How to authorize LaunchDaemons

SMAppService can install a daemon; start with daemon(plistName:) method.

how do I get user authorizes the LaunchDaemon

When you call SMAppService.register(), the system will request that the user authorise the installation of your daemon.

The one thing to watch out for here is sandboxing. If your app is sandboxed, your daemon must be sandboxed also.

This typically isn’t a problem because most folks interested in daemons are working outside of the Mac App Store, and thus can freely turn off the App Sandbox. However, if you’ve decided that you want to sandbox your main app then it is possible to set up your daemon to be sandboxed. Lemme know if that’s the case here and I can help you set that up.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I tried both ways In a sandboxed app and daemon and once without sandboxing. In both cases I did not receive request for the authorisation on calling SMAppService.register(), I am getting error -

"Unable to register Error Domain=SMAppServiceErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedFailureReason=Operation not permitted}"

meanwhile I tried calling -

 SMAppService.openSystemSettingsLoginItems()

It opens system settings where I manually added my app in

Allow in the background

post that I was able to Launch daemon successfully.

But for user it might be little tedious and confusing as Login items and Extensions setting page consist Login items, Allow in the background and Extentions, then user need to add app manually, quit application and launch again.

Why SMAppService.register() is not popping the request for user authorisation I sandboxed both App and daemon.

I tried both ways In a sandboxed app and daemon and once without sandboxing.

I’m not sure I understand what you’re saying here. There are four combinations, and here’s what I’d expect for each one:

app            daemon         expected
---            ------         --------
non-sandboxed  non-sandboxed  OK
non-sandboxed  sandboxed      OK
sandboxed      non-sandboxed  NG
sandboxed      sandboxed      OK

Does that gel with the results you’re seeing?

Do you eventually expect to deploy your app sandboxed?

Regardless, I recommend that you do your initial bring up with both the app and the daemon non-sandboxed. That case should just work. Once you get it working, you can deal with the complications associated with sandboxing.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I tried both the app and the daemon non-sandboxed. I am getting the error -

"Unable to register Error Domain=SMAppServiceErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedFailureReason=Operation not permitted}"

only way it works is manually adding app to

Allow in the background

in Login items and Extensions setting page

I can register now successfully. but daemon is not launching referred this(https://developer.apple.com/forums/thread/721737?answerId=739716022#739716022) example

launchctl list | grep com.example.myplist.demon
fg: no job control in this shell

launchctl start com.example.myplist.demon

is not launching the helper

I'm also seeing sandboxed daemons behaving weirdly.

When calling

do {
    try SMAppService.daemon(plistName: "com.example.daemon").register()
} catch let error {
    [...]
}

the dialog in the right top corner saying Background Items Added and "Example App" added items that can run in the background for all users Do you want to allow this? appears.

Despite that, the register() method throws the

SMAppServiceDomain Code=1

error, which is operation not permitted.

Right after in the catch block, querying the .status of the daemon, I receive a value of 2, which corresponds to .requiresApproval.

I think this is a bug here, as the daemon's registration is successful, but the method still throws.