6 Replies
      Latest reply on Oct 13, 2019 5:16 AM by eskimo
      Jemik Level 1 Level 1 (0 points)

        Hi experts.

        Im trying to interact with the Endpoint Security API, via a console app. But when executed I get the ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED message.

         

        SIP is desabled and ive added the com.apple.developer.endpoint-security.client to my project entitlement file

         

        What Im I missing?

         

        Thanks.

        • Re: com.apple.developer.endpoint-security.client Entitlement issue
          eskimo Apple Staff Apple Staff (11,955 points)

          What’s a “console app”?  Is this a command-line tool that you’re running from Terminal?  Or a GUI app that has some sort of management console function?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: com.apple.developer.endpoint-security.client Entitlement issue
              Jemik Level 1 Level 1 (0 points)

              Hi Eskimo.

              Thanks for the reply.

              Yes its a command line app

              And I just figured it out.

              Adding the Entitlement to Code Signing Entitlements did the trick.

               

              Guess I just needed more coffee

               

              Cheers,

                • Re: com.apple.developer.endpoint-security.client Entitlement issue
                  eskimo Apple Staff Apple Staff (11,955 points)

                  Be aware that this could present some challenges in deployment.  If SIP is enabled, this entitlement must be whitelisted by a provisioning profile and there’s no place to put that profile in a ‘naked’ command-line tool.  If you plan to deploy as a launchd daemon rather than a system extension, I think you’ll need to place your daemon into a bundle structure so that it can pick up the provisioning profile from there.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: com.apple.developer.endpoint-security.client Entitlement issue
                      prokash Level 1 Level 1 (0 points)

                      Hi Eskimo,

                       

                      I've few questions ---

                       

                      1) Could you please point me to a doc or something about creating a System Extension using xcode 11.X. We can follow the other option you mention ( i.e. have a launchd daemon as a bundle ...)

                       

                      2) I've not found much documentation(s) about the Endpoint Security framework ( yea, understand you all just released Catalina - thx ). So for now, As a POC, I wanted to debug using lldb ( either command line or attached process to Xcode workspace), but have seen some timeout coming from inside the framework ( while at a bp ). Is there any place we can put the timeout to infinte or something large ?

                       

                      Thanks,

                      P

                        • Re: com.apple.developer.endpoint-security.client Entitlement issue
                          eskimo Apple Staff Apple Staff (11,955 points)

                          So for now, As a POC, I wanted to debug using lldb ( either command line or attached process to Xcode workspace), but have seen some timeout coming from inside the framework ( while at a bp ). Is there any place we can put the timeout to infinte or something large ?

                          Doing this is tricky, for the same reason that kernel extensions require two-machine debugging: The system needs your EndpointSecurity extension to respond promptly in order to make meaningful progress.  I generally resolve this problem by avoiding the debugger, using a combination of unit tests to debug my core code and logging to debug my interactions with the OS.

                          Share and Enjoy

                          Quinn “The Eskimo!”
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"

                      • Re: com.apple.developer.endpoint-security.client Entitlement issue
                        prokash Level 1 Level 1 (0 points)

                        Thanks Jemk,

                         

                        This is the trick, I was missing ...

                         

                        Got it running...