I am trying to get my app to work with Catalina's new User Data Protections that protect the user folders. My app has a helper tool that is managed by launchd and signed with the same certificate as the main app, and has been working fine. The app works by having the user select a bundle document, and that path is sent to the helper tool that runs as root. The helper tool uses that path itself (along with subdirectories) and with various other command line tools included with the app. The helper tool is correctly installed in /Library/PrivilegedHelperTools/.
The problem is when a user selects a file bundle that was created by the helper tool that was copied from another machine. The main app can access it, but when the helper tool tries to access it, it is blocked by the User Data Protections. The user is not prompted to allow it, and if I add the helper tool to the Security & Privacy->Full Disk Access, it all works fine. How do I get the XPC helper tool associated with the main app to either prompt the user or inherit the main app's User Data Protections permission?