2 Replies
      Latest reply on Nov 10, 2019 9:32 PM by weichao119
      weichao119 Level 1 Level 1 (0 points)

        Hi,

         

        We have some questions about the EndpointSecurity Frameworks.

         

        1. Whether the EndpointSecurity Client must be a system extension?

            We use the es-client entitlements making a develop provisonprofile with its EndpointSecurity-client capabilities. Then, build a simple app(no system extension) with EndpointSecurity.Framework and the provisonprofile. It works well on other machine which SIP is enabled. (Root permission & approved by TCC )

            So, whether it means that we can distribute the EndpointSecurity-Client as a simple app(without system extension)?

         

        2. If we must package Endpoint Security as a system extension, and be contained in an app. Whether the containing app can be distributed in Mac App Store?

        • Re: questions about EndpointSecurity & System Extension
          eskimo Apple Staff Apple Staff (12,265 points)

          1. Whether the EndpointSecurity Client must be a system extension?

          My understanding is that EndpointSecurity require that clients run as root and have the entitlement, meaning there’s no specific requirement that the client be a system extension.  This is in contrast to other subsystems, like system-wide NetworkExtensions, which must be packaged as system extensions.

          Having said that, running as root is a significant hurdle.  You wrote:

          Then, build a simple app [it] works well on other machine which SIP is enabled. (Root permission & approved by TCC)

          By definition an “simple app” isn’t running as root.  In a real setup you’d need to install this as a launchd daemon in order to get root privileges, and that presents challenges for getting your entitlement.  For a daemon to use the EndpointSecurity entitlement, it must be packaged in an app-like structure in order to have a place to store the provisioning profile that whitelists those entitlements.

          All-in-all, it’s going to be easier if you just use a system extension.

          2. If we must package Endpoint Security as a system extension, and be contained in an app. Whether the containing app can be distributed in Mac App Store?

          That’s the plan.  To quote WWDC 2019 Session 702 System Extensions and DriverKit:

          Once you've packaged your System Extension into an app, you can distribute that app directly to your users using Developer ID or through the Mac App Store, which has never been possible with Kernel Extensions.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"