Uninstallation of System Extension always requires password?

Hello, our application can not be uninstalled by dragging it into trash, so we have a script that uninstalls it. But either systemextensionsctl and the OSSystemExtensionRequest.deactivationRequest api require this to be run as a user and triggers a dialog for user to enter his password. This is unfortunate, as it will mean the user will have to enter password twice during unregistration flow (once to remove system extension, once for our script to gain root to remove everything else). Is it possible to somehow work around this? Eg. add some entitlement to the app that sends the deactivation request for it to be able to remove it without a dialog in case it is already being run as root?

The standard response is probably "file an enhancement request". The problem is that so many app developers never bother writing uninstallers at all. Dragging the app to the trash is the uninstaller.


I suggest you add a launchd task that monitors the app itself. When it detects the app has been moved to the trash, have it remove the rest. You can install this as a privileged helper so it shouldn't have to ask for root again. I'm not sure what happens in the system uninstall flow. I checked it a while back but I don't remember. Can the user cancel the uninstall of the system extension after dragging to the trash? Double check that.

Uninstallation of System Extension always requires password?
 
 
Q