User Profile

Hi all, According to the reference link, Packaging a Daemon with a Provisioning Profile - https://developer.apple.com/forums/thread/129596 I changed our launchd daemon to run as an .app. When generating a Provisioning Profile, I added our Development computer (including UUID) into 'Devices'. But when I ran .app/Contents/MacOS/FamRTServicebig on our macOS Big Sur test environment, this error occurred: embedded provisioning profile not valid: file:///Library/Application%20Support/test/bin/FamRTServicebig.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." UserInfo={NSLocalizedDescription=Provisioning profile does not allow this device.} Questions: Could you let me know how to resolve this error? Is it necessary to install the Provisioning profile in the test device as well? Thanks in advance for your help.

Hi all, We have received our Endpoint Security Client entitlement for our application from Apple. However, upon applying and integrating to our endpoint app, we encountered the following error during execution in Big Sur beta: Test Environment: macOS Big Sur 11.0.1 Beta (SIP->ON) System Log Error: ASP: Security policy would not allow process: 1199, /Library/Application Support/test/bin/FamRTServicebig /Library/Application Support/test/bin/FamRTServicebig signature not valid: -67050 Application (FamRTServicebig) Entitlements Config: Executable=/Library/Application Support/test/bin/FamRTServicebig <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.security.app-sandbox</key> <false/> <key>com.apple.security.application-groups</key> <array> <string>realtime.scan</string> </array> <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <array> <string>/</string> </array> <key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key> <array> <string>/</string> </array> </dict> </plist> FamRTServicebig codesign options: codesign --force --options runtime --deep --sign <cert> --entitlement /Path/FamRTService.entitlements /Path/FamRTServicebig Questions: By the way, when SIP is disabled, the program can run normally. We have signed all our binaries with the same teamid. What are the possible reasons which may have caused this problem? Thanks in advance for your help.

Hi all, I'm trying to add a Finder Sync (FinderSync) extension (appex) to our macos application. I wanted to provide custom contextual menu items that perform file and folder management tasks. However, extension installation errors occur in some systems: error 13:56:21.324867+0900 pkd [d ] [u 23575956-D35A-4548-8C72-207FC055E72F] [()] rejecting; Ignoring mis-configured plugin at [/Library/Application Support/test/bin/ScanExtension.app/Contents/PlugIns/ScanExtensionScan.appex]: plug-ins outside containing apps must be protected by SIP. error 13:56:22.468347+0900 pkd [d ] [u 23575956-D35A-4548-8C72-207FC055E72F] [()] rejecting; Ignoring mis-configured plugin at [/Library/Application Support/test/bin/ScanExtension.app/Contents/PlugIns/ScanExtensionScan.appex]: plug-ins outside containing apps must be protected by SIP. error 14:02:56.228344+0900 pkd [d ] [u 23575956-D35A-4548-8C72-207FC055E72F] [()] rejecting; Ignoring mis-configured plugin at [/Library/Application Support/test/bin/ScanExtension.app/Contents/PlugIns/ScanExtensionScan.appex]: plug-ins outside containing apps must be protected by SIP. This error does not happen 100% of the time. Sometimes, I can successfully add extensions to some of our systems. In the environment where the installation fails, I have tried adding our ScanExtensionScan.appex to [Security & Privacy Preferences/Privacy/Full Disk Access] to check if this is an app permission problem and I was able to install the extension successfully. Below are the information about our extension: ScanExtensionScan.entitlements fbtest@fbtestnoMac-mini build_debug % codesign -d --entitlements :- /Library/Application\ Support/test/bin/ScanExtension.app/Contents/PlugIns/ScanExtensionScan.appex Executable=/Library/Application Support/test/bin/ScanExtension.app/Contents/PlugIns/ScanExtensionScan.appex/Contents/MacOS/ScanExtensionScan <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>co.jp.fuva-brain.scanextension</string> </array> <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <array> <string>/</string> </array> <key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key> <array> <string>/</string> </array> </dict> </plist> Codesigning our plugin with the cert: codesign --sign <cert> --entitlements ScanExtensionScan.entitlements --force /Library/Application\ Support/test/bin/ScanExtension.app/Contents/PlugIns/ScanExtensionScan.appex Questions: What are the possible reasons why we can install our app extension on some environments and fail on others, sometimes on the same environment? How do we guarantee 100% success on adding and activating extensions without adding it to Full Disk Access? Thanks in advance for your help.