Is there some tutorial for the new `es_new_descendants_client` function?

First, I thought it would be good to monitor processes I launch from my central application - but I won't fork() or exec() other apps - I will ask launchd to open them (NSWorkspace...), so they won't be descendants of my Endpoint Security client containing process.

It's tied to your direct child processes (the whole process subtree derived from you), but that doesn't mean you couldn't restrict an app. We don't "encourage" it but, in practice, apps created through fork/exec basically "work" fine.

Not to mention, I don't understand how this aligns with the entitlement being attachable only to system(?) extensions.

The entitlement isn't restricted to system extensions and never has been. There is a system extension point, but that primarily exists so that ES clients can get control of the system as EARLY as possible (basically, before ANY 3rd party executes). The extension point is actually used less often than you'd think, as most ES clients are actually just LaunchDaemons.

Similarly:

Or, can I now add this entitlement to an application? The dropping of root privilege as a requirement seems like this entitlement could be attached to regular apps. Or it can only be attached to a launchd agent, rather than a daemon?

Aside from the requirement that you run as soon, you could do this today. The main issue with using it in an application is that ES clients need to be very careful about what they interact with, since blocking or delaying the wrong action can create very strange cross daemon deadlocks.

That's not really an issue here (since you won't see most system level actions), though I'd probably still recommend against just adding it into the "middle" of a full scale application. In any case, there's certainly no issue with attaching it to an agent or helper tool, which is how I expect it will most often be used.

What is the real-life use of this client?

The most obvious would be constraining AI agents. It's relatively hard to pre-construct a fixed sandbox without any "holes", particularly when the exact constraints will vary from agent to agent. The notify API also lets you monitor basically "everything" they do through a single API.

I haven't seen any pointers in Endpoint Security documentation other than this function's documentation. A tutorial would be very nice to have.

So, two points here:

1. EndpointSecurity has EXTREMELY good header doc, probably the best on our platform, and that documentation should be considered the authoritative reference. Never underestimate the value of a good ASCII art diagram.

2. The "Monitoring System Events with Endpoint Security" project does a decent job of showing the API in use and I think it could be fairly easily modified to use es_new_descendants_client instead of the full API.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

There is not a tutorial but the header docs are fairly detailed. I can expand on what Kevin said a little.

Normally ES clients must run as root because they cross user boundaries, they require TCC_ALL_FILES because they are privacy invasive, you can view operations on all files and by all users.

A descendant client is different, if Alice creates a descendant client she will never see operations issued by Bob, in fact she will only control operations she and her descendants (and their descendants recursively) issue. The privacy concerns are not the same.

Similarly, deadline enforcement exists to break deadlocks and protect critical system daemons. Alice can only block processes she could already kill or suspend anyway. System daemons will never be a descendant and as such descendants clients can extend deadlines.

The primary use case we envision for this is agents. es_new_descendants_client() is effectively a new feature for creating dynamic sandboxes. Agents are inherently non-deterministic and subject to prompt injection attacks. Implementors need some way to control their interactions with the operating system. Using es_new_descendants_client() in combination with the new es_set_deadline_min() you can create an interactive UX for approving agent operations.