Found another bug. If you restart Mac after allow LNP, the LNP of APP will not working. I filed feedback: FB15118138 Local Network Privacy not working after restart Mac Here's test steps: Prepare two Mac, A is macOS 15 RC, B can be 14 or 15 Install Packet Sender on A & B, and launch it A send TCP packet to B, allow Local Network A send TCP packet to B again, B received TCP success A restart A launch Packet Sender, send TCP packet to B, A throw error: Could not connect, B not received packet PS. If A toggle LNP in system settings after restart, TCP works, but fail again if do another restart.

Updates for Newcomers using macOS 15 RC: LNP is now automatically removed after delete APP and restart Mac. However, this may not apply to items added from macOS 15 Beta. LNP of Apps built with Xcode are also automatically removed too, after clean build folder and restart Mac. Since LNP is user permission, it’s advisable to create a test account if you need to do some experiment. There’s no need to reinstall macOS.

I tested my app with macOS 15 RC. Something strange happened on one of our test devices after upgraded from Beta 8. In the system settings LNP list, it recognizes the app as two items. The UDP connection works fine, but the TCP connection fails for both inbound and outbound. I’m not sure what could be causing this. We have only tested with the same signed app recently. The problem is, currently there is no way to reset LNP without reinstalling the OS. Our app has special requirements, so we must test without a VM. Not being able to reset LNP is very troubling. Is there really no way to reset LNP? Should I file a TSI to ask more deeply? Thanks.

Thanks for detailed reply. The FAQ-2 behavior and FAQ-8 sample code are tested with macOS 15 beta 8. I filed two feedbacks, one is about reset permission, one is about behavior: FB14944392 Allow reset macOS Local Network Permission FB14976671 Local Network access unexpected behavior

Here is my test under macOS 15 beta 8. First, according to FAQ-17, NECP use LC_UUID to identify the program. https://forums.developer.apple.com/forums/thread/737416 In fact it is NO. I ran dwarfdump to make sure builds are different LC_UUID, but still can't bring up the privacy alert. Instead I have to change product name. Second, the sample code provided here is not working. Sending packet to localhost would not bring up the privacy alert. https://developer.apple.com/forums/thread/664775 Also, I found that FAQ-2 is incorrect too. https://developer.apple.com/forums/thread/663874 The operations that require local network access: Sending a UDP unicast — yes Sending a UDP broadcast — NO Receiving an incoming UDP unicast — no Receiving an incoming UDP broadcast — NO I wonder which is correct behavior. This is very confusing.

Sorry for late reply. I'm busy these days. The implementation is about saving SSH key passphrase into keychain, so it must save locally. SSH agent can save it using "ssh-add --apple-use-keychain", but it can't work on libssh bind, so I have to save/load passphrase without agent. Then it has issue when IT tool which need to renew all users SSH keys. Thanks to @Hoffman, I came up with an idea that set a global date flag. If app found SSH key is older than the global date when startup, it expires and renew. This method don't require IT tool to access other user keychain and work with data protection keychain. Perfect :-)

Thanks for the reply! The app is designed for macOS only, and the passwords won't be synced to iCloud. So I think file-based keychain is enough for now. But yes, in long term it could be a problem. Is it possible to access other user's data protection keychain using command-line tool like security?

Finally I found out why os_log is not working. Add code: #import <os/log.h> os_log_t log = os_log_create("com.example.preLoginAgent", "test"); os_log_debug(log, "test log: %{public}s"); Then in SSH terminal, you should run: log stream --predicate 'subsystem="com.example.preLoginAgent"' --level debug So what happened here: os_log is not logged in /var/log/system.log, that's why syslog -w won't work. os_log_debug(OS_LOG_DEFAULT, ...) log into default subsystem and it could be difficult to find it in sea of logs (or maybe use grep) use os_log_create to add subsystem for log predicate to found it by default, log stream won't show INFO & DEBUG, so add --level debug or use os_log_error by default, dynamic string will show as , add {public} if you would like to show it Thanks eskimo for the hint!

The mouse logger is designed as long-running process, so relaunch repeatedly is not an option. I prefer JWWalker's CGEventTapCreate == nil solution, tested it with a timer and worked. Althrough I was hoping there is a notification about this, but polling is fine. I will implement this method into my app. Thank you both for the response!

You don’t need ‘full’ accessibility access to listen for events. There’s a specific TCC service for that, namely ListenEvent. You can check where you have that privilege using CGPreflightListenEventAccess. @eskimo As written in my post, I have other feature which require kCGEventTapOptionDefault, so ‘full’ accessibility access is needed. I'm not sure whether access tcc.db is a good idea, it might stop working in the future. Is there an approach which use public API?