I've read the following and tried to implement the fix in the following by adding the entitlement to the ES system extension, but I'm still having trouble getting multiple secondary apps to communicate with the ES system extension via XPC. Communication between the host app and system extension work just fine.
https://developer.apple.com/forums/thread/129551
Does this need to be added to all apps that need access? That seems like overkill.
I've also seen reference to several forum posts regarding the use of NSEndpointSecurityMachServiceName in the ES system extensions Info.plist file. I have yet to use this as I'm relying on the whole <teamid>.com.<org>.<productname>.xpc dance for now. Could this be related to the problem?
There are other forum posts that reference the app group in the provisioning profile. Does anyone have any insight there? Or is that something specific to NE?
Specifically, I have an authorization plugin and a preference pane that I would like to have communicate directly with the ES system extension so that I don't have to introduce another layer of XPC complexity such that it all has to be marshaled through the host app.
This is all signed with a Developer ID, so I'm not worried about distribution on the AppStore.
Thanks in advance.
https://developer.apple.com/forums/thread/129551
Does this need to be added to all apps that need access? That seems like overkill.
I've also seen reference to several forum posts regarding the use of NSEndpointSecurityMachServiceName in the ES system extensions Info.plist file. I have yet to use this as I'm relying on the whole <teamid>.com.<org>.<productname>.xpc dance for now. Could this be related to the problem?
There are other forum posts that reference the app group in the provisioning profile. Does anyone have any insight there? Or is that something specific to NE?
Specifically, I have an authorization plugin and a preference pane that I would like to have communicate directly with the ES system extension so that I don't have to introduce another layer of XPC complexity such that it all has to be marshaled through the host app.
This is all signed with a Developer ID, so I'm not worried about distribution on the AppStore.
Thanks in advance.
If you mean com.apple.security.temporary-exception.mach-lookup.global-name, that’s only necessary for sandboxed app. By default the App Sandbox prevents the app from touching arbitrary services outside of its sandbox.Does this need to be added to all apps that need access?
Honestly, I think NSEndpointSecurityMachServiceName is the right answer here. It lets your ES sysex publish a global Mach service that any process on the system can connect to (unless blocked by the sandbox).
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"