User Profile

I'm trying to create an XPC service to communicate between my Endpoint Security Extension and its Container App. I've taken the Sample Endpoint App from here. I've then followed the steps under Creating the Service here In fact, when I added the XPC service via the template, Xcode automatically added an Embed XPC Services phase to the container app. I can confirm that in the built container app I see the xpc service: SampleEndpointApp.app/Contents/XPCServices/Service.xpc If I initiate an NSXPCConnection from the container app then I can both connect and make RPCs. Furthermore I see the service process running via ps and also launchtl. If however I try to initiate an NSXPCConnection from the extension then I see nothing. RPC doesn't work and I don't see the service being launched. I've tried this with and without the connection in the main app. What am I missing here? What needs to be done to allow both processes to talk to each other? Is there some permissions issue here? Note that my plist for the service is as follows:

I'm building a macOS application with an Endpoint Security System Extension. I expect the system extension to always be running (i.e. it's effectively a daemon). My extension will gather information about processes and make that data available to the container app. The container app is a UI app and won't always be running. This means that I can't send data from the system extension at an arbitrary time. As far as I understand it, if I ship a macOS app in the App Store then I can't have a launch agent/daemon. I'm looking for a good way/the recommended way to solve this problem. Some specific thoughts/questions: Is it indeed the case that for an App Store app there's no way to create anything like a daemon? Do System Extensions always run as root? I couldn't see anything explicitly in the docs about this. However, given its effectively a daemon that would make sense. I believe using App Groups could be a solution. Specifically, I can just write data to a file in the Sys Ext and have the container app asynchronously pick that up later. However, since the Sys Ext is running as root, that app group will appear in a system folder and I'm not clear that the container app will actually be able to access that. XPC should be a solution, but then I have to put a lot more business logic in the Sys Ext. Specifically, the Sys Ext will need to keep track of what data has been sent to the Container App. Not a huge issue, but I was hoping to make my Sys Ext as dumb as possible. Longer term, I'd like to make the Sys Ext be interactive rather then just informative. In the language of the API that would mean an auth approach rather than a notify approach. Specifically, I want the user to be alerted when certain processes start and have the choice to block/allow those processes. This necessitates the Sys Ext somehow being able to alert the user. If the Container App isn't open then I guess I can send a local notification? Is that the only approach? Is there another way to handle this situation?