Communication between system extension and the app

Question

Created Nov ’22

Replies 3

Boosts 1

Views 1.2k

Participants 2

I have a working NEPacketTunnelProvider app extension macOS app on the App Store. The company wants to explore the possibility of switching to system extension, so that we can distribute the app outside of the appstore too.

I managed to do the switch and the extension works. But the communication is broken. DistributedNotificationCenter stopped working for me after switching to system extension, events are not received and I don't see any errors so I cannot say what's wrong.

I tried to adopt XPC from this Filtering Network Traffic Apple's sample, but I get sandbox error - domain code 4099, failed at lookup with error 159 - Sandbox restriction.

I get the same error if I try to run the sample with my company team id. I do these changes:

NEMachServiceName to $(TeamIdentifierPrefix)com.mycompanyname.macos.dev
App Groups to $(TeamIdentifierPrefix)com.mycompanyname.macos.dev
Bundle ids to com.mycompanyname.macos.dev and com.mycompanyname.macos.dev.tunnelprovider

com.mycompanyname.macos.dev has capabilities - App Groups, Network Extensions, System Extensions com.mycompanyname.macos.dev.tunnelprovider - Network Extensions, System Extensions

Could you help me find the reason why DistributedNotificationCenter could stop receiving notifications?

Or are you able to run Apple's sample? What changes do you make to run it under your team? Because it looks like my changes are wrong

Either DistributedNotificationCenter or XPC would solve my problem

Answered by DTS Engineer in 736504022

After enabling App Groups for the extension identifier, and disabling sandbox, XPC started to work

Cool.

Do you have a guess on where the problem is for the sandbox?

My best guess is this:

NEMachServiceName to $(TeamIdentifierPrefix)com.mycompanyname.macos.dev

App Groups to $(TeamIdentifierPrefix)com.mycompanyname.macos.dev

The service name should be an immediate ‘child’ of the App Group. For example, if your app group is TTT.com.app.group then your service name should be TTT.com.app.group.name.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Nov ’22

But the communication is broken. DistributedNotificationCenter stopped working for me after switching to system extension

Right. Notifications sent by your app won’t be received by your sysex. The other way around should work through.

Still, distributed notifications are not, IMO, a substitute for a proper IPC mechanism.

I get sandbox error - domain code 4099, failed at lookup with error 159 - Sandbox restriction.

This is being returned to the app, right? If so, try disabling App Sandbox on the app. Does that help?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

Iwan_ua OP

Nov ’22

After enabling App Groups for the extension identifier, and disabling sandbox, XPC started to work

Sandbox prevented the app registering with the provider running in the system extension. This code fails in the app with Sandbox enabled: newConnection.remoteObjectProxyWithErrorHandler { error }

Do you have a guess on where the problem is for the sandbox?

I don't need these anymore, bu maybe the info would help:

I had a working app that used App Extensions, after switching to System Extension distributed notifications sent by the extension stopped being received by the app Shared User Defaults also stopped working, but I see in the docs that they can work only between app <-> app extension, and app <-> app, not system extensions.

0

Answer 3

DTS Engineer OP

Apple

Nov ’22

Accepted Answer

After enabling App Groups for the extension identifier, and disabling sandbox, XPC started to work

Cool.

Do you have a guess on where the problem is for the sandbox?

My best guess is this:

NEMachServiceName to $(TeamIdentifierPrefix)com.mycompanyname.macos.dev

App Groups to $(TeamIdentifierPrefix)com.mycompanyname.macos.dev

The service name should be an immediate ‘child’ of the App Group. For example, if your app group is TTT.com.app.group then your service name should be TTT.com.app.group.name.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0