Hi,
I am actually working on Endpoint Security system extension. I follow the documentation and I embedded the extension on a macOS App that install it. I wonder if it was possible to install this extension without the macOS application. With a launchd agent/daemon or something else? I don't find any documentation about it, so I don't even know if it is possible.
Thanks, Johan
I wonder if it was possible to install this extension without the macOS application. With a
launchd… daemon … ?
Yes. Using Endpoint Security from a daemon is a supported option. There are some caveats though:
In order for the ES entitlement to work, you must place your daemon in an app-like package. See Packaging a Daemon with a Provisioning Profile.
There are some facilities that only work for a sysex. See WWDC 2020 Session 10159 Build an Endpoint Security app for more about this.
Oh, and you should watch that talk regardless; it’s chock full of hints and tips, directly from the ES engineering team.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Hi,
Thanks a lot for your answer. But what did you mean by "an app-like-package", I don't really understand. I create a new Xcode project with the macOS App template, I remove all the file as you mentioned then I create a new file in the target to contain my extension (a C file). I added the ES entitlement and all the library needed to use the ES API. The project can be build and run but I got this error :
2021-06-25 11:24:08.438374+0200 ESDeamon[15713:718214] Failed to open service: -536870174
2021-06-25 11:24:08.441585+0200 ESDeamon[15713:718214] Failed to create new ES client: 4
The debug section shows me that the result of the es_new_client function return an error whereas I test with the notify-demo.c taken from the WWDC2020 example of build an Endpoint Security App.
I guess I am missing something but I don't really know what. Can you explain to me the step to create an ES deamon that can manage Notify Events.
Johan
But what did you mean by "an app-like-package"
The on-disk file system structure that I described in Packaging a Daemon with a Provisioning Profile.
2021-06-25 11:24:08.441585+0200 ESDeamon[15713:718214] Failed to create new ES client: 4
Is that your logging? Is the 4 an error result from es_new_client? If so, that’d be ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED. The doc comment in <EndpointSecurity/ESTypes.h> says:
The caller is not permitted to connect. They lack Transparency, Consent, and Control (TCC) approval form the user.
ES clients must be granted Full Disk Access in System Preferences > Security & Privacy > Privacy.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"