User Profile

OK! I've opened TSI. let's go the other new journey, together!

Thank you for your advice. app name and system extension name has no Korean. (and I changed app, sysext name to .com..MyMyService / .com..MyMyService.MyMyExt) I changed certificate to my own. here is result. bepoop@bepoop-MacBook-Air Debug % codesign -d --requirement - MyMyService.app Executable=/Users/bepoop/Library/Developer/Xcode/DerivedData/MyMyService-extsmvczyriphqaigdiumsnsihyz/Build/Products/Debug/MyMyService.app/Contents/MacOS/MyMyService designated => identifier "<TEAMID>.com.<COMPANY>.MyMyService" and anchor apple generic and certificate leaf[subject.CN] = "Apple Development: HEESEUNG LEE (C7D7KYLN68)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ bepoop@bepoop-MacBook-Air Debug % codesign -d --requirement - MyMyService.app/Contents/Library/SystemExtensions/<TEAMID>.com.<COMPANY>.MyMyService.MyMyExt.systemextension Executable=/Users/bepoop/Library/Developer/Xcode/DerivedData/MyMyService-extsmvczyriphqaigdiumsnsihyz/Build/Products/Debug/MyMyService.app/Contents/Library/SystemExtensions/<TEAMID>.com.<COMPANY>.MyMyService.MyMyExt.systemextension/Contents/MacOS/<TEAMID>.com.<COMPANY>.MyMyService.MyMyExt designated => identifier "<TEAMID>.com.<COMPANY>.MyMyService.MyMyExt" and anchor apple generic and certificate leaf[subject.CN] = "Apple Development: HEESEUNG LEE (C7D7KYLN68)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ when I deactivate and re activate DNS Proxy at System Settings, same message appearing on console. NESMDNSProxySession[Primary Tunnel:<TEAMID>.com.<COMPANY>.MyMyService.MyMyExt:<GUID>:(null)]: Cannot create agent for plugin type <TEAMID>.com.<COMPANY>.MyMyService.MyMyExt, missing designated requirement NESMDNSProxySession[Primary Tunnel:<TEAMID>.com.<COMPANY>.MyMyService.MyMyExt:<GUID>:(null)]: Failed to create an NEAgent could you please give me more hints? Thanks!

Here is my result. codesign -d --requirement - MyMyService.app Executable=/Users/bepoop/Library/Developer/Xcode/DerivedData/MyMyService-extsmvczyriphqaigdiumsnsihyz/Build/Products/Debug/MyMyService.app/Contents/MacOS/MyMyService designated => identifier "------------.MyMyService" and anchor apple generic and certificate leaf[subject.CN] = 0x4170706c6520446576656c6f706d656e743a20ed95b4eca09520ec9db420284a42354256364e41524129 and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ codesign -d --requirement - MyMyService.app/Contents/Library/SystemExtensions/------------.MyMyService.MyMyExt.systemextension Executable=/Users/bepoop/Library/Developer/Xcode/DerivedData/MyMyService-extsmvczyriphqaigdiumsnsihyz/Build/Products/Debug/MyMyService.app/Contents/Library/SystemExtensions/------------.MyMyService.MyMyExt.systemextension/Contents/MacOS/------------.MyMyService.MyMyExt designated => identifier "------------.MyMyService.MyMyExt" and anchor apple generic and certificate leaf[subject.CN] = 0x4170706c6520446576656c6f706d656e743a20ed95b4eca09520ec9db420284a42354256364e41524129 and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ ps. designated => identifier "------------.MyMyService.MyMyExt" and ... is same with my bundle identifier Thanks!

...continued... [result of.. codesign -d --entitlements :- .../MyMyService.app] <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>MyMyService</string> <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider</string> <string>dns-proxy</string> <string>dns-settings</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.team-identifier</key> <string>TEAMID</string> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.device.usb</key> <true/> <key>com.apple.security.files.user-selected.read-only</key> <true/> <key>com.apple.security.get-task-allow</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> </dict> </plist> [result of.. codesign -d --entitlements :- .../MyMyService.app/Contents/Library/SystemExtensions/MyMyExt.systemextension] <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>MyMyService.MyMyExt</string> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider</string> <string>dns-proxy</string> <string>dns-settings</string> </array> <key>com.apple.developer.team-identifier</key> <string>TEAMID</string> <key>com.apple.developer.usernotifications.time-sensitive</key> <true/> <key>com.apple.security.get-task-allow</key> <true/> <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>keychain-access-groups</key> <array> <string>MyMyService</string> <string>MyMyService.MyMyExt</string> </array> </dict> </plist> [result of.. security cms -D -i MyMyService.app/Contents/embedded.provisionprofile] <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AppIDName</key> <string>MyMyService</string> <key>ApplicationIdentifierPrefix</key> <array> <string>TEAMID</string> </array> <key>CreationDate</key> <date>2024-01-31T07:46:49Z</date> <key>Platform</key> <array> <string>OSX</string> </array> <key>IsXcodeManaged</key> <true/> <key>DeveloperCertificates</key> <array> ... </array> <key>DER-Encoded-Profile</key> <data>...</data> <key>Entitlements</key> <dict> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> <string>relay</string> </array> <key>com.apple.application-identifier</key> <string>TEAMID.MyMyService</string> <key>keychain-access-groups</key> <array> <string>TEAMID.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>TEAMID</string> </dict> <key>ExpirationDate</key> <date>2025-01-30T07:46:49Z</date> <key>Name</key> <string>Mac Team Provisioning Profile: MyMyService</string> <key>ProvisionedDevices</key> <array> ... </array> <key>TeamIdentifier</key> <array> <string>TEAMID</string> </array> <key>TeamName</key> <string>TEAMNAME</string> <key>TimeToLive</key> <integer>365</integer> <key>UUID</key> <string>GUID</string> <key>Version</key> <integer>1</integer> </dict> </plist> [result of.. security cms -D -i MyMyService.app/Contents/embedded.provisionprofile] <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AppIDName</key> <string>APPID</string> <key>ApplicationIdentifierPrefix</key> <array> <string>TEAMID</string> </array> <key>CreationDate</key> <date>2024-02-01T04:52:04Z</date> <key>Platform</key> <array> <string>OSX</string> </array> <key>IsXcodeManaged</key> <true/> <key>DeveloperCertificates</key> <array> ... </array> <key>DER-Encoded-Profile</key> <data>...</data> <key>Entitlements</key> <dict> <key>com.apple.developer.usernotifications.time-sensitive</key> <true/> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> <string>relay</string> </array> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> <key>com.apple.application-identifier</key> <string>TEAMID.MyMyService.MyMyExt</string> <key>keychain-access-groups</key> <array> <string>TEAMID.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>TEAMID</string> <key>com.apple.developer.endpoint-security.client</key> <true/> </dict> <key>ExpirationDate</key> <date>2025-01-31T04:52:04Z</date> <key>Name</key> <string>Mac Team Provisioning Profile: MyMyService.MyMyExt</string> <key>ProvisionedDevices</key> <array> ... </array> <key>TeamIdentifier</key> <array> <string>TEAMID</string> </array> <key>TeamName</key> <string>TEAMNAME</string> <key>TimeToLive</key> <integer>365</integer> <key>UUID</key> <string>GUID</string> <key>Version</key> <integer>1</integer> </dict> </plist> i'm so sorry about my very long post.. Please let me know if you need any more information for advice. Thanks!

I designed project that.. one Container app one Sys ext ES features Content-filter DNS Proxy (with DNS Settings) I'll leave you detailed information just in case you're curious. I hope the information reaches you well. (some infomation is dummy, like AppName MyMYService) [basic information] systemextensionsctl developer mode ON SIP DISabled app & sysext running on dev-notebook [DNSProxyManager.swift] class DNSProxyManager: BaseManager { let manager = NEDNSProxyManager.shared() override func activate() -> Bool{ loadAndUpdatePreferences { [weak self] in let dnsProtocol = NEDNSProxyProviderProtocol() dnsProtocol.username = "" dnsProtocol.providerConfiguration = ["clientId": dohUrl] dnsProtocol.providerBundleIdentifier = providerIdentifier dnsProtocol.serverAddress = "127.0.0.1" self?.manager.localizedDescription = Bundle.main.infoDictionary?["CFBundleName"] as? String self?.manager.providerProtocol = dnsProtocol self?.manager.isEnabled = true } return self.manager.isEnabled } private func loadAndUpdatePreferences(_ completion: @escaping () -> Void) { manager.loadFromPreferences { [weak self] error in guard error == nil else { return } completion() self?.manager.saveToPreferences { (error) in guard error == nil else { return } } } } } [DNSSettingsManager.swift] class DNSSettingsManager { let manager = NEDNSSettingsManager.shared() ... } [main.swift] autoreleasepool { NEProvider.startSystemExtensionMode() DNSProxyManager.shared.activate() EndpointSecurity.Client.shared.activate() ... dispatchMain() }

OOPs... I didn't know that the document didn't include information about the difficulty and fun of the task.. :'-) I appreciate your interest. I'm using the System Extension Framework to implement the Endpoint Security Extension and Content Filter in the Network Extension, and it's working well. I'm trying to add DNS Proxy functionality, but I'm struggling because I'm very novice with Swift and macOS. Is there any help or hints available regarding "Cannot create agent for plugin type xxxxx.xxxxxx.MyMyService.MyMyExt, missing designated requirement?" Thanks!

The reason for the "Error Domain=NEAgentErrorDomain Code=2" error is likely due to the incorrect setting of the dnsProtocol.providerBundleIdentifier value. By changing the dnsProtocol.providerBundleIdentifier to the name of an extension that is presumed to be correct, the "NEAgentErrorDomain Code=2" log no longer occurs. However, logs related to "missing designated requirement" have started to appear in the console log. "NESMDNSProxySession[Primary Tunnel:xxxxx.xxxxxx.MyMyService.MyMyExt:{GUID}:(null)]: Cannot create agent for plugin type xxxxx.xxxxxx.MyMyService.MyMyExt, missing designated requirement" Should I check the entitlements or plist? I would appreciate your opinion. Thanks!