According to Apple's development documentation, if I want to install an Endpoint Security system extension, I need to develop a host app that must be installed in the Applications directory. Now, I want to create an ES extension to protect users from accessing certain folders. However, I don't want a custom app to pop up asking the user to allow the installation of the ES extension. (To clarify, it's fine if the system authorization request dialog pops up, but I don't want the host app's UI to appear.) Is there any way to do this?

I've developed a Endpoint Security system extension, which will be installed in a container APP. I use XPC to send message from container APP to the ES client, it works fine. I have developed an Endpoint Security system extension that will be installed in a container app. I utilize XPC to send messages from the container app to the ES client, and it functions properly. However, when I attempt to send messages from the ES client to the container app, it always displays an error: 'Couldn’t communicate with a helper application.'. I have removed the sandbox capability of the container app and also employed the same app group for both the ES client and the container app. When an XPC client is connected, I use the following code in the ES client to establish two-way communication. - (BOOL)listener:(NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)newConnection { newConnection.exportedInterface = [NSXPCInterface interfaceWithProtocol:@protocol(NXFileGuardXPCProtocol)]; NXFileGuardXPCService *xpcService = [NXFileGuardXPCService sharedInstance]; newConnection.exportedObject = xpcService; // To APP container client (As remote interface) newConnection.remoteObjectInterface = [NSXPCInterface interfaceWithProtocol:@protocol(NXFileGuardXPCClientProtocol)]; [newConnection activate]; self.containerAPPConnection = newConnection; return YES; } But it always fails. How can I deal with this error?

I'm developing an APP on Mac. There will be some template sensitive file be decrypte during the user using it. I don't want my client see these files by Finder or Terminal, so I tried to mount a file system and store the decrypted folder under the filessystem, then don't return the contents of decrypted folder when filesystem call contentsOfDirectory. It works under my filesystem. But when user directly access these files by Finder(not from my filesystem mounted path), the files are still here can be seen by the user. Is there anyway to make my files hide from Finder? Such as Finder extension, or some special folder Mac offered to store these sensitive files?

I'm writing an app on macOS that stores passwords in the Keychain and later retrieves them using SecItemCopyMatching(). This works fine 90% of the time. However, occasionally, the call to SecItemCopyMatching() fails with errSecAuthFailed (-25293). When this occurs, simply restarting the app resolves the issue; otherwise, it will consistently fail with errSecAuthFailed. What I suspect is that the Keychain access permission has a time limitation for a process. This issue always seems to arise when I keep my app running for an extended period.

I'm finding a way to hook vnode operations, following is a snippet of the code: IOReturn FltIOKitKAuthVnodeGate::RegisterVnodeScopeCallback(void) { // // register our listener // this->VnodeListener = kauth_listen_scope( KAUTH_SCOPE_VNODE, // for the vnode scope FltIOKitKAuthVnodeGate::VnodeAuthorizeCallback, // using this callback this ); // give a cookie to callback if( NULL == this->VnodeListener ){ DBG_PRINT_ERROR( ( "kauth_listen_scope failed\n" ) ); return kIOReturnInternalError; } return kIOReturnSuccess; } Here use kauth_listen_scope to get the newly created vnode object, then will hook on it. But now kauth_listen_scope is deprecated, and there is no way to get the vnode by using EndpointSecurity. So is there any other way to get the newly created vnode object?

I'm developing a system that uses an ES extension to control user file openings on Mac. When a user tries to open a file, the ES extension can either allow or deny the user from opening it. However, the policy for allowing/denying users to open files is managed by my normal Mac app. Therefore, the ES extension needs to proactively communicate with the normal app. Initially, I wanted to create an XPC service in my regular app, but according to the documentation, XPC services are managed by launchd and cannot be created by regular apps. So if I want my ES extension to communicate with the regular app proactively, what IPC method can I use?