Not solved, accidentally clicked..
Hello, here's a brief outline of the architecture in use.
[daemon app] running as root with Full Disk Access enabled.
> is linked against PyHelper.framework located in /Library/Frameworks
> calls PythonHelper() (passes python byte code)
[PythonHelper() function]
> loads PyExec.framework via dlopen() also located in /Library/Frameworks
PyExec.framework has a customized version of Python located in Version/Current/Frameworks/Python.framework> gets PythonExec() function via dlsym() which finally causes the embedded Python framework to execute the byte code
> file deletions at this level fails!
No new process is created! Frameworks and calling daemon app have the same code signing and team ID. This architecture works on 10.15 but breaks on Big Sur. I've tried even with SIP disabled which does not result in a different outcome.
Post
Replies
Boosts
Views
Activity
Hello, we also used the kTCCServiceSystemPolicyAllFiles key in the TCC.db "access" table to verify if the user has been granted full disk access privileges for our extension using ES client. Now in beta 10 or extension is listed under key kTCCServiceEndpointSecurityClient. Does this also now signal that Full Disk Access has been granted?
Frank Fenn
Sophos Inc.
FB11689760
FB11708361
Feedback: FB11746617
We are seeing the same problem, only 1 of our 2 launch daemons is being started. One item is missing from the Background Application list in system settings and for the rest it's saying: It's from an unknown developer even with our correct production signing.