Hello,
I have a DLP product, which includes several components running as launch daemons with root privileges. When user send a file outside, the kernel extension will notify the scan engine to detect if the file has sensitive information. After installing 10.15.4 Supplemental Update, the launch daemons cannot read files even in user's desktop folder. And there is no permission request dialog at all. I need to grant file access to launch daemons manually in System Prerefences. Is this a new change in 10.15.4 Supplemental Update? There seems to be no problem for a root process to access any file on disk before. If this requirement is enforced, how can I prompt user to grant full disk access to background daemon during installation or its first launch? BTW, all the executable and dylibs in my product are already properly signed and notarized.
Thanks!