Hello, How can I get the boot args in C++ or Objective-C on macOS without launching the nvram command tool? Take -arm64e_preview_abi for example. How can I check if it exists and if it's effective now or a reboot is needed for it to take effect. Thanks!

Hi, everyone! I want to know whether I can check my app is running on a virtual machine or not. If so, how can I do that in C++ or Objective-C? The code needs to support both Intel processors and Apple Silicon. Thanks! Leo

Hello, I have a security program with a daemon process running as root user started by launchd, which scans documents on users's computer to prevent confidential data leakage. On macOS 10.15.6 adding the program to "Full Disk Access" list in System Preferences doesn't work at all. I also add the Terminal program, but that doesn't make any difference. Do I need to add my program to the root user's TCC database? And how to do that? Thanks!

Hello,I have a DLP product, which includes several components running as launch daemons with root privileges. When user send a file outside, the kernel extension will notify the scan engine to detect if the file has sensitive information. After installing 10.15.4 Supplemental Update, the launch daemons cannot read files even in user's desktop folder. And there is no permission request dialog at all. I need to grant file access to launch daemons manually in System Prerefences. Is this a new change in 10.15.4 Supplemental Update? There seems to be no problem for a root process to access any file on disk before. If this requirement is enforced, how can I prompt user to grant full disk access to background daemon during installation or its first launch? BTW, all the executable and dylibs in my product are already properly signed and notarized.Thanks!

I know with Disk Arbitration framework, I can use DARegisterDiskMountApprovalCallback to prevent external disks from mounting. The disks includes thumb drive, external hard disk, etc., but there are many types of peripherals out there, like a usb wireless receiver or a USB ethernet adapter. Is there any other framework for us to use to enable/disable peripherals based on their I/O Registry properties? Thanks!

I'm using Xcode 10 on MacOS Mojave to create a MacOS app. This app will be distributed outside of Mac App Store, so I let Xcode auto-sign it with Developer ID. My question is how to move the target .app to a specific folder after code signing. The post-build action doesn't work since it seems to happen before code signing. I don't want to do code signing on command line by myself, because I want Xcode to add hardened runtime and com.apple.security.get-task-allow entitlements for me. Thanks!