I've built a macOS app (in Xcode 12.5) with Finder extensions, and set all the components to share a common app group, with the name correctly formatted as CD......7C.com.orexresearch.EMPSecure.group . Up till now, it's been working fine for everything I've needed it to do, with app and extension both accessing common files.
But now I need to do file downloads for the FileProvider extension, and these are failing. I know part of the problem is to do with the App group -- in the main app, the download works if I initialise the Dropbox component without the app group identifier, but if I switch Dropbox to use the app group identifier, it fails repeatedly in both the main app and the extension:
error 21:36:44.487814+1100 EMPFileProvider BackgroundSession <7764EC70-AC7F-46F4-91DC-547FAA23249C> an error occurred on the xpc connection to setup the background session: Error Domain=NSCocoaErrorDomain Code=4097 UserInfo={NSDebugDescription=}
error 21:36:44.487893+1100 EMPFileProvider BackgroundSession <7764EC70-AC7F-46F4-91DC-547FAA23249C> connection to background transfer daemon interrupted
error 21:36:44.487935+1100 EMPFileProvider BackgroundSession <7764EC70-AC7F-46F4-91DC-547FAA23249C> connection to background transfer daemon invalidated
(A slight variation on the first message visible from the main app:
2022-01-15 21:25:11.726914+1100 EMPSecure[90774:2908614] BackgroundSession an error occurred on the xpc connection to setup the background session: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 0 named com.apple.nsurlsessiond" UserInfo={NSDebugDescription=connection to service on pid 0 named com.apple.nsurlsessiond} )
This appears to be lower-level than anything to do with the Dropbox toolkit, but it only occurs with the app group setting for Dropbox downloads. And in both components, the following errors are logged on startup:
default 19:56:47.424357+1100 taskgated-helper allowing entitlement(s) for com.orexresearch.EMPSecure.EMPFileProvider due to provisioning profile (isUPP: 0)
error 19:56:47.428323+1100 taskgated-helper com.orexresearch.EMPSecure.EMPFileProvider: Unsatisfied entitlements: com.apple.security.application-groups
error 19:56:47.428338+1100 taskgated-helper Disallowing: com.orexresearch.EMPSecure.EMPFileProvider
The odd thing is that the other functions I've been using the app group for -- access to common files in the group container's Library/Application Support folder -- appear to be being allowed just fine. Even though it says the entitlement is unsatisfied!
In both components, the "App Groups" section is visible on the "Signing & Capabilities" tab of the Xcode target in my app, the full group name CD......7C.com.orexresearch.EMPSecure.group is present, and the .entitlements file for the project has one item under "App Groups" set to the same value. There is also a "Keychain Sharing" group, CD......7C.com.orexresearch.EMPSecure.Shared, which seems to be working fine.
So what else do I need to do to address these errors?
(Note that as this is macOS; I've configured the app groups locally rather than through the website. If I go through the website, the "App Groups" entry under "Capabilities" is greyed out -- not just for me, but for the admin/account-holder of our team! Is this a sign of a bigger problem?)