Post not yet marked as solved
The folder doesn't appear to be SIP protected / restricted. But when I run
sudo touch /Library/SystemExtensions/testing123
It fails. Clearly there's a protection I'm unaware of but can't figure it out. If it's not SIP, not TCC (FDA), then what could it be? This is not for an app, I'm just trying to understand macOS and this is a gap in my understanding.
Post not yet marked as solved
I was under the impression that a security endpoint required a system extension, but that does not appear to be the case. Apparently daemons can create endpoint extensions without needed a system extension.
Why would I use an endpoint in a system extension rather than a daemon, or vice versa? I'm not understanding the value of a system extension with regards to a security endpoint. Someone please enlighten me.
Post not yet marked as solved
I noticed when I create multiple clients in my swift endpoint project, everything is great. But when I call the below in my C/C++ project
es\_new\_client
More than once I get the following result
ES\_NEW\_CLIENT\_RESULT\_ERR\_TOO\_MANY\_CLIENTS
How do I control the max number of clients for a specific project?
Post not yet marked as solved
I'm trying to learn system extensions through fiddling. One thing I'm trying to do is take the existing SimpleFirewall code project and make it endpoint security. The problem is when I remove "Network Extensions" array from the extension entitlement file & add "com.apple.developer.endpoint" to the same entitlement file, I get the following error from sysextd.
"System extension does not appear to belong to any extension categories"
How do I tell the OS that this is an endpoint sysext? I've changed the plist and entitlement files of both app and extension to look like the endpoint example.