What is the principle behind the network filter developed through system expansion starting up with the computer's startup

Question

Created Sep ’24

Replies 2

Boosts 0

Participants 2

I developed a network filter using system extensions and placed the system extension program in a container app. I activated the extension and enabled the network filter in the/Applications directory through the container app. After that, my container app process exited, and only the system extension program process in the/Library/SystemExtensions directory was running. After booting up and upgrading the macOS system, the system extension program will be launched, and I learned from the link below that the system extension will be launched with the system at startup: https://developer.apple.com/forums/thread/701986 . But I haven't learned from the official documentation of System Extensions and NetworkExtension why system extensions start with the system and what their principles are. Because the container app under the activation system extension/Application did not start. Has the network filter developed for system expansion been registered in the system related files or frameworks? Ensure that it will start after each startup

Boost

Answer 1

DTS Engineer OP

Apple

Sep ’24

Accepted Answer

Recommended

Has the network filter developed for system expansion been registered in the system related files or frameworks? Ensure that it will start after each startup

That’s right.

Under the covers a system extension is effectively a launchd daemon. When your container app activates its embedded sysex, the system copies the sysex to a known ‘safe’ location and then registers it with launchd. This causes launchd to starts it as a daemon, both immediately and on restart.

IMPORTANT The specific details of this vary based on the type of sysex you’re creating. You will, for example, see different behaviour between an Network Extension sysex and an Endpoint Security sysex. However, the above should give you an idea as to the general process.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

DTS Engineer OP

Apple

Sep ’24

Please reply is a reply; if you reply in the comments, I may not see it. For this and other titbits, see Quinn’s Top Ten DevForums Tips.

I did not find the plist file related to my Network Extension sysex registered with launchd

Right. That’s why I put the “effectively” in “a system extension is effectively a launchd daemon”. Installing a system extension does not literally write a launchd property list file to the /Library/LaunchDaemons directory. However, at runtime the sysex behaves like a launchd daemon, that is:

It’s lifetime is managed by launchd.
It runs as root.
It runs in the global execution context.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1