NEDNSProxyProvider sandbox violation system-privilege 10006

Hi All, I have a NEDNSProxyProvider System Extension and my logs are full of sandbox violations, all like:

error	2021-09-21 10:42:30.557390 -0400	sandboxd	com.apple.sandbox.reporting	violation	System Policy: com.myCompany.mac(640) deny(1) system-privilege 10006
Violation:       deny(1) system-privilege 10006
Process:         com.myCompany.mac [640]
Path:            /Library/SystemExtensions/4375ED6E-69A9-4897-8B39-4252AD9843AD/com.myCompany.macos.netext.dnsproxy.systemextension/Contents/MacOS/com.myCompany.macos.netext.dnsproxy
Load Address:    0x1028a8000
Identifier:      com.myCompany.macos.netext.dnsproxy
Version:         78 (2.0.0)
Code Type:       arm64 (Native)
Parent Process:  launchd [1]
Responsible:     /Library/SystemExtensions/4375ED6E-69A9-4897-8B39-4252AD9843AD/com.myCompany.macos.netext.dnsproxy.systemextension/Contents/MacOS/com.myCompany.macos.netext.dnsproxy
User ID:         0

Date/Time:       2021-09-21 10:42:30.522 EDT
OS Version:      macOS 11.6 (20G165)
Report Version:  8

MetaData: {"uid":0,"summary":"deny(1) system-privilege 10006","errno":1,"hardware":"J293","operation":"system-privilege","apple-internal":false,"pid":640,"platform-binary":false,"primary-filter":"privilege-id","privilege-id":"PRIV_NET_PRIVILEGED_NECP_MATCH","process":"com.myCompany.mac","profile-flags":0,"target":"PRIV_NET_PRIVILEGED_NECP_MATCH","build":"macOS 11.6 (20G165)","flags":5,"team-id":"7NM7G573E4","platform-policy":true,"profile":"platform","responsible-process-path":"\/Library\/SystemExtensions\/4375ED6E-69A9-4897-8B39-4252AD9843AD\/com.myCompany.macos.netext.dnsproxy.systemextension\/Contents\/MacOS\/com.myCompany.macos.netext.dnsproxy","signing-id":"com.myCompany.macos.netext.dnsproxy","platform_binary":"no","action":"deny","process-path":"\/Library\/SystemExtensions\/4375ED6E-69A9-4897-8B39-4252AD9843AD\/com.myCompany.macos.netext.dnsproxy.systemextension\/Contents\/MacOS\/com.myCompany.macos.netext.dnsproxy","normalized_target":["PRIV_NET_PRIVILEGED_NECP_MATCH"],"primary-filter-value":"PRIV_NET_PRIVILEGED_NECP_MATCH"}

Thread 0 (id: 5185):
0   libsystem_kernel.dylib        	0x0000000195f13eac __sigsuspend_nocancel + 8
1   libdispatch.dylib             	0x0000000195dab518 _dispatch_sigsuspend + 48
2   libdispatch.dylib             	0x0000000195dab4e8 _dispatch_sigsuspend + 0

Thread 1 (id: 32979):
0   libsystem_kernel.dylib        	0x0000000195f0ea8c __workq_kernreturn + 8
1   libsystem_pthread.dylib       	0x0000000195f438e8 _pthread_wqthread + 352
2   libsystem_pthread.dylib       	0x0000000195f425d4 start_wqthread + 8

Thread 2 (id: 33109):
0   libsystem_kernel.dylib        	0x0000000195f1111c socket + 8
1   libnetwork.dylib              	0x0000000199d74658 nw_interface_create_with_index_and_name + 220
2   libnetwork.dylib              	0x0000000199d73c7c nw_interface_create_with_index + 180
3   NetworkExtension              	0x00000001a310de10 -[NEAppProxyFlow initWithNEFlow:queue:] + 432
4   NetworkExtension              	0x00000001a310fc70 -[NEAppProxyUDPFlow initWithNEFlow:queue:] + 48
5   NetworkExtension              	0x00000001a31425b8 -[NEExtensionAppProxyProviderContext flowDivertNewFlow:completionHandler:] + 556
6   NetworkExtension              	0x00000001a31419f8 __88-[NEExtensionAppProxyProviderContext setInitialFlowDivertControlSocket:extraValidation:]_block_invoke.106 + 72
7   NetworkExtension              	0x00000001a3172404 __flow_startup_block_invoke.116 + 156
8   libdispatch.dylib             	0x0000000195d96128 _dispatch_call_block_and_release + 32
9   libdispatch.dylib             	0x0000000195d97ec0 _dispatch_client_callout + 20
10  libdispatch.dylib             	0x0000000195d9f6a8 _dispatch_lane_serial_drain + 620
11  libdispatch.dylib             	0x0000000195da02a4 _dispatch_lane_invoke + 404
12  libdispatch.dylib             	0x0000000195daab74 _dispatch_workloop_worker_thread + 764
13  libsystem_pthread.dylib       	0x0000000195f4389c _pthread_wqthread + 276
14  libsystem_pthread.dylib       	0x0000000195f425d4 start_wqthread + 8

Thread 3 (id: 33293):
0   libsystem_kernel.dylib        	0x0000000195f0ea8c __workq_kernreturn + 8
1   libsystem_pthread.dylib       	0x0000000195f438e8 _pthread_wqthread + 352
2   libsystem_pthread.dylib       	0x0000000195f425d4 start_wqthread + 8

Thread 4 (id: 33296):
0                                 	0x0000000000000000

Binary Images:
       0x195d94000 -        0x195dd8807  libdispatch.dylib (1271.120.2) <4edd5f72-2296-3891-b2a1-6741db6c05c9> /usr/lib/system/libdispatch.dylib
       0x195f0c000 -        0x195f3ffff  libsystem_kernel.dylib (7195.141.6) <fa7e835c-cb30-3d98-9331-30ce6584423d> /usr/lib/system/libsystem_kernel.dylib
       0x195f40000 -        0x195f4cfff  libsystem_pthread.dylib (454.120.2) <bdc1c5da-9499-3580-9588-2928de2440dd> /usr/lib/system/libsystem_pthread.dylib
       0x199ba7000 -        0x19a2ef4ff  libnetwork.dylib (2288.140.7) <992e11c6-a4c3-344f-80f9-d49fc41f9ebb> /usr/lib/libnetwork.dylib
       0x1a3104000 -        0x1a335a1b3  com.apple.NetworkExtension (1.0 - 1) <66650680-34df-30c9-a215-46589cf2aa0e> /System/Library/Frameworks/NetworkExtension.framework/Versions/A/NetworkExtension

and related

error	2021-09-21 10:42:41.145014 -0400	kernel		<Missing Description>	System Policy: com.myCompany.mac(640) deny(1) system-privilege 10006

OS: macOS 11.6, sysext built with Xcode 12.5.1

• The proxy works as expected.
• I've found a very similar post: here but the System extension is a NETransparentProxyManager and the solution is related to something we don't have (includeAllNetworks)

Any clue?