Post

Replies

Boosts

Views

Activity

Reply to SMAppService.daemon as root
That is the idea I am working with so far: var authRef: AuthorizationRef? let status = AuthorizationCreate(nil, nil, [], &authRef) if status != errAuthorizationSuccess { return false } let rightName = kSMRightBlessPrivilegedHelper return rightName.withCString { cStringName -> Bool in var authItem = AuthorizationItem( name: cStringName, valueLength: 0, value: nil, flags: 0 ) return withUnsafeMutablePointer(to: &authItem) { authItemPointer -> Bool in var authRights = AuthorizationRights(count: 1, items: authItemPointer) let authFlags: AuthorizationFlags = [.interactionAllowed, .preAuthorize, .extendRights] let status = AuthorizationCopyRights(authRef!, &authRights, nil, authFlags, nil) if status == errAuthorizationSuccess { // Place to execute your authorized action: var cfError: Unmanaged<CFError>? if !SMJobBless(kSMDomainSystemLaunchd, "myApp.agent" as CFString, authRef!, &cfError) { print("SMJobBless error: \(String(describing: cfError))") return false } return true } return false } } But 'SMJobBless' was deprecated in macOS 13.0: Please use SMAppService instead.
May ’24
Reply to SMAppService.daemon as root
Thanks for such a swift answer. Off topic, you are a forum here and you have helped more than once with your answers in my career. You are my hero.🏅 Thank you 🙏 Hmm, sorry for not such a brief question, let me provide more context. I am developing a vpn app, not sandboxed, which needs a system daemon(grpc with socket) to be running. I have managed to include the daemon in the app, now thinking of the best approach to Bless and Authorize the non sandboxed daemon. I need to run the daemon as root, it does not need to be shut down when app quits. Super good idea to spawn daemon via Sockets as that is what I am listening to on grpc. The documentation regarding daemon - it feels like it is super scarce. There is the introduction of SMAppService and deprecation of SMJobBless. SMAppService too fresh to find proper samples, while SMJobBless quite old to find something. What would be the best approach for a (non sandboxed) vpn app + daemon to be signed outside of the App Store?
May ’24