SystemExtension Mach service

I'm still looking into this but it looks like when you activate a Endpoint Security extension sysextd will send a message over to endpointsecurityd and then it submits the job to launchd. It looks like when this happens it will automatically take the system extension bundle identifer and append ".xpc" and then pass that in as the MachServices key to launchd.

So if you for example had a system extension of com.test.ES then the mach service would be com.test.ES.xpc. When your endpoint security extension starts up you should be able to do something like this:

NSXPCListener *listener = [[NSXPCListener alloc] initWithMachServiceName:@"com.test.ES.xpc"];

And then you should be able to handle incoming connections to your system extension.

That sounds tempting to use, but I'm worried if it's an implementation detail I shouldn't rely on. But in the absence of any others I may have to resort to this, in the name of time.

I've filed a Radar/Feedback/whatever to request this capability officially.

It does look like things have changed in the latest beta. The Mach service is now exposed as <teamid>.<bundleid>.xpc

Hoperfully Apple will create an official capability to connect to the mach service similar to what they did in the Network Extensions

Were there any changes in the Mach Service in the latest beta? I can't seem to use the Mach Service in the same manner as before.