3 Replies
      Latest reply on Mar 23, 2020 5:26 AM by gun19
      pmdj Level 1 Level 1 (0 points)

        I'm trying to get to grips with the new System Extensions mechanism, as it looks like I'll need to port some of the kexts I help maintain to this new tech, at least once it reaches sufficient feature parity. I can't really start filing ERs until I've given it a try though. So I've been putting together a demo app with a system extension but have now run into a roadblock.

         

        Basically, my activation request is failing with OSSystemExtensionErrorExtensionNotFound and I don't understand why or how to fix it.

         

        I created a new Cocoa App Xcode project, then added an "App Proxy" type network extension target to the project. Xcode automatically set it up to be embedded in the .app bundle at Contents/Library/SystemExtensions/ - I ultimately need to use the Endpoint Security API, but there's no Xcode integration for that yet, it seems.

         

        I've got SIP disabled (so it shouldn't be an issue of missing entitlements in the signing cert), and the extension and app are both signed with a Mac Developer cert. I've added com.apple.developer.system-extension.install to the App's .entitlements.

         

        In the App, I have:

         

                OSSystemExtensionRequest* request =
                    [OSSystemExtensionRequest activationRequestForExtension:@"my.rdns.prefix.EndpointSecurityDemo"
                                                                      queue:dispatch_get_main_queue()];
                request.delegate = self;
                [[OSSystemExtensionManager sharedManager] submitRequest:request];

         

        I build the extension & app, then copy the app to /Applications to avoid OSSystemExtensionErrorUnsupportedParentBundleLocation.

         

        When run, the above code results in the request:didFailWithError: delegate method being called with an error code of OSSystemExtensionErrorExtensionNotFound.

        In Console.app, I can't see anything other than what my app logs, plus sysextd's "request contains no authorizationref" and "attempting to realize extension with identifier my.rdns.prefix.EndpointSecurityDemo". As there's no API for specifying an auth ref, I assume the first message isn't something I can do anything about.

         

        I've verified that the bundle identifier in the code matches the one in the system extension's plist once it's in the built app bundle. And the extension is definitely located at Contents/Library/SystemExtensions within the built .app.

         

        I'm at a loss as to why sysextd(?) can't find my extension. Is there any example code I can compare against? Any documentation I might have missed? The DriverKit WWDC session video is a nice conceptual intro but is very light on practicalities. Beyond that, I'm just using the OSSystemExtensions (and EndpointSecurity) headerdocs.

         

        Bonus question: In the headerdocs for OSSystemExtensionRequestDelegate I noticed a mention of "If the local system has System Extension developer mode enabled, this callback will always fire when an existing extension is found, regardless of version identifiers." What is this mode and how do I enable it?

         

        Update: For the heck of it, I tried with a DriverKit driver target (.dext). sysextd does find this one, and request:didFinishWithResult: returns 0 (OSSystemExtensionRequestCompleted) and I get a kext-like approval dialog. (I'm not convinced the dext actually ran after I approved it though, I certainly can't find the "Hello World" it's supposed to os_log anywhere, and it doesn't appear in ioreg.)