What could be the specific context you're talking about that causes the code to fail?

Other processes include rapportd, remoted, syspolicyd, timed, networkserviceproxy, nsurlsessiond.

And counting: transparencyd, configd, captiveagent, locationd, rtcreportingd, mobileassetd, swcd, diagnosticextensionsd.

What may be interesting, and what I noticed for the first time, is that after keeping my app open for several hours and noticing all those apparently unsigned processes, it began listing some of those same names, but this time they were correctly signed: trustd, mobileassetd, nsurlsessiond. They all started being listed at the same time at a distance of a few seconds from each other, at 6:06:33 PM today.

Isn't there a third possibility: that the code is generated by someone who is not an attacker?

How would it be possible to track the code identity with SecCodeCopyDesignatedRequirement? SecRequirement is only defined as a class implementing Hashable, so it cannot be stored and loaded again between app launches.

Hi Quinn, thanks a lot for your help. I created an empty Xcode project with the "Command Line Tool" template, pasted your code, and run the built executable in the Terminal. When passing the pids for all the trustd processes I see in Activity Monitor it always returns the expected path, /usr/libexec/trustd.

But then I created an empty Xcode project with the "App" template and created a main.swift file again with your code, and when running the built App/Contents/MacOS/app in the Terminal, I get the same error that I mentioned before: Error Domain=NSOSStatusErrorDomain Code=100001 "EPERM: Operation not permitted". Do I need to add special entitlements in order to make it work?

Do you mean that I can't? Can the previous behaviour of having the same NSTextStorage appear in multiple NSTextView not be replicated?

There are never more than 10 bookmarks active. I‘m also calling stopAccessingSecurityScopedResource. This only happens since macOS 15.

I had to do this myself several times to isolate a macOS bug: duplicate the Xcode project, then start reducing the code and test if the issue still happens, and if it does, make a duplicate of the duplicate so that I can go back to it in case my next reduction solves the issue. Keep repeating until you have a tiny project that reproduces it. It may take several hours (even the whole day) and test your patience to the extreme, but sometimes there's no other way.