launch network extension and EndpointSecurity extension from launchDaemon?

Once installed, an EndpointSecurity system extensions will automatically start at boot.

A NetworkExtension (NE) system extension is started by the usual NE mechanisms, which vary by the type of NE provider you’re using.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Eskimo, thanks for the reply.

I'm using NEFilterDataProvider.

I've noticed that the extension won't start unless either the host app is in /Applications/ or 'developer' mode is 'on' in 'systemextensionctl'.

Is there a way to get around this and launch from a launchDaemon installed at /Library/LaunchDaemons ?

Best Regards,

Rob

On macOS, NetworkExtension filter providers are implemented as system extensions. System extensions must be packaged in an app, and the app must be located in

/Applications

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

thank you for confirming this.

I'm eager to see an answer to this question https://forums.developer.apple.com/thread/124034

Its been up for some time without any reply.

Best Regards,

rob

Do you have System Integrity Protection (SIP) turned off?

I had to turn this off for my endpoint development. Now I am waiting for an entitlement from Apple, so I can turn SIP back on and test my code on other people's computer.

Todd

Also verify that your application is signed with the entitlements embedded.

$ codesign -dvvv --entitlements :- netsq_endpoint_agent
...
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Dec 29, 2019 at 9:35:56 AM
Info.plist=not bound
...
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>com.apple.developer.endpoint-security.client</key>
  <true/>
  <key>com.apple.security.get-task-allow</key>
  <true/>
  <key>com.apple.security.temporary-exception.mach-register.global-name</key>
  <array>
  <string>com.netsq.netsq_endpoint_agent</string>
  </array>
</dict>
</plist>

(Oops. It is good to do this anyways. I see an unnecessary entitlement I need to remove)

I'm eager to see an answer to this question

I’m going to recommend that you start a new thread for this; there’s been a lot of water under the bridge since then.

Also, put it here in Core OS > System Extensions because I don’t monitor the beta areas.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks, have done so. Please see https://forums.developer.apple.com/message/403291#403291

thanks for the help, I've tried this. See https://forums.developer.apple.com/message/403291#403291

Useful thing to know if anyone find this - after turning off sid protection 'crsutil disable' in recovery mode, you should use 'systemextensionsctl developer on' to allow the system extension to install from the build directory instead of /Applications.

I've also found that using 'systemextensionsctl reset' before using 'systemextensionsctl uninstall' can lead to an odd state where when you install a network extension with the same name it may not work correctly, the NSXPconnection will fail to connect.

also strangly enough, after using systemextensionsctl unistall, the extension will say something like, 'uninstalled will remove on reboot' but I wont actually but removed on reboot. It will eventually disappear from the list after some undetermined number of reboots. Its very odd behaviour and again can effect extensions with the same name.

The best thing to do is to use 'systemextensionsctl developer on' and never explicitly uninstall the extension, just rebuild and run to 'upgrade'