Failed to run the app using openApplicationAtURL()

Hi,
I am new to objective-c. I tried to run an app as part of my launchd application using openApplicationAtURL() API but I failed. I did R &D also but I haven't found any example

I have an app NetopsFilter.app and If I run this app with '--uninstallFilter' argument then it will deactivate the network extension. I tried from terminal and it is successfully deactivating the extension after entering the credentials in the popup.

App path: /Applications/NetopsFilter.app
argument: --uninstallFilter

I tried as below but failed. Please help me to fix this. How can I pass arguments, necessary configuration settings to the API.
Code Block
  NSWorkspace *workspace = [NSWorkspace sharedWorkspace];
  NSURL *url = [NSURL fileURLWithPath:[workspace fullPathForApplication:@"/Applications/NetopsFilter.app/Contents/MacOS/NetopsFilter"]];
 NSArray *arguments = [NSArray arrayWithObjects:@"--uninstallFilter", nil];
   [workspace openApplicationAtURL:url configuration:(NSWorkspaceOpenConfiguration *)arguments nil];


Thanks
What type of Network System Extension are working with here, and can you describe the workflow you are wanting to achieve here so I can better assist?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
I am working with content filter network extension. Whenever my app receives "--uninstallFilter" argument internally we have functionality to deactivate the extension. So I want to run "/Applications/NetopsFilter.app/Contents/MacOS/NetopsFilter --uninstallFilter" as part my application to deactivate the extension. I am trying to use openApplicationAtURL() API to invoke the app with "--uninstallFilter" argument. But I haven't found much information on this usage to pass arguments & configuration to run the app using openApplicationAtURL().
Please help me to run the app like "/Applications/NetopsFilter.app/Contents/MacOS/NetopsFilter --uninstallFilter" from my objective-c application.

launchd application

launchd jobs are never applications; you have the choice of a launchd daemon, that runs globally, or a launchd agent, that runs in some specific user context. See Technote 2083 Daemons and Agents fro more about this.

If you have a launchd daemon than you can’t reliably sublaunch GUI apps from it. That’s because the daemon is running in a global context and apps need to run it a specific GUI login context. Again, TN2083 has all the details.

Reading through your message it sounds like you’re trying to use SystemExtensions framework to programmatically uninstall your sysex. This is not going to work. See this post for an explanation as to why.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Thanks for reply. My application is managing with launchd daemon and I am trying to deactivate the network extension as part of my application.

If you have a launchd daemon than you can’t reliably sublaunch GUI apps from it. That’s because the daemon is running in a global context and apps need to run it a specific GUI login context. 

Is there any other way to deactivate/uninstall the network extension if SIP is enabled? I haven't found any other way to deactivate/uninstall network extension without using GUI?

Is there any other way remove the my NetopsFilter app using Finder.app (from terminal or as part of script) so that it automatically uninstalls the extension? This is like removing app manually from Finder.

One more doubt, If I manage my environment with MDM tool, Is it possible with launchd daemon to deactivate the network extension?

Thanks.


Let’s be clear about terms here:
  • When I say application (or app for short) I mean a GUI app that user’s run from the Finder. I never use this in the generic sense, that is, a program that’s run to perform some user-desired function.

  • When I say _launchd daemon_, I mean a background process run by launchd in the global context based on a property list in /Library/LaunchDaemons.

With that in mind, I want to reiterate a point I made earlier: The SystemExtension framework is intended to be used by applications to install and remove system extensions based on user actions. Any use outside of that space is unsupported and may not behave reliably.

Is there any other way to deactivate/uninstall the network extension
if SIP is enabled?

No. This breaks down as follows:
  • In a unmanaged environment we expect the user to do this either from your app or by removing the app in the Finder.

  • In a managed environment there’s a reasonable path for install but not for uninstall (r. 67923914).

Is there any other way remove the my NetopsFilter app using Finder.app
… so that it automatically uninstalls the extension? This is like
removing app manually from Finder.

It’s possible that scripting the Finder using AppleScript may trigger the same behaviour as you see in the UI. I’ve not explored that option.

One more doubt, If I manage my environment with MDM tool, Is it
possible with launchd daemon to deactivate the network extension?

No. See my comments above regarding managed environments.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

In a managed environment there’s a reasonable path for install but not for uninstall

It seems that we’ve made some progress on this front in macOS 12. Specifically, there’s now a RemovableSystemExtensions property where the site admin can list sysexes that can be removed without user consent. For more details, see the discussion on that page.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Failed to run the app using openApplicationAtURL()
 
 
Q