Endpoint Security SystemExtension Documentation

Is there a proper documentaion how an Endpoint security system extension has to be structured?

No there is not, but I figured you know that already because your bugs haven’t come back to )-: If you’ve run into specific roadblocks, feel free to post your questions here. I’ll try to help out in this context but, if not, I may ask you to open a DTS tech support incident so that I can research stuff in more depth.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hello,

I'm also looking for an example workspace. Or some instructions to create such extension, embed in an app using xcode. For Network extension, there was one from Apple ( SimpleFirewall). It was helpful. But for Endpoint security ( replacing Kauth and others ), could someone point me to some place where at least we could create a legit workspace, then follow the API. Hope the online API shows up soon for use as docs. Otherwise SDK API reading ...

Hi eskimo,

I figured out that I was missing the NSSystemExtensionUsageDescription key in the Info.plist.

I already opened a Feedback to improve the error messages logged by sysextd (FB7361399). I would have figured out the issue way faster if there would have been an error description.

One colleague attended this years WWDC and in the labs she was promised that if an Endpoint Security System Extension is activated by the user it will automatically receive Full Disk Access. However my extension did not receive FDA. Did I miss an extra key in the Info.plist?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>CFBundleDevelopmentRegion</key>
  <string>$(DEVELOPMENT_LANGUAGE)</string>
  <key>CFBundleDisplayName</key>
  <string>Scanner</string>
  <key>CFBundleExecutable</key>
  <string>$(EXECUTABLE_NAME)</string>
  <key>CFBundleIdentifier</key>
  <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
  <key>CFBundleInfoDictionaryVersion</key>
  <string>6.0</string>
  <key>CFBundleName</key>
  <string>$(PRODUCT_NAME)</string>
  <key>CFBundlePackageType</key>
  <string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
  <key>CFBundleShortVersionString</key>
  <string>1.0</string>
  <key>CFBundleVersion</key>
  <string>1</string>
  <key>NSSystemExtensionUsageDescription</key>
  <string>Scans your FileSystem</string>
  <key>LSMinimumSystemVersion</key>
  <string>$(MACOSX_DEPLOYMENT_TARGET)</string>
  <key>NSHumanReadableCopyright</key>
  <string>Copyright © 2019...</string>
</dict>
</plist>

Additionally I think this behaviour should be officially documented!

In the end I really like to see something like a technical note that ties all relevant documentations together. And additionaly this note should come with an example.

Best regards,

Timo