Communicating to endpoint security extension over XPC

Question

Created Jul ’22

Replies 1

Boosts 0

Views 1.1k

Participants 1

I am having troubles communicating with my endpoint security system extension without setting com.apple.security.temporary-exception.mach-lookup.global-name

The system is a MacBook Pro with M1 Pro running Ventura beta 22A5295i.

The endpoint security is installed by a regular app, and it is running fine.

Because we do not have the endpoint entitlement yet, SIP has been turned off and amfi_get_out_of_my_way set to 1.

The endpoint security agent has NSEndpointSecurityMachServiceName set to the service name - (Team).bundle-ID.xpc

All the apps are part of the same app group.

I created a third app (with the same app group) to communicate with the endpoint agent over XPC, but it fails unless I do one of the following:

Disable its sandbox
Add com.apple.security.temporary-exception.mach-lookup.global-name

Will this problem go away once we have the endpoint entitlement?

Or am I doing something else wrong?

Thanks

Boost

Answer 1

Todd_at_Ennetix OP

Jul ’22

Follow up: I've found two additional ways to allow the third app to connect to the endpoint system extension over XPC:

Add the "System Extension" capability/entitlement to the app (even though this doesn't install a System Extension, it just received data from it); note, this changes the Signing Certificate from "Development" to "Apple Development: (my development identity info)"
Change Signing Certificate to "Sign to Run Locally"

If I do either of those, I can remove the temporary entitlement com.apple.security.temporary-exception.mach-lookup.global-name entitlement

(I look forward to getting the endpoint security entitlement to see what issues go away and which ones remain (and to enable security on my laptop again))

Thanks

0