User Profile

Hi! I'm trying to move from CoreMedio I/O DAL Plug-In to CoreMedia I/O camera extensions, announced in macOS 12.3. I created a test extension, placed it inside my app bundle into Contents/Library/SystemExtensions and signed with codesigning certificate. But when I try to install my extension from inside my app, using this code (Swift): func requestActivation() { guard case .idle = status else { fatalError("Invalid state") } print("Requesting activation of extension \"\(extensionIdentifier)\"") let req = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: extensionIdentifier, queue: DispatchQueue.main) req.delegate = self OSSystemExtensionManager.shared.submitRequest(req) status = .requested } I'm getting an error: OSSystemExtensionErrorDomain error 8: Code Signature Invalid which is rather generic. Can anybody tell me what I am doing wrong? Or at least propose some steps to find it out? I'm posting here entitlements and codesign output for my extension and containing application for further information. kdg@admins-Mac-mini SystemExtensions % codesign -d --entitlements - ./com.visicom.VirtualCamera.avextension.systemextension Executable=/Applications/VirtualCamera.app/Contents/Library/SystemExtensions/com.visicom.VirtualCamera.avextension.systemextension/Contents/MacOS/com.visicom.VirtualCamera.avextension [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 6SUWV7QQBJ.com.visicom.VirtualCamera kdg@admins-Mac-mini /Applications % codesign -d --entitlements - ./VirtualCamera.app Executable=/Applications/VirtualCamera.app/Contents/MacOS/VirtualCamera [Dict] [Key] com.apple.developer.system-extension.install [Value] [Bool] true [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 6SUWV7QQBJ.com.visicom.VirtualCamera [Key] com.apple.security.files.user-selected.read-only [Value] [Bool] true kdg@admins-Mac-mini SystemExtensions % codesign -dvvv ./com.visicom.VirtualCamera.avextension.systemextension Executable=/Applications/VirtualCamera.app/Contents/Library/SystemExtensions/com.visicom.VirtualCamera.avextension.systemextension/Contents/MacOS/com.visicom.VirtualCamera.avextension Identifier=com.visicom.VirtualCamera.avextension Format=bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1553 flags=0x10700(hard,kill,expires,runtime) hashes=37+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=25bd80657bfd6e0ab95467146c7b532817e9e520 CandidateCDHashFull sha256=25bd80657bfd6e0ab95467146c7b532817e9e5209fd50b0cb7ceef40dcfb40e8 Hash choices=sha256 CMSDigest=25bd80657bfd6e0ab95467146c7b532817e9e5209fd50b0cb7ceef40dcfb40e8 CMSDigestType=2 CDHash=25bd80657bfd6e0ab95467146c7b532817e9e520 Signature size=9006 Authority=Developer ID Application: Visicom Media Inc. (6SUWV7QQBJ) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=7 Jul 2022, 21:49:32 Info.plist entries=23 TeamIdentifier=6SUWV7QQBJ Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=0 Internal requirements count=1 size=200 kdg@admins-Mac-mini /Applications % codesign -dvvv ./VirtualCamera.app Executable=/Applications/VirtualCamera.app/Contents/MacOS/VirtualCamera Identifier=com.visicom.VirtualCamera Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1989 flags=0x10700(hard,kill,expires,runtime) hashes=51+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=31e15fbbd436a67a20c5b58c597d8a4796a67720 CandidateCDHashFull sha256=31e15fbbd436a67a20c5b58c597d8a4796a6772020308fb69f4ee80b4e32788b Hash choices=sha256 CMSDigest=31e15fbbd436a67a20c5b58c597d8a4796a6772020308fb69f4ee80b4e32788b CMSDigestType=2 CDHash=31e15fbbd436a67a20c5b58c597d8a4796a67720 Signature size=9006 Authority=Developer ID Application: Visicom Media Inc. (6SUWV7QQBJ) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=7 Jul 2022, 21:58:09 Info.plist entries=20 TeamIdentifier=6SUWV7QQBJ Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=4 Internal requirements count=1 size=188 Thanks in advance!

Hi!I have a CoreMediaIO DAL Plug-in, and it often has to work in a sandboxed environment, since more and more containing applications are sandboxed nowadays: QuickTime, FaceTime, PhotoBooth, Safari WebProcess, etc. So since my plug-in is sandboxed, I decided to separate some functionality to an XPC service, as suggested by Apple:"In rare cases, your app might have a small piece of functionality that cannot be sandboxed. Rather than abandon App Sandbox altogether, you might relegate the ineligible code to an XPC service that is not sandboxed. It is easier to secure a smaller piece of code than a larger one, and in this way, the bulk of your app enjoys the benefits of App Sandbox."So I created XPC Service, placed it into my plug-in bundle, inside XPCServices folder, and signed service and entire bundle with codesign.Now the problem is that my XPC Service seems to be blocked by macOS and naturally no XPC connection is established between plug-in and service. Right when plug-in is loaded into app, the following message appears in console:16/08/18 11:27:22,747 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.QuickTime Player.4316) Path not allowed in target domain: type = pid, path = /Library/CoreMediaIO/Plug-Ins/DAL/MyVideoDeviceCMIO.plugin/Contents/XPCServices/MyVideoDeviceXPCService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/QuickTime Player.appThen, when I callxpc_connection_t conn = xpc_connection_create("com.MyCompany.VideoDevice.xpc", NULL);the following error appears:16/08/18 11:27:24,585 com.apple.appkit.xpc.openAndSavePanelService[4318] assertion failed: 15E65: libxpc.dylib + 78986 [2CC7CF36-66D4-301B-A6D8-EBAE7405B008]: 0x89Btw, if app is not sandboxed (e.g. Skype), my XPC Service works as expected, no errors appear in Console. It works even when plug-in bundle doesn't have code signature. The problem is only for sandboxed applications, i.e. apps that have .entitlements file embedded in code signature, with the following lines:<key>com.apple.security.app-sandbox</key><true/>So what am I doing wrong?