User Profile

I am working on a macOS app which is distributed outside of the App Store, but it is notarized. The app contains macOS agent wsmon. It is located at App.app/Contents/Resources/wsmon. It does not have GUI, but it is visible in the system bar. The agent requires to record the content of the screen and communicate with Safari using automation. The Info.plist of App.app contains: <key>NSAppleEventsUsageDescription</key> <string>...</string> <key>NSAppleScriptEnabled</key> <true/> The App.app and wsmon have same entitlements: $ codesign -d --entitlements :- App.app/Contents/Resources/wsmon <dict> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.app-sandbox</key> <false/> </dict> I run wsmon by the command: $ launchctl load /Library/LaunchAgents/com.domain.App.wsmon.plist $ launchctl list | grep wsmon 3050 0 com.domain.App.wsmon In a minute, would like to record computer's screen dialog opens. I run System Preferences and check wsmon to allow record screen. It is correct, but I expected to see App instead of wsmon, because wsmon is part of App.app. When wsmon communicate with Safari, wants access to control Safari dialog opens. I click OK and the agent successfully communicates with Safari. Then I open the System Preferences, Automation pane. Unfortunately wsmon is not there. I am not able to allow or disallow wsmon access Safari. If a user did not allow the access, he will not be able to change it. Only after I reset the decision by $ tccutil reset AppleEvents, the dialog opens again and I can click allow or don't allow button. I grad full access to Terminal, but TCC.db does not contain wsmon for kTCCServiceListenEvent, only for screen recording: $ sudo sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" "select service, client from access where client like '%wsmon%'" kTCCServiceScreenCapture|/Applications/App.app/Contents/Resources/wsmon Please clarify: Why client column of TCC.db contain the path to wsmon binary and not CFBundleIdentifier of App.app nor com.domain.App.wsmon? wsmon belongs to App.app and is not distributed separately. How to reset kTCCServiceScreenCapture for the agent using tccutil? tccutil reset AppleEvents com.domain.App.wsmon does not work. Why Automation pane and TCC.db do not contain the agent wsmon to allow/disallow?

Dear Apple team,I created an application App. When I ran it, it is shown in the Dock and opens the main window. That is a normal behavior.Then I created new target as a standalone app console-app and moved console-app into App.app/Contents/MacOS/ folder.When I run 'App.app/Contents/MacOS/console-app' in the Terminal, my standalone app is shown in the Dock and most probably it uses Info.plist from App's bundle. That is not what I expect. It must start as simple console application.Could you please provide me the guide of how to add a standalone (console) application to existing App.Regards,Valery.

Dear Apple team,I am developing an agent and a daemon on MacOS 10.13.6. They are placed inside App.app which is signed. After the installation of my product, I noted the logs in the console:"Application Stub AppleEvents: received mach msg which wasn't complex type as expected in getMemoryReference.Application Stub OSErr AERemoveEventHandler(AEEventClass, AEEventID, AEEventHandlerUPP, Boolean)(spec,phac handler=0x7fff505a1a98 isSys=YES) err=0/noErrlaunchservicesd CHECKIN:0x0-0x80080 3291 com.domain.Appamfid /Applications/App.app/Contents/Resources/agent signature not valid: -67050amfid /Applications/App.app/Contents/Resources/daemon signature not valid: -67050agent start: 1557471773 66344launchservicesd CHECKIN:0x0-0x85085 3340 com.domain.Appdaemon start: 1557471775 13374agent LSExceptions shared instance invalidated for timeout.App LSExceptions shared instance invalidated for timeout.agent AppleEvents: received mach msg which wasn't complex type as expected in getMemoryReference.agent AppleEvents: received mach msg which wasn't complex type as expected in getMemoryReference...."I signed App.app and installation package App.pkg, but the agent and the daemon are not (do not know how to do it).Could you please explain logs. Should I worry about "CHECKIN" and "signature not valid" logs? Will my software be started on the latest version of MacOS?Regards,Valery.