As of MacOS 13 beta 2 (22A5286j), es_new_client() fails with ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED despite having Full Disk Access granted.
(The same code works correctly on Monterey and earlier OS versions.)
Is this a known regression? Have the API or prerequisites changed? I could find no germane mention in the Ventura release notes.
thanks,
-ben
Mine is working fine on an M1 Mini. I did have to turn Full Disk Access back on after the last install after updating, but other than that, it's working as expected.
I know that doesn't help you a lot, but it doesn't seem to be a regression.
Are you able to debug a fresh build? When I attempt to do so (build & run from Xcode), the system throws an alert “App containing System Extension to be activated must be in /Applications folder” when attempting to activate the extension. Obviously that would be expected in a production build, but this happens in debug when building with development provisioning on Ventura; the same does not occur on Monterey, where the development build will load and activate from its build location.
My recourse in the interim has been to drag the build product into /Applications, launch manually, and then attach the debugger.
Despite this, even after allowing the extension in the “Privacy & Security” panel of System Settings, and ensuring that both entries are enabled under Full Disk Access (yes, there are two, identically named; one with the app icon, and one with a lego brick extension icon), the call to es_new_client() still fails.
Perhaps I have something wrong with the debug workflow on my Ventura machine, but even so, the current production version of the app (built months ago) does not activate under Ventura either.
When I attempt to do so (build & run from Xcode), the system throws an alert “App containing System Extension to be activated must be in /Applications folder” when attempting to activate the extension. Obviously that would be expected in a production build, but this happens in debug when building with development provisioning on Ventura; the same does not occur on Monterey, where the development build will load and activate from its build location My recourse in the interim has been to drag the build product into /Applications, launch manually, and then attach the debugger.
You'll need Developer Mode on to build, run, and test a System Extension from Xcode in any directory. I would keep adding the bundle to the /Applications directory as this is what your users will do.
Regarding:
Despite this, even after allowing the extension in the “Privacy & Security” panel of System Settings, and ensuring that both entries are enabled under Full Disk Access (yes, there are two, identically named; one with the app icon, and one with a lego brick extension icon), the call to es_new_client() still fails.
If you have the entitlement configured correctly, and you can test this from the /Applications directory on a fresh machine, and this still fails then I would open a bug report with a sysdiagnose.
Thanks Matt for reminding me about Developer Mode; that indeed was the impediment to debugging locally. (It's been over a year since I've had occasion to work on this extension, and was doing so on another machine, so I'd forgotten all about that necessity.) Having done so, the call succeeds and ES seems to work.
Something remains amiss in that our current production version does not work properly under Ventura, but it's been difficult to triage the source of the problem because I unfortunately do not have debug symbols for the deployed build. (I've also observed some anomalous behaviours of System Settings; e.g. it will sometimes put up an empty alert after authorizing the extension.) If I'm able to narrow any of this down I may return with further questions.
Thanks Matt for reminding me about Developer Mode; that indeed was the impediment to debugging locally. (It's been over a year since I've had occasion to work on this extension, and was doing so on another machine, so I'd forgotten all about that necessity.) Having done so, the call succeeds and ES seems to work.
No problem at all, glad that's working.
Regarding:
(I've also observed some anomalous behaviours of System Settings; e.g. it will sometimes put up an empty alert after authorizing the extension.)
If you continue to see odd behaviors like this please open a bug report with screen shots and a sysdiagnose.