this is on the container, it also has systemextension.install & networkextension entitlement following the FiltertingNetworkTraffic example
Sinon214
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for
Post
Replies
Boosts
Views
Activity
Hi, there is some updates, after I remove networkextension entitlement:
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>content-filter-provider-systemextension</string>
</array>
I got the application opened. But when I try to activate the network extension, I got this error message:
Failed to save configuration Duolingo English Test: Error Domain=NEConfigurationErrorDomain Code=10 "permission denied" UserInfo={NSLocalizedDescription=permission denied}
-[NEFilterManager saveToPreferencesWithCompletionHandler:]_block_invoke_3: failed to save the new configuration: Error Domain=NEFilterErrorDomain Code=5 "permission denied" UserInfo={NSLocalizedDescription=permission denied}
From this doc, I think I shouldn't exclude the networkextesion entitlement, but if I include it, it seems that it will be treated as a System Extension? Is there any workaround?
I‘ve embedded the provision profile and double checked the final app content.
And I am able to open the app if I either remove the JIT entitlements or the networkextension entitlements (of course both of them will have other issue)
I am now currently trying to move the networkextension out to a xpcservices, is this the right direction?
Unfortunately, using the XPCServices to invoke NEFilterManager method didn't work
Is this a macOS bug, you can check the error, it treat /Applications/APPName.app/Contents/MacOS/APPName as a system extension & require the entitlement to not to include any hardened runtime relaxation elements?
mac_vnode_check_signature: /Applications/APPName.app/Contents/MacOS/APPName: code signature validation failed fatally: When validating /Applications/APPName.app/Contents/MacOS/APPName:
Hardened Runtime relaxation entitlements disallowed on System Extensions
OK, I figured it out. com.apple.security.cs.allow-jitis OK to be kept. After I remove this entitlement, everything works
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>