"Error Domain=NEAgentErrorDomain Code=2" appears..

Question

Created Jan ’24

Replies 7

Boosts 0

Participants 2

I am a novice Swift developer. Referring to the Apple developer documentation and various blogs, I have written example code for DNS Proxy in Network Extension.

I inherited NEDNSProxyProvider to create a DNSProxyProvider class in the Extension. Using NEDNSProxyManager and NEDNSSettingsManager, I created a simple app that calls saveToPreferences(...) after loadFromPreferences(...).

When saveToPreferences(...) is called, I can confirm that the "DNS Proxy" item is added to the "System Preferences" in the "Enabled" state. However, upon further inspection using console logs, it seems that the init() constructor and startProxy(...) function of DNSProxyProvider are not being called.

Additionally, upon checking the console logs: NESMDNSProxySession[Primary Tunnel:MyMyService:{GUID}:(null)] in state NESMVPNSessionStateStarting: plugin NEDNSProxyPlugin(xxxxx.xxxxxx.MyMyService[inactive]) started with PID 0 error Error Domain=NEAgentErrorDomain Code=2 "(null)"

These logs are present. Could they be related to the issue?

I tried to refer to the link below that seems like a similar issue, but I couldn't find a clear solution or hint.

I earnestly seek your assistance. Thank you.

Boost

Answer 1

b3p00p OP

Jan ’24

I changed dnsProtocol.providerBundleIdentifier correctly. Since then, the console logs have been partially changed.

The Domain= NEAGentErrorDomainCode=2 error was no longer present, however,

"NESMDNSProxySession [Default Tunnel:xxxx.xxxx.MyMyService.MyMyExt:{GUID:(null)]: Plug-in Type xxxxx.xxxx.MyMyService.MyMyExt, Missing specified requirements"

An error is occurring.

Should I check out entitlements or plists? Please tell me which point I should check.

0

Answer 2

b3p00p OP

Jan ’24

The reason for the "Error Domain=NEAgentErrorDomain Code=2" error is likely due to the incorrect setting of the dnsProtocol.providerBundleIdentifier value. By changing the dnsProtocol.providerBundleIdentifier to the name of an extension that is presumed to be correct, the "NEAgentErrorDomain Code=2" log no longer occurs.

However, logs related to "missing designated requirement" have started to appear in the console log. "NESMDNSProxySession[Primary Tunnel:xxxxx.xxxxxx.MyMyService.MyMyExt:{GUID}:(null)]: Cannot create agent for plugin type xxxxx.xxxxxx.MyMyService.MyMyExt, missing designated requirement"

Should I check the entitlements or plist? I would appreciate your opinion.

Thanks!

0

Answer 3

DTS Engineer OP

Apple

Jan ’24

I am a novice Swift developer.

Well, you’ve certainly picked a ~~difficult~~ fun project to start with (-:

On macOS, DNS proxy providers must be packaged as a system extension [1]. So, did you use System Extensions framework to install your sysex?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] See TN3134 Network Extension provider deployment for the full story here.

0

Answer 4

b3p00p OP

Jan ’24

OOPs... I didn't know that ~~the document didn't include information about the difficulty and~~ fun of the task.. :'-)

I appreciate your interest.

I'm using the System Extension Framework to implement the Endpoint Security Extension and Content Filter in the Network Extension, and it's working well.

I'm trying to add DNS Proxy functionality, but I'm struggling because I'm very novice with Swift and macOS.

Is there any help or hints available regarding "Cannot create agent for plugin type xxxxx.xxxxxx.MyMyService.MyMyExt, missing designated requirement?"

Thanks!

0

Answer 5

DTS Engineer OP

Apple

Feb ’24

Are you using two separate sysexes? Or have you placed both your ES and NE code in the same sysex?

Note that both of these are valid options, I’m just trying to understand the lay of the land.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 6

b3p00p OP

Feb ’24

I designed project that..

one Container app
one Sys ext
- ES features
- Content-filter
- DNS Proxy (with DNS Settings)

I'll leave you detailed information just in case you're curious.

I hope the information reaches you well. (some infomation is dummy, like AppName MyMYService)

[basic information]

systemextensionsctl developer mode ON
SIP DISabled
app & sysext running on dev-notebook

[DNSProxyManager.swift]

class DNSProxyManager: BaseManager {
    let manager = NEDNSProxyManager.shared()

    override func activate() -> Bool{
        loadAndUpdatePreferences { [weak self] in
            let dnsProtocol = NEDNSProxyProviderProtocol()
            dnsProtocol.username = ""
            dnsProtocol.providerConfiguration = ["clientId": dohUrl]
            dnsProtocol.providerBundleIdentifier = providerIdentifier
            dnsProtocol.serverAddress = "127.0.0.1"
            
            self?.manager.localizedDescription = Bundle.main.infoDictionary?["CFBundleName"] as? String
            self?.manager.providerProtocol = dnsProtocol
            self?.manager.isEnabled = true
        }
        
        return self.manager.isEnabled
    }

    private func loadAndUpdatePreferences(_ completion: @escaping () -> Void) {
        manager.loadFromPreferences { [weak self] error in
            guard error == nil else { return }

            completion()
            
            self?.manager.saveToPreferences { (error) in
                guard error == nil else { return }
            }
        }
    }
}

[DNSSettingsManager.swift]

class DNSSettingsManager {
    let manager = NEDNSSettingsManager.shared()

	...
}

[main.swift]

autoreleasepool {
    NEProvider.startSystemExtensionMode()
    DNSProxyManager.shared.activate()
    EndpointSecurity.Client.shared.activate()

	...
    
    dispatchMain()
}

0

Answer 7

b3p00p OP

Feb ’24

...continued...

[result of.. codesign -d --entitlements :- .../MyMyService.app]

	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>com.apple.application-identifier</key>
			<string>MyMyService</string>
		<key>com.apple.developer.networking.networkextension</key>
		<array>
			<string>content-filter-provider</string>
			<string>dns-proxy</string>
			<string>dns-settings</string>
		</array>
		<key>com.apple.developer.system-extension.install</key>
			<true/>
		<key>com.apple.developer.team-identifier</key>
			<string>TEAMID</string>
		<key>com.apple.security.app-sandbox</key>
			<true/>
		<key>com.apple.security.device.usb</key>
			<true/>
		<key>com.apple.security.files.user-selected.read-only</key>
			<true/>
		<key>com.apple.security.get-task-allow</key>
			<true/>
		<key>com.apple.security.network.client</key>
			<true/>
		<key>com.apple.security.network.server</key>
			<true/>
	</dict>
	</plist>

[result of.. codesign -d --entitlements :- .../MyMyService.app/Contents/Library/SystemExtensions/MyMyExt.systemextension]

	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>com.apple.application-identifier</key>
			<string>MyMyService.MyMyExt</string>
		<key>com.apple.developer.endpoint-security.client</key>
			<true/>
		<key>com.apple.developer.networking.networkextension</key>
			<array>
				<string>content-filter-provider</string>
				<string>dns-proxy</string>
				<string>dns-settings</string>
			</array>
		<key>com.apple.developer.team-identifier</key>
			<string>TEAMID</string>
		<key>com.apple.developer.usernotifications.time-sensitive</key>
			<true/>
		<key>com.apple.security.get-task-allow</key>
			<true/>
		<key>com.apple.security.network.client</key>
			<true/>
		<key>com.apple.security.network.server</key>
			<true/>
		<key>keychain-access-groups</key>
		<array>
			<string>MyMyService</string>
			<string>MyMyService.MyMyExt</string>
		</array>
	</dict>
	</plist>

[result of.. security cms -D -i MyMyService.app/Contents/embedded.provisionprofile]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>AppIDName</key>
	<string>MyMyService</string>
	<key>ApplicationIdentifierPrefix</key>
	<array>
	<string>TEAMID</string>
	</array>
	<key>CreationDate</key>
	<date>2024-01-31T07:46:49Z</date>
	<key>Platform</key>
	<array>
		<string>OSX</string>
	</array>
	<key>IsXcodeManaged</key>
	<true/>
	<key>DeveloperCertificates</key>
	<array>
		...
	</array>

	<key>DER-Encoded-Profile</key>
	<data>...</data>
										
	<key>Entitlements</key>
	<dict>
				<key>com.apple.developer.system-extension.install</key>
		<true/>	
				<key>com.apple.developer.networking.networkextension</key>
		<array>
				<string>app-proxy-provider</string>
				<string>content-filter-provider</string>
				<string>packet-tunnel-provider</string>
				<string>dns-proxy</string>
				<string>dns-settings</string>
				<string>relay</string>
		</array>
				<key>com.apple.application-identifier</key>
		<string>TEAMID.MyMyService</string>
				<key>keychain-access-groups</key>
		<array>
				<string>TEAMID.*</string>
		</array>
				<key>com.apple.developer.team-identifier</key>
		<string>TEAMID</string>
	</dict>
	<key>ExpirationDate</key>
	<date>2025-01-30T07:46:49Z</date>
	<key>Name</key>
	<string>Mac Team Provisioning Profile: MyMyService</string>
	<key>ProvisionedDevices</key>
	<array>
		...
	</array>
	<key>TeamIdentifier</key>
	<array>
		<string>TEAMID</string>
	</array>
	<key>TeamName</key>
	<string>TEAMNAME</string>
	<key>TimeToLive</key>
	<integer>365</integer>
	<key>UUID</key>
	<string>GUID</string>
	<key>Version</key>
	<integer>1</integer>
</dict>
</plist>

[result of.. security cms -D -i MyMyService.app/Contents/embedded.provisionprofile]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>AppIDName</key>
	<string>APPID</string>
	<key>ApplicationIdentifierPrefix</key>
	<array>
	<string>TEAMID</string>
	</array>
	<key>CreationDate</key>
	<date>2024-02-01T04:52:04Z</date>
	<key>Platform</key>
	<array>
		<string>OSX</string>
	</array>
	<key>IsXcodeManaged</key>
	<true/>
	<key>DeveloperCertificates</key>
	<array>
		...		
	</array>

	<key>DER-Encoded-Profile</key>
	<data>...</data>
																
	<key>Entitlements</key>
	<dict>
				
				<key>com.apple.developer.usernotifications.time-sensitive</key>
		<true/>
				
				<key>com.apple.developer.system-extension.install</key>
		<true/>
				
				<key>com.apple.developer.networking.networkextension</key>
		<array>
				<string>app-proxy-provider</string>
				<string>content-filter-provider</string>
				<string>packet-tunnel-provider</string>
				<string>dns-proxy</string>
				<string>dns-settings</string>
				<string>relay</string>
		</array>
				
				<key>com.apple.developer.networking.vpn.api</key>
		<array>
				<string>allow-vpn</string>
		</array>
				
				<key>com.apple.application-identifier</key>
		<string>TEAMID.MyMyService.MyMyExt</string>
				
				<key>keychain-access-groups</key>
		<array>
				<string>TEAMID.*</string>
		</array>
				
				<key>com.apple.developer.team-identifier</key>
		<string>TEAMID</string>
				
				<key>com.apple.developer.endpoint-security.client</key>
		<true/>

	</dict>
	<key>ExpirationDate</key>
	<date>2025-01-31T04:52:04Z</date>
	<key>Name</key>
	<string>Mac Team Provisioning Profile: MyMyService.MyMyExt</string>
	<key>ProvisionedDevices</key>
	<array>
		...
	</array>
	<key>TeamIdentifier</key>
	<array>
		<string>TEAMID</string>
	</array>
	<key>TeamName</key>
	<string>TEAMNAME</string>
	<key>TimeToLive</key>
	<integer>365</integer>
	<key>UUID</key>
	<string>GUID</string>
	<key>Version</key>
	<integer>1</integer>
</dict>
</plist>

i'm so sorry about my very long post..

Please let me know if you need any more information for advice.

Thanks!

0