Hi Team: I first created a macOS app and added a target of the network extension of the system extension to the app. The function of my app is to enable the system extension and allow the network extension. The app only enables the network filter and does not perform other operations. After completion, it will execute [NSApp terminate:nil]; to exit. My network filter can run normally after the app exits, and I use rm -rf to delete the app from /Application, and the network filter can still run normally. This result is what I want, but I don’t know if it is reasonable to delete the app from /Application. My understanding is that the network filter I developed is registered with the system, so it is okay to delete it from /Application. Is this correct?
No, this is not a behavior I'd rely on. A few big issues I see:
-
We have not in fact documented that network extension are copied out of the app bundle and that the app bundle is not in fact required. The fact that this works today does NOT guarantee that it will work tomorrow.
-
I'm not sure that it DOES in fact work today. Deleting an app from /Application should remove it's app extensions and, I believe, doing so through the Finder WILL in fact disable it. If using "rm" is bypassing that process, then I'd consider that an oversight, not an intentional behavior you can rely on.
-
On the user experience side, you're removing the visible "sign" of what your product actually does, why it's there, a method to uninstall, etc. The MAJOR reason we require extension to be inside apps it to help make sure that "invisible" additions to the system are in fact visible.
__
Kevin Elliott
DTS Engineer, CoreOS/Hardware
