Quinn, I'll add my request: FB10320938 Cheers

Nevermind, it's been a long day. NSEndpointSecurityMachServiceName is supposed to go in the SYSEX's Info.plist file, not as an entitlement. 🙄

Honestly, I think NSEndpointSecurityMachServiceName is the right answer here. It lets your ES sysex publish a global Mach service that any process on the system can connect to (unless blocked by the sandbox). Is the value for NSEndpointSecurityMachServiceName allowed to be any arbitrary string or does it still need to conform to <teamid>.<bundleID>.xpc? Testing shows that the following don't work when trying to make a connection between the sysex and the host app: <bundleID> <bundleID>.xpc <teamid>.<bundleID> On 10.15.6 (19G2021) and 11.0 Beta (20A5354i), man EndpointSecurity doesn't indicate that it has to be of a certain format, only that a default mach service name will be used: NSEndpointSecurityMachServiceName Type: String If set, this string will be the name of the MachService which can be used for XPC between the ES extension and its app. If ES extension is combined with a Network Extension, set the NEMachServi- ceName key in the Info.plist. If not set, a default mach service (name: <teamID>.<bundleID>.xpc) will be provided but its usage is deprecated. I'm curious, for the record :) Thanks in advance.

I've seen the same issue created feedback for it.

Yes, seeing the same problem here: error 09:29:29.624377-0700 kernel Library Validation failed: Rejecting '/private/tmp/com.apple.installerbBJCPsLO/***.bundle/Contents/MacOS/*' (Team ID: ********, platform: no) for process 'InstallerRemoteP(1890)' (Team ID: none, platform: yes), reason: mapping process is a platform binary, but mapped file is not

This is what I was afraid of 😐For the record, FB7673690 has been filed for the bug and makes a suggestion to revisit SFAuthorizationView so that a consumer of the API can provide prompt text during the setup of the view.