Question about deleting existing VPN/SystemExtension from a different app bundle. (MacOS)

Question

nmik2020 OP

Created Sep ’20

Replies 2

Boosts 0

Participants 2

I have 2 different App Bundles :

Main App Bundle .
Uninstaller App Bundle.

The Uninstaller App Bundle is not inside the Main App bundle.

I am creating a packet tunneling system extension from the the Main App Bundle. Is there a way I could use NEVPNManager's loadAllFromPreferences to access the VPN created from the main app bundle and remove that VPN ?
I can think of using IPC to communicate from Uninstaller App Bundle to the main App Bundle to let the Main App Bundle know when to delete the VPN, but is there a way to do it directly from the Uninstaller App Bundle, so that in case the main process from the Main App bundle isn't running I could still remove the VPN ?

Also, embedded inside the Main App Bundle is another executable file which run as LaunchDaemon. Could I use the LaunchDaemon process to remove the VPN profile as well?

Answered by nmik2020 in 632157022

Thanks for clarifying this.

One more question. In the documentation it says the following :

Uninstall a System Extension
The system automatically uninstalls any system extensions when the user deletes the corresponding app. You can also uninstall a system extension by creating a deactivation request. Call the deactivationRequest(forExtensionWithIdentifier:queue:) method of OSSystemExtensionRequest and submit the resulting object to the OSSystemExtensionManager.

When I delete the app it doesn't automatically delete the corresponding System Extension/VPN. Is the documentation wrong or do I need to have done something else for the system extension to get deleted automatically?

I can also remove the VPN/SystemExtension by using NEVPNManager's removeFromPreferences. Is there a pro/con in using removeFromPreferences vs deactivationRequest ?

Boost

Answer 1

Systems Engineer OP

Apple

Sep ’20

Is there a way I could use NEVPNManager's loadAllFromPreferences to access the VPN created from the main app bundle and remove that VPN ?

If I am understanding this correctly; you want to try and access an existing VPN configuration, from outside the context of the container app that created it, for the purposes of uninstalling this VPN. If this is correct then the answer is no.

In the case where you are working with NETunnelProviderManager and have a a Network System Extension with a container app, a recommended workflow would look something like:

1) From the container app, call stopVPNTunnel.
2) As a result of (1), stop down anything that is required in the extension with stopTunnel(...).
3) Run through the OSSystemExtensionRequest.deactivationRequest(...) process in the container app.
4) Trigger any custom uninstaller flow from here.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 2

nmik2020 OP

Sep ’20

Accepted Answer

Thanks for clarifying this.

One more question. In the documentation it says the following :

Uninstall a System Extension
The system automatically uninstalls any system extensions when the user deletes the corresponding app. You can also uninstall a system extension by creating a deactivation request. Call the deactivationRequest(forExtensionWithIdentifier:queue:) method of OSSystemExtensionRequest and submit the resulting object to the OSSystemExtensionManager.

When I delete the app it doesn't automatically delete the corresponding System Extension/VPN. Is the documentation wrong or do I need to have done something else for the system extension to get deleted automatically?

I can also remove the VPN/SystemExtension by using NEVPNManager's removeFromPreferences. Is there a pro/con in using removeFromPreferences vs deactivationRequest ?

0