Is it possible to add EndpointSecurity to a Privileged Helper Tool?

I have been in the process of porting a helper tool from communicating with a Kext for kauth to using EndpointSecurity directly. All was going well until I re-enabled SIP at which point I discovered a provisioning profile would be required.

As the helper tool is a plain executable this isn't possible but having read some forum posts regarding launchd daemons & Endpoint security I attempted to package the helper tool as an .app wrapper. This isn't working so far (SMJobBless fails), so I'm beginning to think this isn't going to work...

Any idea if this is achievable? Or am I going to have to re-work the ES logic in to a separate System Extension?

Thanks,
Adam

First up, see Packaging a Daemon with a Provisio….

This technique is incompatible with SMJobBless because that routine will only accept standalone executables.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Is it possible to add EndpointSecurity to a Privileged Helper Tool?
 
 
Q