Hi, Greetings for the day, We would like to update you that we have started facing one strange problem in macOS Monterey 12.4(M1&Intel) where our system extension is not getting activated, we are getting below error: OSSystemExtensionErrorCodeSignatureInvalid = 8 However I would like to update you that same build is working in other Mac system without any error. We have checked the code sign and notarisation of our system extension container app and found its code signed and notarised too. /Applications/*.app: accepted source=Notarized Developer ID we would request to please help us to know why its getting triggered and how we can resolve it. Thanks & Regards, Mohmad Vasim

I have an app using Endpoint Security Framework, anything works fine but sometime ES client was exited and don't send any events. I cannot find solution to ping or health check my client to know they still alive or died!

Hi! I'm trying to move from CoreMedio I/O DAL Plug-In to CoreMedia I/O camera extensions, announced in macOS 12.3. I created a test extension, placed it inside my app bundle into Contents/Library/SystemExtensions and signed with codesigning certificate. But when I try to install my extension from inside my app, using this code (Swift): func requestActivation() { guard case .idle = status else { fatalError("Invalid state") } print("Requesting activation of extension \"\(extensionIdentifier)\"") let req = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: extensionIdentifier, queue: DispatchQueue.main) req.delegate = self OSSystemExtensionManager.shared.submitRequest(req) status = .requested } I'm getting an error: OSSystemExtensionErrorDomain error 8: Code Signature Invalid which is rather generic. Can anybody tell me what I am doing wrong? Or at least propose some steps to find it out? I'm posting here entitlements and codesign output for my extension and containing application for further information. kdg@admins-Mac-mini SystemExtensions % codesign -d --entitlements - ./com.visicom.VirtualCamera.avextension.systemextension Executable=/Applications/VirtualCamera.app/Contents/Library/SystemExtensions/com.visicom.VirtualCamera.avextension.systemextension/Contents/MacOS/com.visicom.VirtualCamera.avextension [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 6SUWV7QQBJ.com.visicom.VirtualCamera kdg@admins-Mac-mini /Applications % codesign -d --entitlements - ./VirtualCamera.app Executable=/Applications/VirtualCamera.app/Contents/MacOS/VirtualCamera [Dict] [Key] com.apple.developer.system-extension.install [Value] [Bool] true [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 6SUWV7QQBJ.com.visicom.VirtualCamera [Key] com.apple.security.files.user-selected.read-only [Value] [Bool] true kdg@admins-Mac-mini SystemExtensions % codesign -dvvv ./com.visicom.VirtualCamera.avextension.systemextension Executable=/Applications/VirtualCamera.app/Contents/Library/SystemExtensions/com.visicom.VirtualCamera.avextension.systemextension/Contents/MacOS/com.visicom.VirtualCamera.avextension Identifier=com.visicom.VirtualCamera.avextension Format=bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1553 flags=0x10700(hard,kill,expires,runtime) hashes=37+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=25bd80657bfd6e0ab95467146c7b532817e9e520 CandidateCDHashFull sha256=25bd80657bfd6e0ab95467146c7b532817e9e5209fd50b0cb7ceef40dcfb40e8 Hash choices=sha256 CMSDigest=25bd80657bfd6e0ab95467146c7b532817e9e5209fd50b0cb7ceef40dcfb40e8 CMSDigestType=2 CDHash=25bd80657bfd6e0ab95467146c7b532817e9e520 Signature size=9006 Authority=Developer ID Application: Visicom Media Inc. (6SUWV7QQBJ) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=7 Jul 2022, 21:49:32 Info.plist entries=23 TeamIdentifier=6SUWV7QQBJ Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=0 Internal requirements count=1 size=200 kdg@admins-Mac-mini /Applications % codesign -dvvv ./VirtualCamera.app Executable=/Applications/VirtualCamera.app/Contents/MacOS/VirtualCamera Identifier=com.visicom.VirtualCamera Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1989 flags=0x10700(hard,kill,expires,runtime) hashes=51+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=31e15fbbd436a67a20c5b58c597d8a4796a67720 CandidateCDHashFull sha256=31e15fbbd436a67a20c5b58c597d8a4796a6772020308fb69f4ee80b4e32788b Hash choices=sha256 CMSDigest=31e15fbbd436a67a20c5b58c597d8a4796a6772020308fb69f4ee80b4e32788b CMSDigestType=2 CDHash=31e15fbbd436a67a20c5b58c597d8a4796a67720 Signature size=9006 Authority=Developer ID Application: Visicom Media Inc. (6SUWV7QQBJ) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=7 Jul 2022, 21:58:09 Info.plist entries=20 TeamIdentifier=6SUWV7QQBJ Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=4 Internal requirements count=1 size=188 Thanks in advance!

Hi, I’m using network system extension and I wanted to launch the containing app from the extension. I'm using NSWorkspace.shared.openApplication(at applicationURL: URL, configuration: NSWorkspace.OpenConfiguration) async throws -> NSRunningApplication and sometimes it works but sometimes I gets those errors: -[_LSRemoteOpenCall invokeWithError:]: XPC error encountered talking to CSUIA: <error: 0x7fff9793e9a0> { count = 1, transaction: 0, voucher = 0x0, contents = "XPCErrorDescription" => <string: 0x7fff9793eb08> { length = 18, contents = "Connection invalid" } } error Optional(Error Domain=NSCocoaErrorDomain Code=256 "The application “APP_NAME” could not be launched because a miscellaneous error occurred." UserInfo={NSURL=file:/Applications/APP_NAME.app/, NSLocalizedDescription=The application “APP_NAME” could not be launched because a miscellaneous error occurred., NSUnderlyingError=0x7fcf005634d0 {Error Domain=NSOSStatusErrorDomain Code=-10822 "kLSServerCommunicationErr: The server process (registration and recent items) is not available" UserInfo={_LSLine=354, _LSFunction=-[_LSRemoteOpenCall invokeWithError:]}}}) Want is the best practice to open the containing application from the system extension. Thanks

I've implemented a custom VPN for macOS (system extension, Packet Tunnel Provider). My question is related to the tunnel's DNS servers: I would like that even when a split-tunnel is enabled, all DNS queries will reach the tunnel's DNS, but I'm aware that this case is not 'working well', and the Packet Tunnel Provider is not supposed to capture all DNS queries, see those threads:https://developer.apple.com/forums/thread/662443, https://developer.apple.com/forums/thread/661601 So as a workaround, on a split-tunnel I have a list of 'match domains', and 'search domains'. But now it seems that the default interface will answer those queries as well, and they still won't reach the tunnel's DNS. To verify this, I connected with the VPN, and when I checked 'scutil --dns', I got the list of resolvers, where resolver #1, wasn't the utun (it was en7), and it handled all the 'match domain'/'search domains'. Any idea how to force some/add DNS queries to the tunnel's DNS even when for a split tunnel?

I have tried to implement Network Extension. Unfortunately, NE was throw some errors and restart, that make my IPCConnection was interrupted. \ I want to reconnect IPCConnection when NE was interrupted!

It occurs only in m1 macbookPro. Panic does not occur in intel macbook. Load my Product EndpointSecurity using NSEndpointSecurityEarlyBoot. Install karabiner. Reboot After the reboot is completed, a panic occurs before 1 minute later.(100%) forever rebooting There is a singularity here. If EndpointSecurity calls the es_subscribe() function, no panic occurs. Here's the question. To use NSEndpointySecurityEarlyBoot, must the es_subscribe() function be called at least once unconditionally? If the es_subscribe() is not called, is the panicking behavior normal? For reference, system diagnostic logs cannot be collected.  This is because panic occurs forever when rebooting.

Hi, i am implementing NETunnelProviderProtocol but i dont need to use server address because on the system extension side is xpc communication instead of tcp/ip. When i leave serverAddress empty, tunneling is not started. It is not problem to set some default value, but i am just wondering. Thank you

Hi. I'm in the process of making changes to a MacOS SwiftUI project in order to have it be deployed using Developer ID. The project is a VPN using a packet tunnel provider so I'm converting the NetworkExtension to the SystemExtension equivalent. I run the exported app from the Applications folder and it starts up fine but I get a log saying that the current bundle does not have a SystemExtensions directory. When I check the contents of the package, it has put the extension in the Plugins folder instead, which tells me that the extension is still being treated as an app extension rather than a system extension. When I try to run the extension from my app, I get a log saying "Provider is an app extension and therefore cannot be signed with a Developer ID certificate" I have followed all steps listed here: https://developer.apple.com/forums/thread/125508 I have packet-tunnel-provider-systemextension in the Network Extensions array in the entitlements for both the main app and the extension. I've got Network Extension entitlements on both identifiers and and System Extension on the main app identifier I've created and imported provisioning profiles for both. No errors on either. In the extension's info.plist, I have made sure to set the bundle type to SYSX The product name for my extension matches it's bundle identifier The extension's wrapper extension is systemextension Can anyone think of anything I have missed which would cause Xcode to continue packaging it as an appex rather than a sysex? Or is there possibly somehow something I need to change in the swift code which Xcode will pick up on when packaging? Let me know if you need more info from me. Thanks in advance

Is there a way to tell using device / stream properties if a camera extension is being actively used by a client?

In the General system settings panel in Ventura, under Login Items, there are 2 sections: "Add Login Items", and "Login Items Added by Apps". What is this second category, and where can I find more about how to create such login items?

There is no documentation for running, debugging and testing system extensions on iPadOS16. The WWDC 2022 session "Bring your driver to iPad with DriverKit" does not count because (as of beta 2) it is completely unreproducible. This document tells us that to test our system extensions we must disable SIP so it's clearly only for macOS: https://developer.apple.com/documentation/driverkit/debugging_and_testing_system_extensions It would be nice if this document were updated with reproducible instructions for testing system extensions on iPadOS! FB10427776

We are trying to update the network system extension on macOS12.4. But sysextd is crashing and failing to update the system extension. I am sharing the sysextd logs and crash report here: sysextd console logs: sysextd_logs.txt sysextd crash report: sysextd_crash.txt I am still working to figure out what is happening right now. Can somebody help me in resolving this issue?

I struggle to add custom properties to my streams as described in the WWDC22 video https://developer.apple.com/videos/play/wwdc2022/10022/ minute 28:17 The speaker describes using this technique in his CIFilterCam demo (would the source code be available please?) to let the app control which filter the extension should apply. Presumably, there's thus a way to: 1 - define a custom property in the camera extension's stream/device/provider? 2 - be able to use CoreMediaIO (from Swift?) in the app in order to set values of that custom property. This is not documented anywhere I could find. Help and sample code would be greatly appreciated. Thank you. Laurent

While trying to re-create the CIFilterCam demo shown in the WWDC session, I hit a roadblock when trying to access a hardware camera from inside my extension. Can I simply use an AVCaptureSession + AVCaptureDeviceInput + AVCaptureVideoDataOutput to get frames from an actual hardware camera and pass them to the extension's stream? If yes, when should I ask for camera access permissions? It seems the extension code is run as soon as I install the extension, but I never get prompted for access permission. Do I need to set up the capture session lazily? What's the best practice for this use case?

I am trying to find the available methods to capture selective IP traffic to tunnel it using an UDP tunneling. I went through the online resources and found that we can achieve this using PacketTunnelProvider where we will configure the tunnel then define inbound and outbound reader and writer functions. One another method I found where we open a utun socket, assign source and destination tunnel address of the tunnel endpoints and then start doing read write operations on the utun interface, where our application will be able to read any traffic coming to that interface. (also we need to configure appropriate routes for the utun interface to redirect traffic). I wanted to understand the difference between the two methods, and in which scenario both should be used?

Hi, I have been following the steps presented in https://developer.apple.com/documentation/coremediaio/creating_a_camera_extension_with_core_media_i_o to create a core media I/O camera. However when calling let activationRequest = OSSystemExtensionRequest.activationRequest( forExtensionWithIdentifier: identifier, queue: .main ) activationRequest.delegate = installDelegate OSSystemExtensionManager.shared.submitRequest(activationRequest) The delegate's request(_ request: OSSystemExtensionRequest, didFailWithError error: Error) method is being called with error code 9 (OSSystemExtensionError.Code.validationFailed) and the system dialog does not appear.

I developed a screen watermarking program that worked fine before macOS 12.4. After upgrading to 12.4, "System Extension Blocked" pop-up cann't be click, but the other window is ok. Any body can tell me the macOS 12.4 has do what to "System Extension Blocked" pop-up !!! my sample code like this code-block NSScreen *screen = [NSScreen screens][0]; CGFloat windowWidth = screen.frame.size.width; CGFloat windowHeight = screen.frame.size.height; CGFloat x = screen.frame.origin.x; CGFloat y = screen.frame.origin.y; MyView* view = [[MyView alloc]initWithFrame:NSMakeRect(0, 0, windowWidth, windowHeight)]; NSWindow* window = [[NSPanel alloc] initWithContentRect:NSMakeRect(0, 0, windowWidth, windowHeight) styleMask: NSWindowStyleMaskBorderless | NSWindowStyleMaskNonactivatingPanel backing:NSBackingStoreBuffered defer:NO]; [window setOpaque:NO]; [window setBackgroundColor:[NSColor clearColor]]; [window setCollectionBehavior:NSWindowCollectionBehaviorCanJoinAllSpaces | NSWindowCollectionBehaviorFullScreenAuxiliary]; [window setIgnoresMouseEvents:YES]; [window setHasShadow:NO]; [window setLevel:NSScreenSaverWindowLevel]; [window setContentView:views]; [window makeKeyAndOrderFront:nil]; and draw in MyView code-block - (void)drawRect:(NSRect)dirtyRect { NSRect screen = [self bounds]; int SW = screen.size.width; int SH = screen.size.height; [[NSColor clearColor] set]; NSRectFill(screen); NSString * strH= @"watermark test."; NSMutableDictionary *md = [NSMutableDictionary dictionary]; [md setObject:[NSFont fontWithName:@"Times" size:80] forKey:NSFontAttributeName]; [strH drawAtPoint:NSMakePoint(SH*0.5, SH*0.5) withAttributes:md]; [self setNeedsDisplay:YES]; }