streaming and processing; widely used, primarily Avatars/People? Siri?; BiomeStreams.framework, BiomeSync.framework; launchd services: com.apple.BiomeAgent, com.apple.biomesyncd
58 Blast Door sandboxed sanitization process for untrusted iMessage input; BlastDoor.framework
59 BOM Bill of Materials; format to store contents of installer Packages; command line tool: lsbom
60 Bonjour mDNS; launchd service: com.apple.mDNSResponder.reloaded; command line tool: dns-sd
61 Boot Cache disk cache pre-heating at boot time with typically loaded applications; /var/db/BootCaches; launchd service: com.apple.warmd
62 Boot Policy decides by signature check which OSes can be booted, boot-time equivalent for System Policy; LocalPolicy stores user settings, configurable from 1TR, stored by SEP, enforced by iBoot; command line tools: bputil, kmutil (to enroll custom kernels)
63 BPR Boot Progress Register; set-only flags to track boot mode (normal, DFU, recovery), part of Keybag class key derivation within SEP, so passcode-protected keys are inaccessible in DFU and recovery
64 Bridge T2 ARM CPU in Intel Macs to drive Touch Bar and Boot Policy; runs bridgeOS, a derivative of watchOS; boots the platform and the Intel CPU, communication from macOS uses RemoteXPC; launchd service: com.apple.multiversed; /System/Library/MultiversePlugins
65 Brook hand washing encouragement on watch; BrookServices.framework
66 Bulletin Board application push notification management, aggregates local and remote push notifications; BulletinBoard.framework
67 Cache Delete cleanup for various caches; /System/Library/CacheDelete; launchd service: com.apple.cache_delete (deleted)
68 CAML Core Animation Markup Language; XML file format for layers, shapes and animations
69 Carousel derivative of SpringBoard for Watch home screen, watch face, and notification center
70 CDM Continuous Dialog Manager; dialog with Siri; ContinuousDialogManagerService.framework, Marrs.framework;
71 Celestial media streaming used by ReplayKit for game broadcasts; Celestial.framework
72 Certificates validity checked using CRLs, OCSP stapling, and transparency logs; /System/Library/Security/Certificates.bundle; launchd services: com.apple.trustd, com.apple.trustd.agent, com.apple.ocspd; command line tool: crlrefresh
73 Chamois Stage Manager
74 CHIP Connected Home over IP; Matter; integrated into HomeKit; HomeKitMatter.framework
75 Circle cryptographic primitive to exchange public keys of trusted devices of a user, signed by Circle peers; iCloud identity added as additional Circle peer, private key synced across all trusted devices, new devices can pull this key from Secure Backup to join the Circle; per-device Circles stored in CKKS for two-factor accounts (Octagon); KeychainCircle.framework; command line tools: otctl (Octagon)
76 CKKS CloudKit Key Sync, end-to-end secure syncing for credentials, seeded by Circle; currently includes ApplePay, AutoUnlock, CreditCards, DevicePairing, Engram, Health, Home, Manatee, SOS, WiFi and other keys; launchd service: com.apple.secd; command line tool: ckksctl
77 Clarity customizable accessibility mode for simplified UI; ClarityFoundation.framework
78 Classroom school teachers can create assignments for student iPads and track progress in Schoolwork app; ClassKit.framework; launchd service: com.apple.studentd
79 Cloud Pairing part of Alloy, Bluetooth out-of-band pairing over iCloud for Continuity; launchd service: com.apple.BTServer.cloudpairing (cloudpaird)
80 CMAS Commerial Mobile Alert System, now known as Wireless Emergency Alerts (WEA)
81 Commpage user-mapped kernel data, like vdso/vsyscall on Linux; mapped at 0x7fffffe00000
82 Communications Filter recipient blocking for iMessage, FaceTime, Mail; launchd service: com.apple.cmfsyncagent
83 Companion iPhone that is paired with Watch; communication uses Alloy over IPsec over Bluetooth
84 Contact Key Verification code for manual verification of iMessage keys; code identifies a long-lived account key stored in iCloud Keychain, which signs all ESS device keys
85 Continuity umbrella term for Handoff, Sidecar, SMS relay, Universal Clipboard, Watch unlock, WiFi call relay and others; SMS relay works by proxying to iMessage, other services use Alloy
86 Control Center icons in menu/status bar and Bento Box controls UI, gradually replaces SystemUIServer on macOS; handles incoming AirPlay content; launchd services: com.apple.controlcenter, com.apple.SystemUIServer.agent
87 CPML CorePrediction Machine Learning; CPMLBestShim.framework
88 CRD Conference Room Display; Apple TV mode
89 Cryptex Cryptographically sealed Extension of SSV, mount-invisible extension of the root volume, allows lightweight updates as part of Rapid Security Response; /System/Cryptexes (mountpoint), /System/Volumes/Preboot/*/cryptex1/current/*.dmg (disk images)
90 CSR Configurable Security Restrictions; XNU subsystem that is the basis for SIP
91 CTK Crypto Token Kit; smart card management, also for the Secure Element on iOS? launchd service: com.apple.ctkd; command line tool: sc_auth
92 CTS Centralized Task Scheduling; execution of DAS tasks; /System/Library/UserEventPlugins/com.apple.cts.plugin
93 CVMS Core VM Server/Service? compilation of GPU shaders; launchd service: com.apple.cvmsServ
94 DAAP Digital Audio Access Protocol; used by Home Sharing (with Rapport token) and by the Remote app to control Apple TV (with pairing token); payload unencrypted; DAAPKit.framework; Bonjour services: _atc._tcp, _home-sharing._tcp, _mediaremotetv._tcp, _touch-able._tcp
95 Daily Briefing Siri giving an overview of information for the day; SiriDailyBriefingInternal.framework
96 DART DMA Address Relocation Table; IOMMU implementation in Apple silicon, positioned in front of every DMA-capable co-processor and peripheral, offers sub-page protection; SART: streaming variant for high-throughput devices (like NVMe)
97 DAS Duet Activity Scheduler; scheduling policy engine behind NSBackgroundActivityScheduler and XPC activities; /System/Library/DuetActivityScheduler; launchd service: com.apple.dasd
98 Data Detectors text analysis to highlight phone numbers, street addresses, and the like; DataDetectors.framework
99 Data Vault directories with the UF_DATAVAULT special flag; CSR limits access to one application
100 DAV Distributed Authoring and Versioning; network protocol on top of HTTP for syncing calendars (CalDAV), contacts (CardDAV), and formerly also bookmarks (BookmarkDAV)
101 DCP Display Co-Processor
102 DDE Device Discovery Extension; detects devices on local network without app access to local network; DeviceDiscoveryExtension.framework, DeviceDiscoveryUICore.framework; extension point: com.apple.discovery-extension
103 DEP Device Enrollment Program; devices check in with Apple during Setup Assistant to query for their enrollment status, retrieve MDM server URL to fetch initial configuration profile
104 Developer Mode enables launching of self-compiled apps in iOS, rough equivalent to System Policy; command line tool: devmodectl
105 DFR Dynamic Function Row?, TouchBar; /System/Library/CoreServices/ControlStrip.app; DFRFoundation.framework
106 DFU Device Firmware Update; special boot mode where iOS has not booted and the system can be installed over the Lightning connection
107 Differential Privacy crowdsourcing without user tracking; privacy budget for management of anonymity set; used for keyboard words, emoji, Spotlight searches, Parsec deep links, HealthKit usage, Safari telemetry; /System/Library/DifferentialPrivacy; stored in /var/db/DifferentialPrivacy; launchd service: com.apple.dprivacyd
108 Digital Separation safety check feature to inhibit sharing relationships; DigitalSeparation.framework
109 DMC Device Management Client; part of MDM; DMCUtilities.framework
110 DMC Disk Mount Conditioner; simulates slow IO devices; command line tool: dmc
111 DND Do Not Disturb
112 DSID Destination Signaling Identifier, unique ID for IDS login on a specific device
113 DTrace system-wide tracing infrastructure, command line tools: dtrace, *.d, dappprof, dapptrace, dtruss, errinfo, execsnoop, fddist, fs_usage, imptrace, iopattern, iopending, iosnoop, iotop, lastwords, latency, opensnoop, plockstat, rwsnoop, sampleproc, sc_usage, topsyscall, topsysproc
114 Duet telemetry collection engine for system and user events, forecasting by machine learning, backend for DAS, Proactive, Relevance, Screen Time, thermal and battery management; /System/Library/DuetKnowledgeBase; CoreDuet.framework, CoreKnowledge.framework, CorePrediction.framework; launchd services: com.apple.coreduetd, com.apple.knowledge-agent, com.apple.ospredictiond
115 Dyld Shared Cache dynamic linker cache, stores all system libraries in prelinked form, original library files are removed; /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld; command line tools: dyld_info, dyld_usage, update_dyld_shared_cache
116 EAS Exchange Active Sync; network protocol for accessing Microsoft Exchange servers
117 EDR Extended Dynamic Range; rendering with transfer function extending beyond sRGB white; implemented natively on XDR displays and by backlight modulation on others; HDRProcessing.framework
118 Energy Impact unitless metric for per-application energy consumption, machine-specific coefficients; /usr/share/pmenergy, /usr/share/kpep; launchd services: com.apple.sysmond, com.apple.thermald; command line tool: powermetrics
119 Engram Messages in iCloud; devices store received iMessages in CloudKit; Engram.framework
120 Entitlements capability-like attributes bound to executables by code signing; some entitlements like App Sandbox restrict ambient authority, some gradually relieve those restrictions (using Seatbelt), some services or system calls grant privilege based on caller entitlements
121 ESS IDS user directory, public key distribution for iMessage and CloudKit sharing, uses Transparency; server: *.ess.apple.com; launchd service: com.apple.identityservicesd
122 Eye Relief screen distance warning for handheld devices; /Applications/EyeReliefUI.app
123 FaceTime video calls, employs the ICE (establishing peer-to-peer connection), STUN (session credential exchange) and SRTP (encrypted media streaming) protocols; FTServices.framework; launchd services: com.apple.videoconference.camera (avconferenced)
124 FairPlay DRM system used by app and media stores; CoreADI.framework, CoreFP.framework, CoreLSKD.framework; launchd services: com.apple.adid, com.apple.fairplayd (invoked by kernel through host special port 17), com.apple.lskdd; credentials stored in /var/db/fpsd
125 Family Circle Family Sharing; launchd services: com.apple.familycircled, com.apple.askpermissiond
126 FDE Full Disk Encryption, FileVault; command line tool: fdesetup, sysadminctl
127 FDR Factory Data/Device Reset? ensures that no downgrades are performed? servers: skl.apple.com, gg.apple.com; /System/Library/FDR
128 Feldspar Apple News; Silex.framework
129 FiDES Fi? Distributed Evaluation Service? aggregates Differential Privacy data for unlinkability? maybe private federated learning? used for emoji, Suggestions, Dictation; /System/Library/DistributedEvaluation; DistributedEvaluation.framework; server: fides-pol.apple.com
130 File Provider infrastructure and extension system for syncing with cloud providers; placeholder files based on SF_DATALESS attribute in APFS; FileProvider.framework; locally stored in ~/Library/CloudStorage; command line tool: fileproviderctl
131 Find My location sharing by explicitly querying devices remotely or collateral beacon detection using Search Party; FMCore.framework, FMF.framework; launchd service: com.apple.icloud.fmfd (find my friends)
132 Firmlink bi-directional non-symbolic link between the read-only system volume and the data volume, additional symlinks and mountpoints in the root directory are virtually allocated; /usr/share/firmlinks, /etc/synthetic.conf
133 Focus restriction modes for notification presentation; focus filters for in-app display restrictions, communicat by Intents; Focus.framework, DoNotDisturb.framework; local settings in ~/Library/DoNotDisturb
134 FollowUp user interaction for Secure Backup wrapping with device passcode, CoreFollowUp.framework; launchd service: com.apple.followupd
135 FoundationDB fundamental iCloud storage database, marketed as CloudKit, separated into containers; records, blobs, and large asset storage with MMCS, server-side continuous queries can trigger push notifications, user management by IDS, sharing between users by GroupKit; PCS keys used for hierarchical zone, record, and asset encryption; CloudKitDaemon.framework; launchd service: com.apple.cloudd; locally stored in ~/Library/Caches/CloudKit, ~/Library/Containers/*/Data/CloudKit; command line tool: cktool
136 FPR Fast Permission Restrictions; Apple CPU registers to downgrade (old APRRs do bitmasking) or remap (SPRRs since M1) actual permissions of memory pages (the CTRR region) per thread; used for JIT protection and by AMFI to freeze user code after checking
137 FSKit user space file system support; kernel stub file system is /System/Library/Extensions/lifs.kext; file systems are in /System/Library/ExtensionKit/Extensions/com.apple.fskit.*; launchd service: com.apple.filesystems.fskitd; extension point: com.apple.fskit.fsmodule
138 FUD Firmware Update Daemon; /var/db/fud; launchd service: com.apple.accessoryupdaterd
139 Game Mode auto-activates when games are shown full screen, throttles background work, lowers audio and input latency; launchd service: com.apple.gamepolicyd
140 GID group ID key, shared across all devices of the same SoC generation, derived keys are used to prove device type over the network, only accessible by SEP
141 Gizmo Apple Watch; watch settings managed by Companion; /Applications/Bridge.app, /System/Library/BridgeManifests
142 Group Activities SharePlay; sharing of media content and programmatic state over FaceTime calls; GroupActivities.framework, CopresenceCore.framework; launchd service: com.apple.telephonyutilities.callservicesd
143 GroupKit groups of IDS users with shared CloudKit (PCS) access; GroupKit.framework
144 GSS Generic Security Service; part of Kerberos; GSS.framework; launchd service: com.apple.gssd (invoked by kernel through host special port 19); command line tool: gsstool
145 GXF Guarded Execution Feature/Fault, additional exception levels on Apple Silicon, lateral to the usual exception levels; page tables remain the same, but interpretation of permission bits changes by way of FPR, genter and gexit instructions; implements lightweight intra-address-space protection contexts
146 HAP Home Automation Protocol; CoreHAP.framework
147 HDA High Definition Audio; HDAInterface.framework
148 HDI Hard Disk Image; command line tool: hdiutil
149 HeadBoard derivative of SpringBoard for tvOS home screen; /Applications/HeadBoard.app, /Applications/PineBoard.app
150 HLS HTTP Live Streaming
151 HSA Hardware Security Architecture; version 1 used for two-step verification, SOS with iCSC; version 2 for two-factor authentication, CKKS and Secure Backup with iCDP
152 HSM Hardware Security Module; HSM fleet runs escrow service for Secure Backup
153 Hyperion iCloud Photos, uses CloudKit; launchd service: com.apple.cloudphotod
154 IAP iPod Accessory Protocol; IAP.framework
155 iBoot boot loader stage after boot ROM or UEFI (macOS on Intel); intermediate Low-Level Bootloader (LLB); DFU mode is implemented here; /System/Library/CoreServices/boot.efi
156 iCDP iCloud Data Protection, codename for a set of enhancements to iCloud privacy: device passcodes used as iCSC for Secure Backup, root keys for CKKS-enabled services only synced between devices and not stored at Apple; launchd service: com.apple.cdpd
157 iCloud umbrella term for a conglomerate of services, consists of FoundationDB containers with PCS views for key management, supported by CKKS; uses IDS and APNS; some services under the iCloud name are actually served by AMS, IMAP, or DAV
158 iCSC iCloud Security Code, credential wrapping for Secure Backup, previously used a separate code, with HSA2/iCDP uses device passcodes
159 IDAM Inter-Device Audio and MIDI; audio connection between devices
160 IDS Identity Directory Service, also IDMS, Apple ID identity management for all of Apple’s online services; APNS topics for signaling and messaging, see also Alloy, ESS, FaceTime, iMessage; authentication to services with Kerberos
161 IDV Identity Verification? Touch ID and Face ID; /System/Library/AccessibilityBundles/CoreIDVUI.axbundle
162 IM Instant Messaging; usually means iMessage and FaceTime
163 IMG4 boot files (Mach-O binaries or configuration data) with ASN.1 signature, contains RemotePolicy certificate constraints to restrict Boot Policy evaluation
164 Intent use-case-driven interaction with 3rd-party apps from a host app; used for Siri, Maps, Shortcuts, Widgets (configuration); definition file or programmatically using AppIntents.framework; command line tool: appintentsmetadataprocessor (Xcode extracts Intent definition at compile time); extension points: com.apple.intents-service, com.apple.intents-ui-service
165 IOKit device driver subsystem for in-kernel and DriverKit drivers, command line tool: ioreg
166 Ironwood dictation, customized on server with selected user data (contacts, app names, music titles, HomeKit names, Siri Shortcut phrases), not tied to Apple ID; SpeechRecognitionCore.framework; server: guzzoni.apple.com
167 ISP Image Signal Processor; camera imaging circuit in iPhones
168 ITML iTunes Markup Language; metdata tagging for media services; ITMLKit.framework
169 ITP Intelligent Tracking Prevention, cross-site tracking defenses in Safari, statistics and user interaction classify sites, cookies are partitioned and access is restricted
170 JARVIS Just A Rather Very Intelligent Scheduler, Mesos cluster manager for Siri, iCloud, AMS
171 Jellyfish Animoji; /Applications/Jellyfish.app
172 Jetsam reclaiming of purgeable memory and termination of apps during memory pressure
173 JSC JavaScript Core; JavaScriptCore.framework; command line tool: jsc
174 Kalamata codename for the transition from x86 to ARM-based Apple Silicon
175 Kerberos single-sign-on mechanism; Heimdal.framework; command line tools: kinit, ktutil
176 Kext kernel extension mechanism, loaded at boot time as part of a Kext Collection; /Library/Extensions, /Library/StagedExtensions (for user approval), /System/Library/Extensions; command line tool: kextutil (manages deprecated runtime loading)
177 Kext Collection prelinked sets of kernel extensions; /System/Library/KernelCollections (for boot and system kexts), /Library/KernelCollections (for auxiliary third-party kexts); the latter is only loaded at a lower-security Boot Policy; launchd service: com.apple.kernelmanagerd (invoked by kernel through host special port 15); command line tool: kmutil
178 Keybag storage of protection class keys for Keychain and filesystem, protected by SEP using SKP; stored in user.kb; launchd services: com.apple.mobile.keybagd, com.apple.securityd_service, com.apple.secd
179 Keychain storage for credentials; launchd service: com.apple.securityd; command line tools: certtool, security, systemkeychain
180 KIP Kernel Integrity Protection, locking of physical memory pages to prevent changes to kernel
181 Launch Services management for application launches, association of UTIs to apps, uses Spotlight to update cached info; launchd services: com.apple.coreservices.launchservicesd, com.apple.lsd; CoreServices.framework/LaunchServices.framework; command line tools: lsappinfo, lsregister
182 Live Files user mode filesystems, currently FAT, ExFAT, NTFS on external storage; UserFS.framework, UVFSXPCService.framework; launchd service: com.apple.filesystems.userfsd
183 Liverpool PCS codename for CloudKit
184 LKDC Local Key Distribution Center, Kerberos on client machines
185 LSM Latent Semantic Mapping, text analysis, used for spam filtering, command line tool: lsm
186 Mac Buddy historic name for Setup Assistant
187 MAC Policy Mandatory Access Control subsystem in XNU, based on TrustedBSD, implements policy hooks for restricted kernel operations; current policies: AMFI, Seatbelt, Quarantine, CSR
188 Machine Learning Vision.framework, Espresso.framework, Futhark.framework, PhotoAnalysis.framework; used for Live Text and Visual Lookup; launchd service: com.apple.mediaanalysisd
189 Madrid iMessage; /System/Library/Messages
190 Manatee PCS key for some CloudKit containers are synced via CKKS, so data is unreadable to Apple (credential management codenames: Plesio, Stingray, Cuttlefish)
191 Mandrake emergency siren on Apple Watch Ultra; /Applications/Mandrake.app
192 Mangrove transfering UI tiles over XPC; Mangrove.framework, IOSurface.framework
193 Marco Marco.framework, something about IDS and communication (iMessage, Calls), logging?
194 Marklar codename from the PowerPC era for the port to x86, served the transition to Intel CPUs
195 Marzipan Catalyst; port of iOS frameworks to macOS, Catalyst apps are iOS apps with additional API to adapt macOS UI idioms; /System/iOSSupport; integration using UIKit system process; launchd service: com.apple.uikitsystemapp; input remapping by /Library/Apple/Library/Bundles/InputAlternatives.bundle
196 MCX Managed Client for OS X, preference management for settings from configuration profiles, /Library/Managed Preferences, command line tools: mcxquery, mcxrefresh
197 MDM Mobile Device Management; server software to manage fleets of iOS and macOS devices; uses configuration profiles to manage preferences; ConfigurationProfiles.framework
198 MDS Module Directory Services, ancient part of the old security APIs (CSDA, CSSM)
199 Memory Debugging uses Taskport; command line tools: heap, leaks, malloc_history, stringdups, vmmap
200 Mesa Touch ID; /Library/Catacomb; /var/db/bkad.db
201 Metadata Spotlight; file indexing on macOS; CoreServices.framework/Metadata.framework, CoreServices.framework/SearchKit.framework; stored in .Spotlight-V100; launchd service: com.apple.metadata.mds; command line tools: mddiagnose, mdfind, mdimport, mdls, mdutil; in addition to auto-indexing, apps can explicitly register searchable items; CoreSpotlight.framework; launchd service: com.apple.corespotlightd
202 MLHost background machine learning service; launchd service: com.apple.mlhostd; /System/Library/MLHost; DeepThought.framework, LighthouseBackground.framework, LighthouseBitacoraFramework.framework,
203 MMCS MobileMe Chunk Storage, used by iCloud, splits blobs into chunks and stores them at Apple/AWS/GCP with convergent encryption (content hash as key); MMCS.framework
204 Mobile prefix for iOS
205 Mobile Assets demand-downloaded system components like fonts, dictionaries, linguistic data; stored in /System/Library/Assets; launchd services: com.apple.languageassetd (language-dependent assets), com.apple.mobileassetd; server: mesu.apple.com
206 Mobile Device connectivity to iOS devices over USB or WiFi (AirTrafficHost) for syning, development, and debugging; MobileDevice.framework; launchd service: com.apple.usbmuxd; Bonjour service: _apple-mobdev2._tcp
207 MOC Managed Object Context; Core Data object space
208 Mondrian photo collage arrangement in Photos.app; Mondrian.framework
209 MRT Malware Removal Tool; /Library/Apple/System/Library/CoreServices/MRT.app; superseded by XProtect
210 Multipeer Connectivity ad-hoc networking; Bonjour for discovery; WiFi, AWDL, Bluetooth, or Ethernet as transport; optional encryption and certificate-based authentication; MultipeerConnectivity.framework
211 Nano prefix for watchOS
212 Nearby Interaction proximity-based interaction between devices; proximity measured using ultra wideband or derived from other technologies; used for Universal Control; NearbyInteraction.framework, Proximity.framework; launchd service: com.apple.nearbyd
213 Newton fall detection on watchOS
214 NLP Natural Language Processing; NLP.framework; related to mecabra libraries, a linguistic engine for Chinese and Japanese; /usr/share/mecabra, /usr/share/tokenizer
215 Notarization app security scan by Apple; cryptographic proof stapled to code signature, tested at launch by System Policy; for non-notarized apps sends code hash to Apple; command line tools: notarytool, altool, stapler
216 Noticeboard User Notifications for Software Update and App Store, Noticeboard.framework; launchd services: com.apple.noticeboard.state (nbstated), com.apple.noticeboard.agent (nbagent)
217 Notifications system notification bus, unrelated to the local/remote push notifications; launchd service: com.apple.notifyd, com.apple.kuncd (invoked by kernel through host special port 10); command line tool: notifyutil; complemented by framework-level notification system (CFNotification, NSNotification); launchd services: com.apple.distnoted.xpc.daemon, com.apple.distnoted.xpc.agent
218 NSP Network Service Proxy; per-app VPN and proxy settings, implements Private Relay; launchd service: com.apple.networkserviceproxy
219 OAH Rosetta; ahead-of-time compiler for Intel code on Apple Silicon, usable from Linux VMs by way of a custom binformat; /usr/libexec/rosetta
220 ODR On-Demand Resources; loaded from App Store; launchd service: com.apple.appstored
221 Onboarding data protection splash screen shown by service-connected apps; /System/Library/OnBoardingBundles; OnBoardingKit.framework
222 Open Directory directory service for user, group, and machine management; plugin-based to use different backend stores (LDAP, Active Directory), local accounts in /private/var/db/dslocal; launchd service: com.apple.opendirectoryd; command line tools: dscacheutil, dscl, dsconfigad, dsconfigldap, dseditgroup, dsenableroot, dserr, dsexport, dsimport, dsmemberutil, odutil
223 OpenBSM Open Basic Security Module; deprecated security audit subsystem; /etc/security, /var/audit; launchd service: com.apple.auditd; command line tool: audit
224 Opus create slide shows from photos; Slideshows.framework
225 OSA Open Scripting Architecture; scripting of applications from different fontend languages (currently AppleScript and JavaScript); backed by Apple Events; command line tools: osacompile, osadecompile, osalang, osascript, sdef, sdp
226 OTUT One-Time Unlock Token; security mechanism to allow keybag unwrapping after updates
227 PAC Pointer Authentication Codes; pointers signed in unused bits to prevent ROP attacks
228 Packages unit of software installation; command line tools: pkgutil, installer, softwareupdate; launchd services: com.apple.softwareupdated, com.apple.bootinstalld, com.apple.installd, com.apple.system_installd, com.apple.uninstalld; /var/db/softwareupdate, /Library/Apple/System/Library/Receipts (system), /System/Library/Receipts (read-only), /private/var/db/receipts (App Store)
229 Packet Filter network traffic filtering subsystem from OpenBSD; command line tool: pfctl
230 Parsec Spotlight web results and searching of crowdsourced User Activity deep links; server: *.smoot.apple.com; launchd services: com.apple.parsecd, com.apple.parsec-fbf (Feedback Flush to Differential Privacy)
231 Party Studio Karaoke mode on tvOS, where video from a paired phone is shown with effects; /System/Library/PrivateFrameworks/PartyStudio.*
232 Passkey keypair used for authentication instead of password, synced via SOS, implements WebAuthn standard; keys can be used to login on separate device via QR code and Bluetooth proximity proof; AuthenticationServices.framework
233 Password Breach monitoring of Keychain passwords against a breach database; round-robin matching in fixed-size batches, local match against common leaks, remote match using hash prefix; launchd service: com.apple.Safari.passwordbreachd
234 Pasteboard storage for cut, copy, and paste; type of content remembered as UTI; launchd service: com.apple.pboard; command line tools: pbcopy, pbpaste
235 PAT Private Access Tokens; blind challenge-response authentication; Apple server attests user validity to token issuer, issuer performs blind signature, websites receiving the token cannot identify user; used for Private Relay, can replace CAPTCHAs
236 PCS Protected Cloud Storage; key management for separate iCloud storage compartments (PCS calls them views), each can contain FoundationDB plus bulk data stored by MMCS; see also iCDP, CKKS, GroupKit, Manatee; ProtectedCloudStorage.framework; /System/Library/Preferences/ProtectedCloudStorage; command line tool: pcsstatus
237 PCSC Personal Computer Smart Card; PCSC.framework, uses CTK
238 PDE Print Dialog Extension; old name, not a proper Extension
239 PEC/PIR Private Encrypted Compute and Private Information Retrieval; used for parental controls for media and web; CipherML.framework; launchd service: com.apple.ciphermld
240 Pegasus meaning 1: picture-in-picture video playback; Pegasus.framework (iOS), PIP.framework (macOS); meaning 2: online search query engine for visual lookup; PegasusKit.framework
241 People contacts with Apple ID accounts within Group Activities and Shared With You
242 Pepper UI elements for Watch home screen and Chat, like Quickboard (canned replies), Animoji; PepperUICore.framework
243 Persona separation of sub-user-identities, like when using a private and managed Apple account; PersonaKit.framework; ~/Library/Personas; /System/Library/UserManagement; command line tool: umtool
244 PHASE Physical Audio Spatialization Engine; 3D sound rendering engine; Apple devices map audio sources (even mono and stereo) to virtual speakers in a 3D sound stage, which is simulated by the physical speakers via a head-related transfer function; PHASE.framework
245 Piano Mover Mail Drop; bulk mail attachments transfered over PCS; not to be confused with storage for iMessage attachments, which uses a CloudKit container
246 Plugin Extensions, XPC services bundled with apps or frameworks, discovery by Launch Services; launchd service: com.apple.pluginkit.pkd; command line tool: pluginkit
247 PMP Port Mapping Protocol; Apple alternative to UPnP, Bonjour service: _acp-sync._tcp
248 Poster iPhone lock screen; PosterBoard.framework, PosterKit.framework; /Library/Wallpaper
249 PowerUI battery management like smart charge and power save, learns from Duet and other data; PowerUI.framework; /var/db/PowerUI; launchd service: com.apple.PowerUIAgent
250 Preferences storage for user-configurable settings; launchd services: com.apple.cfprefsd.xpc.daemon, com.apple.cfprefsd.xpc.agent; stored in Library/Preferences, command line tool: defaults; interaction with Synced Defaults per /System/Library/DefaultsConfigurations
251 Preview Shell skeleton for on-device UI previews during development; /System/Library/CoreServices/PreviewShell.app; PreviewShellKit.framework, XOJIT.framework (code live patching)
252 Private Relay two-hop onion routing with one entry and one exit node; Apple operates entry, third-party services operate exit nodes; QUIC for payload, ODoH for DNS, approximate IP geolocation via Waldo, authentication via PAT
253 Proactive umbrella term for suggestions and completions based on Duet forecasting and User Activity context, also marketed as Siri features; PersonalizationPortrait.framework
254 Provenance per-file origin tracking, extended attribute com.apple.provenance stores ID into /var/db/SystemPolicyConfiguration/ExecPolicy
255 QoS Classes inheritable property for Activities; semantic priorities, influences scheduling parameters; initially set at user-level, priority inheritance within GCD queues and across XPC in kernel?
256 Quagga framework for QR and barcode decoding; Quagga.framework
257 Quick Action extension type for quick interaction with foreign content within a host app; extension points: com.apple.services, com.apple.ui-services
258 Quick Look file preview and thumbnail generation; comand line tool: qlmanage
259 RAOP Remote Audio Output Protocol, AirPlay; Bonjour service: _raop._tcp
260 Rapport device pairing by proximity using Alloy, with PIN entry, or using iCloud; once paired, devices can access services; used for HomeKit, HomePod, AirPlay, Home Sharing, SideCar; Rapport.framework; launchd service: com.apple.rapportd; Bonjour service: _companion-link._tcp
261 Recents recently used items (not files) in various applications, synced with Synced Defaults; CoreRecents.framework, /System/Library/Recents; launchd service: com.apple.recentsd
262 Relevance Engine backend for Siri suggestions (for example of Siri Shortcuts), Widget smart stacks (also Siri watch face); consumes Duet knowledge and app-provided timelines with relevance hints; /System/Library/RelevanceEngine; launchd service: com.apple.relevanced
263 Remote Pairing Mobile Device pairing without wired connection; RemotePairingDevice.framework; Bonjour services: _remotepairing._tcp, _remotepairing-manual-pairing._tcp
264 RemoteXPC connection to a non-SoC-integrated SEP like Bridge; uses HTTP/2 over a network interface, Bridge connected over USB, secured using Attestation; RemoteServiceDiscovery.framework, TrustedAccessory.framework; launchd service: com.apple.remoted, com.apple.tracd; command line tool: remotectl
265 Revisions document autosave and auto-versioning; stored in .DocumentRevisions-V100; GenerationalStorage.framework; launchd service: com.apple.revisiond
266 Routine frequently visited locations on iOS, interacts with Duet; launchd service: com.apple.routined
267 RTC Real-time Telemetry and Crash reporting; RTCReporting.framework; launchd service: com.apple.rtcreportingd
268 RTKit operating system used on Apple Silicon for firmware of co-processors
269 RunningBoard runtime management of apps, paradigm: app as service process invoked by system, check-in by frameworks, handles process assertions (frontmost app, see App Nap), memory pressure (see Jetsam) and compute resources (GPU), replacement for TAL?; launchd service: com.apple.runningboardd; /System/Library/LifecyclePolicy, /System/Library/RunningBoard
270 Safety Monitor Check In; short-term location sharing in iMessage until a destination is reached; /Applications/SafetyMonitorApp.app
271 SBPL Sandbox Profile Language; a TinyScheme-based embedded DSL for Seatbelt profiles
272 SCIP System Coprocessor Integrity Protection; like KIP, but for SEP, ISP, Motion coprocessor
273 Screen Reader VoiceOver and Braille; /System/Library/ScreenReader; ScreenReader.framework
274 Screen Time digital wellbeing and parental controls system, uses Device Management as policy engine, self-enforced within the application by frameworks; DeviceActivity.framework, ManagedSettings.framework, FamilyControls.framework; launchd services: com.apple.ScreenTimeAgent, com.apple.dmd
275 SDB SQL Database; CoreSDB.framework, used by iCloud communication
276 Search Party portion of Find My service for offline devices; devices emit public part of rotating key pair via Bluetooth LE, other devices encrypt current location with this key and send to Apple, private key shared over CloudKit
277 Seatbelt process sandbox by filtering system calls; profiles written in SBPL; /System/Library/Sandbox/Profiles, /usr/share/sandbox; default file access policy asks for TCC confirmation before access to folders with user data (like Documents) is allowed; command line tool: sandbox-exec; launchd service: com.apple.sandboxd (invoked by kernel through host special port 14 for logging)
278 Secure Backup escrow part of CKKS; escrow key individually wrapped with passcodes of trusted devices, stored in HSM to prevent brute forcing, uses SRP so passcodes are not visible to iCloud, limited number of recovery attempts; protocol called Lakitu, uses FollowUp; launchd service: com.apple.SecureBackupDaemon (com.apple.sbd); CloudServices.framework
279 SEP Secure Enclave Processor; dedicated ARM core for security services, runs L4/Darbat-based sepOS, inline encryption to DRAM, manages AES keys in storage DMA engine, factory-paired channels to Touch ID/Face ID hardware, Secure Element, Neural Engine; SEP can use but not read UID and GID keys; credential verification performed by hardware lockbox with retry count enforcement
280 Sequoia translation; downloadable language models can run on-device; /Applications/SequoiaTranslator.app, Translation.framework
281 Seymour Apple Fitness+; workout videos integrated with Watch sensors; SeymourCore.framework
282 SF Symbols scalable UI symbols; rendered with various color treatments; SFSymbols.framework
283 Shared File List lists of recently opened files from apps that are stored with Launch Services; command line tool: sfltool; also manages login items and app-installed background daemons
284 Shared With You collaboration features between apps and iMessage; content shared via iMessage is surfaced in apps (Swift Transferable protocol), content in apps can be collaboratively edited and connected to an iMessage group; collaborations are expressed by keys derived from participant device keys, padded with a number of random keys to prevent tracking of device count, a merkle tree of those keys is used to prove inclusion of a specific device to an app; SharedWithYou.framework
285 Sharing umbrella term for wireless proximity services: AirDrop, Continuity, Instant Hotspot, WiFi sharing; used by loginwindow for Watch unlock; Sharing.framework; launchd service: com.apple.sharingd; also serves connection sharing and remote disk
286 Shazam audio (especially music) recognition service; ShazamKit.framework; launchd service: com.apple.shazamd; command line tool: shazam
287 Shoebox Passbook
288 Sidecar using iPhone/iPad as Mac accessory: external camera and microphone (ContinuityCapture), camera for photos and scanning (DocumentCamera.framework), external display over low-latency WiFi (llw interface) using avconferenced encoding; SidecarCore.framework; launchd services: com.apple.sidecar-display-agent (SidecarDisplayAgent), com.apple.sidecar-relay (SidecarRelay)
289 Signpost telemetry API to report points of interest in code; launchd service: com.apple.signpost.signpost_reporter
290 Simulator running an iOS/tvOS/watchOS personality on macOS, uses sandboxing and a separate Mach bootstrap namespace for container-like isolation; installable simulators as disk images in /Library/Developer/CoreSimulator/Images; command line tool: simctl
291 SIP System Integrity Protection or rootless mode; collection of kernel-level security restrictions regarding file system modification, unsigned Kexts, Taskport access, NVRAM access, DTrace; /System/Library/Sandbox/rootless.conf; command line tool: csrutil, rootless-init
292 Site Association signed files in .well-known directory on websites; equivalent to Entitlements for websites, associates domains with app IDs for Universal Links; command line tool: swcutil
293 SKP Sealed Key Protection; measurement of system state (boot chain IMG4 manifests, BPR, Boot Policy data, UID key, user passcode) to derive Keybag keys
294 SKS Secure Key Store; handling of keybag keys within the SEP
295 SkyLight WindowServer; SkyLight.framework
296 Skywalk network subsystem in XNU, links together actual technologies (Bluetooth, WiFi, Thunderbolt) and interfaces/tunnels; transacts in nexus (for conduits) and agent (for endpoints) objects; DriverKit network drivers use Skywalk; command line tool: skywalkctl
297 SLC System-Level Cache, architectural feature of Apple Silicon; cache located within SoC at controllers for external DRAM, serves all compute units and stages transfers between them
298 Social Gaming Game Center; multiplayer gaming services on top of CloudKit, shared storage and low-latency multicast for multiplayer sessions; launchd service: com.apple.gamed
299 Sock Puppet Watch interaction that requires Companion device
300 SOS Secure Object Sync; syncing backend for iCloud Keychain, not to be confused with the emergency call feature; transferred items previously staged in Synced Defaults, for two-factor accounts in CKKS; launchd services: com.apple.secd (access to local keychain), com.apple.security.cloudkeychainproxy3 (connects to Synced Defaults), com.apple.security.keychain-circle-notification
301 SPI System Private Interface; /System/Library/PrivateFrameworks
302 SpringBoard iOS home screen; like Dock (Launchpad, Mission Control, desktop picture), Control Center, SystemUIServer (menu extras icons), loginwindow (lock screen), and WindowServer (compositor) on macOS; /System/Library/CoreServices/SpringBoard.app, /Applications/PreBoard.app, BaseBoard.framework, FrontBoard.framework, SplashBoard.framework; launchd service: com.apple.backboardd (compositor)
303 SPRR Shadow Permission Remap Register? feature of Apple Silicon to dynamically reintepret page permissions
304 SRP Secure Remote Password; standard cryptographic protocol for proving knowledge of a secret such that attackers cannot brute-force the secret; AppleSRP.framework
305 SSO Single Sign-On
306 SSV Signed System Volume, als called Authenticated Root Volume (ARV); macOS boots from blessed read-only APFS snapshot, merkle-tree and root-hash stored in Preboot volume; modifications require disabling root authentication with csrutil from recovery, then the live filesystem can be mounted, modified, and re-blessed; command line tools: apfs_systemsnapshot, bless, csrutil
307 Stark CarPlay
308 Stockholm Secure Element in Apple SoCs, a processor running crypto protocols on keys it protects; used for Apple Pay and Car Key; related codenames: Icefall, Warsaw
309 Storage Management freeing up disk space by managing bulky items; UI in System Information.app; StorageManagement.framework; launchd service: com.apple.diskspaced; extension point: com.apple.storagemanagement; extends Cache Delete service
310 Suggestions semantic analysis of mails and websites to suggest contacts, calendar events and the like; launchd services: com.apple.suggestd, com.apple.reversetemplated; custom JavaScript parsers in /System/Library/AssetsV2/com_apple_MobileAsset_CoreSuggestions
311 Symbols debug symbols for backtraces; CoreSymbolication.framework; launchd services: com.apple.coresymbolicationd; command line tools: atos, symbols, symbolscache
312 Symptoms network diagnostics; Symptoms.framework; /var/networkd/db/netusage.sqlite; launchd service: com.apple.symptomsd (invoked by kernel through host special port 27)
313 Synced Defaults simple key-value store for applications, no user control over data; can use iCloud key-value backend (old) or Manatee container (new, marked as com.apple.kvs) as storage; launchd service: com.apple.syncdefaultsd; locally stored in ~/Library/SyncedPreferences
314 System Configuration SystemConfiguration.framework; launchd service: com.apple.configd; command line tool: scutil
315 System Extension system-wide components formerly implemented as insecure plugins or kexts; current extension types: DriverKit, FSKit, Network, Endpoint Security, Core Media IO; /System/DriverKit, /System/Library/DriverExtensions; command line tool: systemextensionsctl; launchd services: com.apple.sysextd, com.apple.nesessionmanager, com.apple.endpointsecurity.endpointsecurityd; command line tool: eslogger
316 System Policy Gatekeeper; policy engine for application launches and kext loading, malware signatures from /Library/Apple/System/Library/CoreServices/XProtect.bundle; /var/db/SystemPolicy; launchd service: com.apple.security.syspolicy (invoked by kernel through host special port 29); command line tool: spctl
317 Tailspin sampling of process stack traces; launchd service: com.apple.tailspind; command line tool: tailspin
318 TAL Transparent App Lifecycle; process for macOS apps started and stopped independently of the user launching and quitting app; also handles session restore across reboots; ~/Library/Saved Application State; launchd service: com.apple.talagent
319 Taskport Mach kernel concept for ptrace-like access to task internals; access policy implemented by daemon; launchd service: com.apple.taskgated (invoked by kernel through task special port 9); command line tool: DevToolsSecurity
320 TCC Transparency, Consent, and Control; user control over app access to privacy-related services (kTCCService*); TCC.framework; launchd services: com.apple.tccd, com.apple.tccd.system; command line tool: tccutil; stored in /Library/Application Support/com.apple.TCC, ~/Library/Application Support/com.apple.TCC, /var/db/locationd (for kTCCServiceLocation)
321 Template App code-less app-bundle, passed to an actual executable by LauncServices; created when adding websites in Safari to Dock/Springboard; run by /System/Volumes/Preboot/Cryptexes/App/System/Library/CoreServices/Web App.app
322 Time Machine automatic backup service, command line tools: tmdiagnose, tmutil
323 Tin Can Walkie Talkie on watchOS; /Applications/TinCan.app
324 Tones ringtones; ToneLibrary.framework
325 Translocation app binary copied on launch to dedicated location; initiated by Launch Services for security (prevents path traversal for apps quarantined by System Policy) or path normalization (iOS apps do not expect to be moved, but can be moved on macOS)
326 Transparency key transparency for ESS keys, based on CONIKS, devices audit IDS records against transparency logs, log hashes gossiped over iMessage to detect split-view attacks; Transparency.framework; launchd service: com.apple.transparencyd; server: init-kt.apple.com
327 TSS Tatsu Signing Server; online verification for firmware signatures; server: gs.apple.com
328 TTS Text To Speech, neural-network-based synthesis engine (Gryphon); command line tool: say; /System/Library/Speech, /System/Library/TTSPlugins
329 TVML TV Markup Language; declarative UI language for TV apps; TVMLKit.framework
330 Ubiquity iCloud Drive; codename Bladerunner, uses CloudKit; CloudDocs.framework; launchd service: com.apple.bird; locally stored in ~/Library/Mobile Documents (was supposed to move to Library/CloudStorage/iCloud Drive but this was reverted)
331 UID unique ID key, used as root key for cryptographic subsystems, generated during manufacturing by SEP and fused into hardware, only accessible by SEP
332 Unified Logging system-wide logging and Activity tracking; launchd service: com.apple.logd, com.apple.diagnosticd; command line tool: log; /dev/oslog; data stored in /var/db/diagnostics, support files in /var/db/uuidtext
333 USD Universal Scene Description; storage format for 3D assets; /usr/lib/usd
334 User Activity abstraction for deep-linking into apps with structured context (people, places); used for Universal Links (schema.org on websites), Handoff, Parsec (app links in search), Siri Shortcuts, Quick Note (context awareness), Proactive; UserActivity.framework; launchd service: com.apple.coreservices.useractivityd
335 User Notifications user interface for notification center; launchd service: com.apple.usernoted
336 UTI Uniform Type Identifiers; system for document types; file extensions and MIME types are mapped to UTIs, UTIs form a conformance graph, apps register their UTIs with Launch Services; /System/Library/CoreServices/CoreTypes.bundle; also Apple’s hardware devices are represented as UTIs
337 VA Video Acceleration; AppleGVA.framework, AppleVA.framework, AppleVPA.framework
338 Viceroy video conferencing used by FaceTime and ReplayKit; ViceroyTrace.framework
339 Virtualisation running virtual machines on macOS; Hypervisor.framework (for basic VMs and vCPUs), Virtualization.framework (brings a robust set of device models)
340 VSDB volume status database; /var/db/volinfo.database; command line tool: vsdbutil
341 Waldo selects edge servers based on approximate location, part of Private Relay, seen in NSP
342 WFS WebDAV File Sharing; built-in file sharing with Apache; /etc/wfs; command line tool: wfsctl
343 Widgets content excerpt from apps; provided via a timeline of view hierarchies, configuration uses Intents; visible on home screen, lock screen, as live activities, as watch complications; WidgetKit.framework; extension point: com.apple.widgetkit-extension; launchd service: com.apple.chronod (timeline management and sync)
344 Willow HomeKit; end-to-end-encrypted communication protocol and API for IoT-accessories; pairing with SRP using code printed on device, credential sync by CKKS, transported over Alloy, remote access using Apple TV as proxy; launchd service: com.apple.homed
345 Window Manager implements Stage Manager; /System/Library/CoreServices/WindowManager.app
346 Workflow Shortcuts; user-programmable system-wide automation, built-in triggers cause a chain of actions to run; actions are synthesized from User Activities and Intents provided by apps; WorkflowKit.framework, ActionKit.framework; locally stored in ~/Library/Shortcuts; launchd service: com.apple.siriactionsd (voice-triggered shortcuts); command line tool: shortcuts
347 xART eXtended Anti-Replay Technology; persistent storage for SEP, used by Mesa; /System/Volumes/xarts; launchd service: com.apple.xartstorageremoted; command line tool: xartutil
348 XCS Xcode Server; continuous integration server; command line tools: xcscontrol, xcsdiagnose
349 XProtect signature-based malware scanner and remediation service; /Library/Apple/System/Library/CoreServices/XProtect.bundle

246
internals.txt
View File

@@ -1,246 +0,0 @@
AA Apple account
AAT Apple Advanced Typography; font format and rendering engine
Accounts launchd service: com.apple.accountsd; /System/Library/Accounts
ACDE Apple Connect Device External? ACDEClient.framework, old two-step verification, derived from a company-internal AppleConnect system? server: appleconnect.apple.com
ACFS Apple Clustered File System; deprecated file system for Xsan; acfs.framework
Acoustic ID Siri feature to recognize songs
Action extension type for quick interaction with foreign content within a host app; extension points: com.apple.services, com.apple.ui-services
Activity jobs, coarse-grained work units of applications; tracked by the system across XPC, bears a QoS class for scheduling; low-level mechanism not to be confused with User Activity
AE Apple Events; messaging system to invoke application functionality; CoreServices.framework/AE.framework; launchd services: com.apple.coreservices.appleevents, com.apple.AEServer (AE over network)
AGC Apple Graphics Control, management of multiple displays and display port connections; launchd service: com.apple.displaypolicyd
ALF Application-Level Firewall, launchd service: com.apple.alf (socketfilterfw)
Alloy substrate for communication between user devices over Bluetooth and devices to iCloud, implemented over IDS; /System/Library/IdentityServices/ServiceDefinitions; launchd service: com.apple.identityservicesd
ALS Ambient Light Sensor, AmbientDisplay.framework
Amber Swift UI; SwiftUI.framework
AMFI Apple Mobile File Integrity, checks code integrity based on code signature, stronger enforcement with hardened runtime, validates entitlement restrictions; launchd service: com.apple.MobileFileIntegrity (amfid), invoked by kernel through host special port 18
AMP Apple Media Protocol? former parts of iTunes for iPod and iOS device access in Finder, Home Sharing; AMPDevices.framework, AMPSharing.framework; launchd services: com.apple.AMPDeviceDiscoveryAgent, com.apple.AMPDevicesAgent, com.apple.amp.mediasharingd
Anisette two-factor authentication creates security codes on trusted devices using TOTP, probably using Circle keys, checked by HSA; AuthKit.framework; launchd service: com.apple.akd
AOS Apple Online Services? historical name for iCloud
APNS Apple Push Notification service, server infrastructure for remote push notifications over a single connection, clients subscribe to push topics, can be authenticated by app (remote notifications), device (Find My …), or Apple ID login (DSID); credentials in apsd keychain; launchd service: com.apple.apsd; server: courier.push.apple.com
App Nap quiescence detection for applications and corresponding self-demotion in scheduler parameters, implemented within the application by frameworks, listens for occlusion notifications from WindowServer
App Sandbox Seatbelt-based sandbox for apps; /System/Library/Sandbox/Profiles/application.sb; enabled with com.apple.security.app-sandbox entitlement; command line tool: asctl; launchd service: com.apple.secinitd
APRR Access Protection Range Register? ARM CPU register to downgrade actual permissions of memory pages; used for JIT protection and by AMFI to freeze user code after checking
APFS Apple File System; copy-on-write file system with support for volume space-sharing, per-file encryption, and snapshots
APT Adaptive Picture Timing? ProMotion; dynamic screen updates with 120Hz base frequency
ASL Apple System Logger, superseded by Unified Logging; /etc/asl; stored in /var/log/asl; launchd service: com.apple.syslogd; command line tool: syslog
ASR Apple Software Restore; restore entire volumes from sources like disk images (HDI, SIU), also restores based on APFS snapshots and snapshot deltas; command line tool: asr
Assertions power state management allowing applications to prevent sleeping; launchd service: com.apple.powerd; command line tools: caffeinate, pmset
Assessment checking of System Policy; term used on iOS for school exam apps that lock the device
Asset Cache discretionary caching server for Mobile Assets, Packages, iOS updates, App Store content, ODR, MMCS data; launchd services: com.apple.AssetCache.builtin, com.apple.AssetCacheLocatorService, com.apple.AssetCacheManagerService, com.apple.AssetCacheTetheratorService; command line tools: AssetCacheLocatorUtil, AssetCacheManagerUtil, AssetCacheTetheratorUtil
Assistant Siri; dictation and semantic understanding, Intent is communicated to and enacted on the client, uses TTS; /System/Library/Assistant, AssistantServices.framework; server: *.siri.apple.com
ATS App Transport Security, sandbox mechanism only allowing TLS-secured connections
ATSUI Apple Type Services for Unicode Imaging; rendering engine superseded by CoreText.framework, font management; ApplicationServices.framework/ATS.framework; launchd service: com.apple.fontd; command line tools: atsutil, fontrestore
Authorization discretionary access control policies for high-level services; similar to PAM; policy stored in /var/db/auth.db
Avatar Memoji; AvatarKit.framework
AVB Audio Video Bridging, low-latency audio over Ethernet; launchd service: com.apple.avbdeviced; command line tool: avbdiagnose, avbutil
AWD Apple Wireless Diagnostics, sends system telemetry to Apple; CoreAnalytics.framework, WirelessDiagnostics.framework; launchd services: com.apple.awdd, com.apple.analyticsd
AWDL Apple Wireless Direct Link; secondary WiFi interface that runs in parallel to an active WiFi access point connection, similar to WiFi Direct (p2p interface), uses a randomized MAC, used for peer-to-peer networking: AirDrop, AirPlay; DeviceToDeviceManager.framework
Bezel on-screen overlays for hardware volume buttons, screen brightness, Bluetooth HID, and others; /Library/Application Support/Apple/BezelServices, launchd services: com.apple.loginwindow, com.apple.OSDUIHelper
BOM Bill of Materials; format to store contents of installer Packages; command line tool: lsbom
Bonjour mDNS; launchd service: com.apple.mDNSResponder.reloaded; command line tool: dns-sd
Boot Cache disk cache pre-heating at boot time with typically loaded applications; /var/db/BootCaches; launchd service: com.apple.warmd
BPR Boot Progress Register; set-only flags to track boot mode (normal, DFU, recovery), part of Keybag class key derivation within SEP, so passcode-protected keys are inaccessible in DFU and recovery
Bridge T2 ARM CPU in Intel Macs to drive Touch Bar and Secure Boot, runs a derivative of watchOS, boots the platform and the Intel CPU, communication from macOS uses RemoteXPC, which uses HTTP/2 over a USB-Ethernet interface; launchd service: com.apple.multiversed; /System/Library/MultiversePlugins; command line tool: remotectl
Bulletin Board application push notification management, aggregates local and remote push notifications; BulletinBoard.framework
Cache Delete cleanup for various caches; /System/Library/CacheDelete; launchd service: com.apple.cache_delete (deleted)
CAML Core Animation Markup Language; XML file format for layers, shapes and animations
Carousel derivative of SpringBoard for Watch home screen, watch face, and notification center
Celestial media streaming used by ReplayKit for game broadcasts; Celestial.framework
Certificates validity checked using OCSP stapling, locally installed CRLs, and transparency logs; /System/Library/Security/Certificates.bundle; launchd services: com.apple.trustd, com.apple.trustd.agent, com.apple.ocspd
Circle cryptographic primitive to exchange public keys of all trusted devices of one user, signed by all Circle peers; used by SOS; command line tool: tpctl; KeychainCircle.framework; iCloud identity keypair as an additional Circle peer, triggers countersigning from all trusted devices, private key synced across all trusted devices, new devices can pull this key from Secure Backup to join the Circle
CKKS CloudKit Key Store, backend for SOS and Circle using CloudKit, currently stores the ApplePay, AutoUnlock, Engram, HealthKit, HomeKit, and Manatee PCS keys; secrets are unknown to Apple; launchd service: com.apple.secd; command line tool: ckksctl
Classroom launchd service: com.apple.studentd
Cloud Pairing part of Alloy, Bluetooth out-of-band pairing over iCloud for Continuity; launchd service: com.apple.cloudpaird
CMAS Commerial Mobile Alert System, now known as Wireless Emergency Alerts (WEA)
Commpage user-mapped kernel data, like vdso/vsyscall on Linux; mapped at 0x7fffffe00000
Communications Filter recipient blocking for iMessage, FaceTime, Mail; launchd service: com.apple.cmfsyncagent
Companion iPhone that is paired with Watch; communication uses Alloy over Bluetooth
Continuity umbrella term for Handoff, Sidecar, SMS relay, Universal Clipboard, Watch unlock, WiFi call relay and others; SMS relay works by proxying to iMessage, other services use Alloy
CPML CorePrediction Machine Learning; CPMLBestShim.framework
CRD Conference Room Display; Apple TV mode
CSR Code Security/Signing Restrictions/Requirements? also called System Integrity Protection (SIP) or rootless mode; collection of kernel-level security restrictions regarding file system modification, unsigned Kexts, Taskport access, NVRAM access, DTrace; /System/Library/Sandbox/rootless.conf; command line tool: csrutil, rootless-init
CTK Crypto Token Kit; smart card management, also for the secure element on iOS? launchd service: com.apple.ctkd; command line tool: sc_auth
CTS Centralized Task Scheduling; execution of DAS tasks; /System/Library/UserEventPlugins/com.apple.cts.plugin
CVMS Core VM Server/Service? compilation of GPU shaders; launchd service: com.apple.cvmsServ
DAAP Digital Audio Access Protocol; used by Home Sharing (with Rapport token) and by the Remote app to control Apple TV (with pairing token); payload unencrypted; DAAPKit.framework; Bonjour services: _atc._tcp, _home-sharing._tcp, _mediaremotetv._tcp, _touch-able._tcp
DAS Duet Activity Scheduler; scheduling policy engine behind NSBackgroundActivityScheduler and XPC activities; /System/Library/DuetActivityScheduler; launchd service: com.apple.dasd
Data Detectors text analysis to highlight phone numbers, street addresses, and the like; DataDetectors.framework
DataVaults directories with the UF_DATAVAULT special flag; read access limited under CSR
DAV Distributed Authoring and Versioning; network protocol on top of HTTP for syncing calendars (CalDAV), contacts (CardDAV), and formerly also bookmarks (BookmarkDAV)
DCIM Digital Camera Images; DCIMServices.framework
DEP Device Enrollment Program; devices check in with Apple during Setup Assistant to query for their enrollment status, retrieve MDM server URL to fetch initial configuration profile
DFR Dynamic Function Row?, TouchBar; /System/Library/CoreServices/ControlStrip.app; DFRFoundation.framework
Differential Privacy crowdsourcing without user tracking; privacy budget for management of anonymity set; used for keyboard words, emoji, Spotlight searches, Parsec deep links, HealthKit usage, Safari telemetry; /System/Library/DifferentialPrivacy; stored in /var/db/DifferentialPrivacy; launchd service: com.apple.dprivacyd
DND Do Not Disturb
DSID Destination Signaling Identifier, unique ID for IDS login on a specific device
DTrace system-wide tracing infrastructure, command line tools: dtrace, *.d, dappprof, dapptrace, dtruss, errinfo, execsnoop, fddist, fs_usage, imptrace, iopattern, iopending, iosnoop, iotop, lastwords, latency, opensnoop, plockstat, rwsnoop, sampleproc, sc_usage, topsyscall, topsysproc
Duet telemetry collection engine for system and user events, forecasting by machine learning, backend for DAS, Proactive, Relevance, Screen Time, thermal and battery management; /System/Library/DuetKnowledgeBase; CoreDuet.framework, CoreKnowledge.framework, CorePrediction.framework; launchd services: com.apple.coreduetd, com.apple.knowledge-agent
Dyld Shared Cache dynamic linker cache, stores all system libraries in prelinked form, original library files are removed; /System/Library/dyld; command line tool: update_dyld_shared_cache
EAS Exchange Active Sync; network protocol for accessing Microsoft Exchange servers
Energy Impact unitless metric for per-application energy consumption, machine-specific coefficients; /usr/share/pmenergy; launchd services: com.apple.sysmond, com.apple.thermald
Engram Messages in iCloud; devices store received iMessages in CloudKit; Engram.framework
Entitlements capability-like attributes bound to executables by code signing; some entitlements like App Sandbox restrict ambient authority, some gradually relieve those restrictions (using Seatbelt), some services or system calls grant privilege based on caller entitlements
ESS IDS user directory, public key distribution for iMessage and CloudKit sharing, uses Transparency; server: *.ess.apple.com; launchd service: com.apple.identityservicesd
FaceTime video calls, employs the ICE (establishing peer-to-peer connection), STUN (session credential exchange) and SRTP (encrypted media streaming) protocols; FTServices.framework; launchd services: com.apple.videoconference.camera (avconferenced)
FairPlay DRM system used by app and media stores; CoreADI.framework, CoreFP.framework; launchd services: com.apple.adid, com.apple.fpsd; credentials stored in /var/db/fpsd
Family Circle Family Sharing; launchd services: com.apple.familycircled, com.apple.askpermissiond
FDE Full Disk Encryption, FileVault; command line tool: fdesetup, sysadminctl
Feldspar Apple News; Silex.framework
FiDES Fi? Distributed Evaluation Service? ingests and aggregates Differential Privacy data for unlinkability? used for emoji, Suggestions, Dictation; /System/Library/DistributedEvaluation; DistributedEvaluation.framework; server: fides-pol.apple.com
Find My … location sharing by explicitly querying devices remotely or collateral beacon detection using Search Party; launchd service: com.apple.icloud.fmfd (find my friends)
Firmlink bi-directional non-symbolic link between the read-only system volume and the data volume, additional symlinks and mountpoints in the root directory are virtually allocated; /usr/share/firmlinks, /etc/synthetic.conf
FollowUp user interaction for Secure Backup wrapping with device passcode, CoreFollowUp.framework; launchd service: com.apple.followupd
FoundationDB fundamental iCloud storage database, marketed as CloudKit for app developers, separated into containers; records, blobs and large asset storage with MMCS, server-side continuous queries can trigger push notifications, user management by IDS, sharing between users; PCS keys used for hierarchical zone, record, and asset encryption; CloudKitDaemon.framework; launchd service: com.apple.cloudd; locally stored in ~/Library/Caches/CloudKit, ~/Library/Containers/*/Data/CloudKit
FUD Firmware Update Daemon; /var/db/fud; launchd service: com.apple.MobileAccessoryUpdater
Gizmo Apple Watch; managed by Bridge.app (watch settings) on Companion
GSS Generic Security Service; part of Kerberos; GSS.framework; launchd service: com.apple.gssd, invoked by kernel through host special port 19; command line tool: gsstool
HAP Home Automation Protocol; CoreHAP.framework
HDA High Definition Audio; HDAInterface.framework
HDI Hard Disk Image; command line tool: hdiutil
HDR High Dynamic Range; video with wide-range transfer function; HDRProcessing.framework
HeadBoard derivative of SpringBoard for tvOS home screen; sub-service: PineBoard
HLS HTTP Live Streaming
HSA Hardware Security Architecture; version 1 used for two-step verification, iCloud Keychain with iCSC; version 2 for two-factor authentication, SOS and Secure Backup with iCDP
HSM Hardware Security Module; HSM fleet runs escrow service for Secure Backup; public keys for authenticating the HSM services in /System/Library/Security/Certificates.bundle/Contents/Resources/AppleESCertificates.plist
Hyperion iCloud Photos, uses CloudKit; launchd service: com.apple.cloudphotod; command line tool: cpldiagnose
IAP iPod Accessory Protocol; IAP.framework
iCDP iCloud Data Protection, codename for a set of enhancements to iCloud privacy: device passcodes used as iCSC for Secure Backup, PCS root keys for CKKS-enabled services only synced between devices using SOS and not stored at Apple; launchd service: com.apple.cdpd
iCloud umbrella term for a conglomerate of services, consists of FoundationDB containers with PCS views for key management, supported by SOS; uses IDS and APNS; some services under the iCloud name are actually served by the iTunes conglomerate or by IMAP or DAV
iCSC iCloud Security Code, credential wrapping for Secure Backup, previously used a separate code, with HSA2/iCDP uses device passcodes
IDAM Inter-Device Audio and MIDI; audio connection between devices
IDS Identity Service, also IDMS, Apple ID identity management for all of Apples online services; APNS topics for signaling and messaging, see also Alloy, ESS, FaceTime, iMessage; authentication to services with Kerberos
IM Instant Messaging; usually means iMessage and FaceTime, formerly also XMPP
Intent use-case-driven interaction with 3rd-party apps from a host app; used for Siri, Maps, Widgets (configuration); extension points: com.apple.intents-service, com.apple.intents-ui-service
IOKit device driver subsystem for in-kernel and DriverKit drivers, command line tool: ioreg
Ironwood dictation, customized on server with selected user data (contacts, app names, music titles, HomeKit names, Siri Shortcut phrases), not tied to Apple ID; server: guzzoni.apple.com
ISP Image Signal Processor; camera imaging circuit in iPhones
ITML iTunes Markup Language; metdata tagging for media services; ITMLKit.framework
ITP Intelligent Tracking Prevention, cross-site tracking defenses in Safari, statistics and user interaction classify sites, cookies are partitioned and access is restricted
iTunes old umbrella term for a conglomerate of media services: App Stores, Apple Music, Apple TV, iCloud media library, Apple Podcasts, Podcast sync, Books Store, Books sync; server: phobos.apple.com
JARVIS Just A Rather Very Intelligent Scheduler, Mesos cluster manager for Siri, iCloud, iTunes
Jellyfish Animoji
Jetsam reclaiming of purgeable memory and terminatable apps during memory pressure; see TAL
JSC JavaScript Core; JavaScriptCore.framework; command line tool: jsc
Kerberos single-sign-on mechanism; Heimdal.framework; command line tools: klist, ktutil
Kext kernel extension, /Library/Extensions, /Library/StagedExtensions, /System/Library/Extensions; launchd service: com.apple.kextd, invoked by kernel through host special port 15; also handles DriverKit drivers; command line tool: kextutil, kmutil
Keybag storage of protection class keys for Keychain and filesystem, protected by SEP with passcode and lockout; stored in user.kb; launchd services: com.apple.mobile.keybagd, com.apple.securityd_service, com.apple.secd
Keychain storage for credentials; launchd service: com.apple.securityd; command line tools: certtool, security, systemkeychain
KIP Kernel Integrity Protection, locking of physical memory pages to prevent changes to kernel
Launch Services management for applications, uses Spotlight to update cached info; launchd services: com.apple.coreservices.launchservicesd, com.apple.lsd; CoreServices.framework/LaunchServices.framework; command line tools: lsappinfo, lsregister
Liverpool PCS and TCC codename for CloudKit
LKDC Local Key Distribution Center, Kerberos on client machines
LSM Latent Semantic Mapping, text analysis, used for spam filtering, command line tool: lsm
Mac Buddy historic name for Setup Assistant
Machine Learning Vision.framework, Espresso.framework, Futhark.framework, PhotoAnalysis.framework
Madrid iMessage; /System/Library/Messages
Manatee PCS key for some CloudKit containers are protected/wrapped with a key synced via SOS, so data is unreadable to Apple (credential management codenames: Plesio, Stingray)
Mangrove transfering UI tiles over XPC; Mangrove.framework, IOSurface.framework
Marco Marco.framework, something about IDS and communication (iMessage, Calls), logging?
Marzipan Catalyst; port of iOS frameworks to macOS, Catalyst apps are iOS apps with additional API to adapt macOS UI idioms; /System/iOSSupport; integration using UIKit system process; launchd service: com.apple.uikitsystemapp
MCX Managed Client for OS X, preference management for settings from configuration profiles, /Library/Managed Preferences, command line tools: mcxquery, mcxrefresh
MDM Mobile Device Management; server software to manage fleets of iOS and macOS devices; uses configuration profiles to manage preferences; ConfigurationProfiles.framework
MDS Module Directory Services, ancient part of the old security APIs (CSDA, CSSM)
Memory Debugging uses Taskport; command line tools: heap, leaks, malloc_history, stringdups, vmmap
Mesa Touch ID; /Library/Catacomb; /var/db/bkad.db; command line tool: xartutil
Metadata Spotlight; file indexing on macOS; CoreServices.framework/Metadata.framework, CoreServices.framework/SearchKit.framework; stored in /Volumes/*/.Spotlight-V100; launchd service: com.apple.metadata.mds; command line tools: mddiagnose, mdfind, mdimport, mdls, mdutil; in addition to auto-indexing, apps can explicitly register searchable items; CoreSpotlight.framework; launchd service: com.apple.corespotlightd
MMCS MobileMe Chunk Storage, used by iCloud, splits blobs into chunks and stores them at Amazon/Google with convergent encryption; MMCS.framework
Mobile prefix for iOS
Mobile Assets demand-downloaded system components like fonts, dictionaries, linguistic data; stored in /System/Library/Assets/; launchd services: com.apple.languageassetd (language-dependent assets), com.apple.mobileassetd; server: mesu.apple.com
Mobile Device connectivity to iOS devices over USB or WiFi (AirTrafficHost) for syning, development, and debugging; MobileDevice.framework; launchd service: com.apple.usbmuxd; Bonjour service: _apple-mobdev2._tcp
MOC Managed Object Context; Core Data object space
Mondrian photo arrangement in moments, collections, years; Mondrian.framework
MRT Malware Removal Tool; /Library/Apple/System/Library/CoreServices/MRT.app
Multipeer Connectivity ad-hoc networking; Bonjour for discovery; WiFi, AWDL, Bluetooth, or Ethernet as transport; optional encryption and certificate-based authentication
Nano prefix for watchOS
Newton fall detection on watchOS
NLP Natural Language Processing; NLP.framework; related to mecabra libraries, a linguistic engine for Chinese and Japanese; /usr/share/mecabra, /usr/share/tokenizer
Notarization app security scan by Apple; cryptographic proof stapled to code signature, tested by System Policy; command line tools: altool, stapler
Noticeboard User Notifications for Software Update and App Store, Noticeboard.framework; launchd services: com.apple.noticeboard.state (nbstated), com.apple.noticeboard.agent (nbagent)
Notifications system notification bus, unrelated to the local/remote push notifications; launchd service: com.apple.notifyd; command line tool: notifyutil; complemented by framework-level notification system (CFNotification, NSNotification); launchd services: com.apple.distnoted.xpc.daemon, com.apple.distnoted.xpc.agent
NSP Network Service Proxy; per-app VPN and proxy settings; launchd service: com.apple.networkserviceproxy
ODR On-Demand Resources; loaded from App Store; launchd service: com.apple.appstored
Onboarding data protection splash screen shown by service-connected apps; /System/Library/OnBoardingBundles; OnBoardingKit.framework
Open Directory directory service for user, group, and machine management; plugin-based to use different backend stores (LDAP, Active Directory), local accounts in /private/var/db/dslocal; launchd service: com.apple.opendirectoryd; command line tools: dscacheutil, dscl, dsconfigad, dsconfigldap, dseditgroup, dsenableroot, dserr, dsexport, dsimport, dsmemberutil, odutil
Opus create slide shows from photos; Slideshows.framework
OSA Open Scripting Architecture; scripting of applications from different fontend languages (currently AppleScript and JavaScript); backed by Apple Events; command line tools: osacompile, osadecompile, osalang, osascript, sdef, sdp
OTUT One-Time Unlock Token; security mechanism to allow keybag unwrapping after updates
PAC Pointer Authentication Codes; pointers signed in unused bits to prevent ROP attacks
Packages unit of software installation; command line tools: pkgutil, installer, softwareupdate; launchd services: com.apple.softwareupdated, com.apple.bootinstalld, com.apple.installd, com.apple.system_installd, com.apple.uninstalld; /var/db/softwareupdate, /Library/Apple/System/Library/Receipts (system), /System/Library/Receipts (read-only), /private/var/db/receipts (App Store)
Parsec Spotlight web results and searching of crowdsourced User Activity deep links; server: *.smoot.apple.com; launchd services: com.apple.parsecd, com.apple.parsec-fbf (Feedback Flush to Differential Privacy)
Pasteboard storage for cut, copy, and paste; launchd service: com.apple.pboard; command line tools: pbcopy, pbpaste
PCS Protected Cloud Storage; key management for separate iCloud storage compartments (PCS calls them views), each can contain FoundationDB plus bulk data stored by MMCS; see also iCDP, CKKS, Manatee; ProtectedCloudStorage.framework; /System/Library/Preferences/ProtectedCloudStorage
PCSC Personal Computer Smart Card; PCSC.framework, uses CTK
PDE Print Dialog Extension; old name, not a proper Extension
Pegasus picture-in-picture video playback; Pegasus.framework (iOS), PIP.framework (macOS)
Pepper UI elements for Watch home screen and Chat, like Quickboard (canned replies), Animoji; PepperUICore.framework
Persona separation of sub-user-identities, like when using a private and managed Apple account; PersonaKit.framework; ~/Library/Personas; /System/Library/UserManagement
Piano Mover Mail Drop; large mail attachments transfered over PCS; not to be confused with storage for iMessage attachments, which uses a CloudKit container
Plugin Extensions, XPC services bundled with apps or frameworks, discovery by Launch Services; launchd service: com.apple.pluginkit.pkd; command line tool: pluginkit
PMP Port Mapping Protocol; Apple alternative to UPnP, Bonjour service: _acp-sync._tcp
Preferences storage for user-configurable settings; launchd services: com.apple.cfprefsd.xpc.daemon, com.apple.cfprefsd.xpc.agent; stored in Library/Preferences, command line tool: defaults; interaction with Synced Defaults per /System/Library/DefaultsConfigurations
Proactive umbrella term for suggestions and completions based on Duet forecasting and User Activity context, also marketed as Siri features; PersonalizationPortrait.framework
QoS Classes inheritable property for Activities; semantic priorities, influences scheduling parameters; initially set at user-level, priority inheritance within GCD queues and across XPC in kernel?
Quagga framework for QR and barcode decoding; Quagga.framework
Quick Look file preview and thumbnail generation; comand line tool: qlmanage
RAOP Remote Audio Output Protocol; formerly AirTunes, now part of AirPlay; Bonjour service: _raop._tcp
Rapport device pairing by proximity using Alloy, with PIN entry, or using iCloud; once paired, devices can access services; used for HomeKit, HomePod, AirPlay, Home Sharing, SideCar; Rapport.framework; launchd service: com.apple.rapportd; Bonjour service: _companion-link._tcp
Recents recently used items (not files) in various applications, synced with Synced Defaults; CoreRecents.framework, /System/Library/Recents; launchd service: com.apple.recentsd
Relevance Engine backend for Siri suggestions (for example of Siri Shortcuts), Siri watch face, Widget smart stacks; consumes Duet knowledge and app-provided timelines; /System/Library/RelevanceEngine; launchd service: com.apple.relevanced
Revisions document autosave and auto-versioning; stored in /.DocumentRevisions-V100; GenerationalStorage.framework; launchd service: com.apple.revisiond
Routine frequently visited locations on iOS, interacts with Duet; launchd service: com.apple.routined
RTC Real-time Telemetry and Crash reporting; RTCReporting.framework; launchd service: com.apple.rtcreportingd
SBPL Sandbox Profile Language; a TinyScheme-based embedded DSL for Seatbelt profiles
SCIP System Coprocessor Integrity Protection; like KIP, but for SEP, ISP, Motion coprocessor
Screen Reader VoiceOver and Braille; /System/Library/ScreenReader; ScreenReader.framework
Screen Time digital wellbeing and parental controls system, uses Device Management as policy engine, self-enforced within the application by frameworks; launchd services: com.apple.ScreenTimeAgent, com.apple.dmd
SDB SQL Database; CoreSDB.framework, used by iCloud communication
Search Party portion of Find My service for offline devices; devices emit public part of rotating key pair via Bluetooth LE, other devices encrypt current location with this key and send to Apple, private key shared over CloudKit
Seatbelt process sandbox by filtering system calls; /System/Library/Sandbox/Profiles, /usr/share/sandbox; profiles written in a SBPL; command line tool: sandbox-exec; launchd service: com.apple.sandboxd, invoked by kernel through host special port 14 for logging
Secure Backup escrow part of SOS; escrow key individually wrapped with passcodes of trusted devices, stored in HSM to prevent brute forcing, uses SRP so passcodes are not visible to iCloud, limited number of recovery attempts; protocol called Lakitu, uses FollowUp; launchd service: com.apple.SecureBackupDaemon; CloudServices.framework
Secure Boot firmware checks integrity of OS before booting it, configurable on Macs
SEP Secure Enclave Processor; dedicated ARM core for security services, runs L4/Darbat, inline encryption to DRAM, factory-paired channels to Touch ID/Face ID hardware and Secure Element; SEP can use but not read device UID key, usage restricted to ROM code
Sharing umbrella term for wireless proximity services: AirDrop, Continuity, Instant Hotspot, WiFi sharing; used by loginwindow for Watch unlock; Sharing.framework; launchd service: com.apple.sharingd; also serves connection sharing and remote disk
Shoebox Passbook
Sidecar using iPhone/iPad as Mac accessory: camera for photos and scanning, annotations, external display over low-latency WiFi (llw interface) using avconferenced encoding; SidecarCore.framework; launchd services: com.apple.sidecar-display-agent (SidecarDisplayAgent), com.apple.sidecar-relay (SidecarRelay)
Signpost telemetry API to report points of interest in code; launchd service: com.apple.signpost.signpost_reporter
Simulator running an iOS/tvOS/watchOS personality on macOS, uses sandboxing and a separate Mach bootstrap namespace for container-like isolation, command line tool: simctl
SKS Secure Key Store; handling of keybag keys within the SEP
SkyLight WindowServer; SkyLight.framework
Social Gaming Game Center; multiplayer gaming services on top of CloudKit, shared storage and low-latency multicast for multiplayer sessions; launchd service: com.apple.gamed
Sock Puppet Watch interaction that requires Companion device
SOS Secure Object Sync; backend service for iCloud Keychain and iCDP/PCS, not to be confused with the emergency call feature; syncs credentials across trusted devices using keys from Circle, transferred items stored ephemerally in CKKS (new) or Synced Defaults (old) using OTR protocol; launchd services: com.apple.secd (access to local keychain), com.apple.security.cloudkeychainproxy3 (connects to Synced Defaults), com.apple.security.keychain-circle-notification; command line tool: otctl
SPI System Private Interface; /System/Library/PrivateFrameworks
SpringBoard iOS home screen; like Dock (Launchpad, Mission Control, desktop picture), Control Center, SystemUIServer (menu extras icons), loginwindow (lock screen), and WindowServer (compositor) on macOS; sub-services PreBoard, BaseBoard, FrontBoard, BackBoard (compositor), SplashBoard, SketchBoard; /System/Library/RunningBoard
SRP Secure Remote Password; standard cryptographic protocol for proving knowledge of a secret such that attackers cannot brute-force the secret; AppleSRP.framework
SSO Single Sign-On
Stark CarPlay
Stockholm Apple Pay
Storage Management freeing up disk space by managing bulky items; UI in System Information.app; StorageManagement.framework; launchd service: com.apple.diskspaced; extension point: com.apple.storagemanagement; extends Cache Delete service
Suggestions semantic analysis of mails and websites to suggest contacts, calendar events and the like; launchd services: com.apple.suggestd, com.apple.reversetemplated; custom JavaScript parsers in /System/Library/AssetsV2/com_apple_MobileAsset_CoreSuggestions
Symbols debug symbols for backtraces; CoreSymbolication.framework; launchd services: com.apple.coresymbolicationd; command line tools: symbols, symbolscache
Symptoms network diagnostics; Symptoms.framework; /var/networkd/netusage.sqlite; launchd service: com.apple.symptomsd, invoked by kernel through host special port 27
Synced Defaults simple key-value store for applications, no user control over data; can use iCloud key-value backend (old) or Manatee container (new, marked as com.apple.kvs) as storage; launchd service: com.apple.syncdefaultsd; locally stored in ~/Library/SyncedPreferences
System Configuration SystemConfiguration.framework; launchd service: com.apple.configd; command line tool: scutil
System Extension user-level components formerly in the kernel; currently either a DriverKit, Network, or Endpoint Security extension; /System/DriverKit; launchd services: com.apple.sysextd, com.apple.nesessionmanager, com.apple.endpointsecurity.endpointsecurityd; command line tool: systemextensionsctl
System Policy Gatekeeper; policy engine for application launches and kext loading; /var/db/SystemPolicy; launchd service: com.apple.security.syspolicy; invoked by kernel through host special port 29; command line tool: spctl
TAL Transparent App Lifecycle; app process is started and stopped independently of the user launching and quitting app; also handles session restore across reboots; ~/Library/Saved Application State; launchd service: com.apple.talagent
Taskport Mach kernel concept for ptrace-like access to task internals; access policy implemented by daemon; launchd service: com.apple.taskgated, invoked by kernel through task special port 9; command line tool: DevToolsSecurity
TCC Transparency, Consent, and Control; user control over app access to privacy-related services (kTCCService*); TCC.framework; launchd services: com.apple.tccd, com.apple.tccd.system; command line tool: tccutil; stored in /Library/Application Support/com.apple.TCC, ~/Library/Application Support/com.apple.TCC, /var/db/locationd (for kTCCServiceLocation)
Time Machine automatic backup service, command line tools: tmdiagnose, tmutil, bypass
Tin Can Walkie Talkie on watchOS
Tones ringtones; ToneLibrary.framework
Tourist backend for user-visible tips and hints; launchd service: com.apple.touristd
Transparency key transparency for ESS keys? Transparency.framework; launchd service: com.apple.transparencyd; server: init-kt.apple.com
TTS Text To Speech, command line tool: say; /System/Library/Speech; synthesizer engines: MacinTalk (historic), Polyglot (phoneme-based?), Gryphon (current, DNN-based?)
TVML TV Markup Language; declarative UI language for TV apps; TVMLKit.framework
Ubiquity iCloud Drive; uses CloudKit, codename Bladerunner; CloudDocs.framework; command line tools: iclouddrivectl, fileproviderctl; launchd service: com.apple.bird (iclouddrive-agent); locally stored in ~/Library/Mobile Documents, ~/Library/CloudStorage/iCloud Drive
Unified Logging system-wide logging and Activity tracking; launchd service: com.apple.logd, com.apple.diagnosticd; command line tool: log; /dev/oslog; data stored in /var/db/diagnostics, support files in /var/db/uuidtext
User Activity abstraction behind deep-linking into apps with structured context data (people, places); used for Universal Links (with schema.org on websites), Handoff, Parsec, Siri Shortcuts, Proactive; UserActivity.framework; launchd service: com.apple.coreservices.useractivityd
User Notifications user interface for notification center; launchd service: com.apple.usernoted
VA Video Acceleration; AppleGVA.framework, AppleVA.framework, AppleVPA.framework
Viceroy video conferencing used by FaceTime and ReplayKit
VSDB volume status database; /var/db/volinfo.database; command line tool: vsdbutil
Waldo VPN key management? location aware? seen in NSP, server: waldo.apple.com
Widgets content excerpt from apps; provided via a timeline of views, configuration uses Intents
Willow HomeKit; end-to-end-encrypted communication protocol and API for IoT-accessories; pairing with SRP using code printed on device, credential sync using SOS, transported over Alloy, remote access using Apple TV as proxy; launchd service: com.apple.homed
XCS Xcode Server; continuous integration server; command line tools: xcscontrol, xcsdiagnose