macOS Sonoma 14 RC - Full Disk Access for app bundle is disabled after reboot (kTCCServiceSystemPolicyAllFiles)

Hi guys, has anyone seen this issue? When installing an application, which requires Full Disk Access (kTCCServiceSystemPolicyAllFiles), user enables this feature, but after reboot, OS automatically turns it off.

Filed feedback in case it's a new issue.

Any idea how to fix it? Any workaround to keep Full Disk Access enabled? Thanks.

Filed feedback in case it's a new issue.

What was that bug number?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Feedback number is FB13191404. I see that there might be someone else reporting this.

pruzinat wrote:

FB13194377

Thanks.

Two things:

  • You replied in the comments, which means I didn’t see it )-: It’s best to reply as a reply. See tip 5 in Quinn’s Top Ten DevForums Tips.

  • Your bug didn’t include a sysdiagnose log. It’s hard to investigate issues like this without a sysdiagnose log taken on the affected machine. Ideally it’d be taken shortly after reproducing the issue. See Bug Reporting > Profiles and Logs for more about this.


Robert_Developer wrote:

Feedback number is FB13191404.

Thanks.

I see that there might be someone else reporting this.

I think that’s Feedback Assistant being overly optimistic )-: It’s likely that you bug and pruzinat’s bug will end up being dup’d, but that hasn’t happened yet.

Also, I don’t see a sysdiagnose log attached to your bug either )-: See my comments above.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello,

Any update regarding this ? I am running into this issue too.

Issue:

      Full Disk Access setting for a Network/System Extension  is getting cleared after a reboot on MacOS Sonoma.
      Issue does not occur with every reboot.
      Not sure if it gets cleared before/during/after the reboot yet.
      Including some relevant logs.

<BEFORE/DURING REBOOT> error 2023-10-27 16:45:19.897037 -0700 tccd codeRequirementFromStaticCode:0x13f60a890 SecStaticCodeCheckValidity() fails: -67061 error 2023-10-27 16:45:19.898763 -0700 tccd Failed to post com.apple.tcc.access.changed notification (9) default 2023-10-27 16:45:19.900235 -0700 launchd exited due to SIGKILL | sent by tccd[164] during system shutdown default 2023-10-27 16:45:19.900243 -0700 launchd internal event: EXITED, code = 0

<STARTINGUP/AFTER REBOOT> error 2023-10-27 16:45:56.160784 -0700 runningboardd memorystatus_control error: MEMORYSTATUS_CMD_CONVERT_MEMLIMIT_MB(-1) returned -1 22 (Invalid argument)

error 2023-10-27 16:45:56.394864 -0700 cfprefsd Couldn't open parent path due to [2: No such file or directory] fault 2023-10-27 16:45:56.406378 -0700 mDNSResponderHelper Couldn't read values in CFPrefsPlistSource<0x156e07600> (Domain: com.apple.security, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No): accessing these preferences requires user-preference-read or file-read-data sandbox access

error 2023-10-27 16:45:56.440578 -0700 kernel System Policy: dirhelper(252) deny(1) file-write-unlink /private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/42B44A5C-6F69-441A-B4AF-F249709618EF

There are some errors from endpointsecurityd error 2023-10-27 16:45:57.590703 -0700 endpointsecurityd File was empty: /Library/SystemExtensions/EndpointSecurity/.started_es_jobs.plist fault 2023-10-27 16:45:58.372379 -0700 endpointsecurityd Rejected invalid Extension Point com.apple.AppleMediaServicesUI.EngagementViewExtension targeting DEPRECATED NSExtension infrastructure!

error 2023-10-27 16:45:59.482270 -0700 trustd Connection 1: received failure notification error 2023-10-27 16:45:59.482284 -0700 trustd Connection 1: failed to connect 1:50, reason -1 error 2023-10-27 16:45:59.482285 -0700 trustd Connection 1: encountered error(1:50) error 2023-10-27 16:45:59.482537 -0700 trustd Task <20F8D91C-D278-4001-A127-FD168B888BB6>.<1> HTTP load failed, 0/0 bytes (error code: -1009 [1:50]) ..... [self.extensionContext conformsToProtocol:auxHostProtocol.protocol] - /AppleInternal/Library/BuildRoots/11aa8fb2-5f4b-11ee-bc7f-926038f30c31/Library/Caches/com.apple.xbs/Sources/ExtensionFoundation/ExtensionFoundation/Source/NSExtension/NSExtensionSupport/EXExtensionContextImplementation.m:283: Class NEFilterPacketExtensionProviderContext does not conform to aux host protocol: <private> ......

error 2023-10-27 16:46:02.717195 -0700 VTDecoderXPCService send_message_with_reply_sync(): XPC_ERROR_CONNECTION_INVALID for message 0x600002db0180 error 2023-10-27 16:46:02.717195 -0700 VTDecoderXPCService TCCAccessRequest_block_invoke: Connection invalid

Regards, Vikram.S.Warraich

Regarding my previous comment...

Issue was observed on MacOS 14.1 . Issue occurs when FullDiskAccess is provided via the SystemPreferences->Privacy&Security->FullDiskAccess setting. AFAIK, Issue does not occur when FullDiskAccess is provided via MDM. The Full Disk Setting items in SystemPrefs get unchecked/disabled automagically after some reboots when the issue occurs.

Thanks.

There is at least one real issue here (FB13084552). We think we understand what’s going on but, as per usual, I can’t talk about schedules. I can confirm that there’s no fix in the current macOS 14.2b1 seed (23C5030f).

It’s hard to say whether this is the only issue in play here. This stuff is quite subtle |-:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo ,

Thanks for your reply.

If it helps, I was able to observe the issue yesterday without requiring to REBOOT. The relevant FullDiskAccess Item for SystemExtension in SystemPreferences got unchecked while being logged in after after 4-5 hours. This is on 14.2 Beta 23C5030f.

Also, I don't have access to FB13084552 . Could you please share any information about its relevancy to the issue I described ?

Regards, Vikram.S.Warraich

Also, I don't have access to FB13084552.

Sorry about that. I usually escape FB number to prevent them turning into a link [1]. I’ve edited my post to fix that.

Could you please share any information about its relevancy to the issue I described ?

FB13084552 is the bug that FB13194377, mentioned above, got dup’d to.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] See Bug Reporting: How and Why? for more on that.

@eskimo ,

What is the best way to view the description of FB13084552 or FB13194377. When I try to look either of them up in the FeedbackAssistant, there are no search results. I might not have access to view them possibly ?

What is the best way to view the description of FB13084552 or FB13194377.

There’s no way to view the description of bugs filed by other developers. Did you follow the Bug Reporting: How and Why? link in my previous post? It explains the rules of the road here.

However, FB13194377 was created by someone on this thread, pruzinat, and they might be willing to share.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo , I was able to repro the issue yesterday and inspect the logs. Sharing the possible ways below.

1). One way that It occurs for me is if I modify the system time to a future date via SystemPreferences and reboot. Issue occurs on next login. 2). Another way it occurred was if I set the FDA setting in System Preferences and then quit the tccd process owned by the logged-in user, and rebooted. 3). There are other possibilities too as my colleague can repro it without having to run steps 1 or 2.

Attaching some relevant Log snippets from around when the issue occurs.

Please confirm if If above repro steps are known issues and covered by FB13084552 or FB13194377 ? Else, I can create a ticket for those scenarios.

Regards.

Please confirm if If above repro steps are known issues and covered by FB13084552 or FB13194377?

I’m sorry but I just don’t have the bandwidth for that here on DevForums. I encourage you to file your own bugs about the issues you see.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks @eskimo .

Created FB13342978.

@eskimo , Is there a way to request raising the priority of this issue ? There hasn't been any movement on the ticket FB13342978 yet. We are getting more reports of our customers running into this issue.

I just had a look at the state of the bugs mentioned on this thread and it seems that we’ve shipped a fix for this via FB13084552. In that bug the originator confirmed the fix in macOS 14.2b3.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

macOS Sonoma 14 RC - Full Disk Access for app bundle is disabled after reboot (kTCCServiceSystemPolicyAllFiles)
 
 
Q