Hi, Greetings for the day, We would like to update you that we have started facing one strange problem in macOS Monterey 12.4(M1&Intel) where our system extension is not getting activated, we are getting below error: OSSystemExtensionErrorCodeSignatureInvalid = 8 However I would like to update you that same build is working in other Mac system without any error. We have checked the code sign and notarisation of our system extension container app and found its code signed and notarised too. /Applications/*.app: accepted source=Notarized Developer ID we would request to please help us to know why its getting triggered and how we can resolve it. Thanks & Regards, Mohmad Vasim

I have an app using Endpoint Security Framework, anything works fine but sometime ES client was exited and don't send any events. I cannot find solution to ping or health check my client to know they still alive or died!

I've implemented a custom VPN for macOS (system extension, Packet Tunnel Provider). My question is related to the tunnel's DNS servers: I would like that even when a split-tunnel is enabled, all DNS queries will reach the tunnel's DNS, but I'm aware that this case is not 'working well', and the Packet Tunnel Provider is not supposed to capture all DNS queries, see those threads:https://developer.apple.com/forums/thread/662443, https://developer.apple.com/forums/thread/661601 So as a workaround, on a split-tunnel I have a list of 'match domains', and 'search domains'. But now it seems that the default interface will answer those queries as well, and they still won't reach the tunnel's DNS. To verify this, I connected with the VPN, and when I checked 'scutil --dns', I got the list of resolvers, where resolver #1, wasn't the utun (it was en7), and it handled all the 'match domain'/'search domains'. Any idea how to force some/add DNS queries to the tunnel's DNS even when for a split tunnel?

I am trying to find the available methods to capture selective IP traffic to tunnel it using an UDP tunneling. I went through the online resources and found that we can achieve this using PacketTunnelProvider where we will configure the tunnel then define inbound and outbound reader and writer functions. One another method I found where we open a utun socket, assign source and destination tunnel address of the tunnel endpoints and then start doing read write operations on the utun interface, where our application will be able to read any traffic coming to that interface. (also we need to configure appropriate routes for the utun interface to redirect traffic). I wanted to understand the difference between the two methods, and in which scenario both should be used?

Hi, I’m using network system extension and I wanted to launch the containing app from the extension. I'm using NSWorkspace.shared.openApplication(at applicationURL: URL, configuration: NSWorkspace.OpenConfiguration) async throws -> NSRunningApplication and sometimes it works but sometimes I gets those errors: -[_LSRemoteOpenCall invokeWithError:]: XPC error encountered talking to CSUIA: <error: 0x7fff9793e9a0> { count = 1, transaction: 0, voucher = 0x0, contents = "XPCErrorDescription" => <string: 0x7fff9793eb08> { length = 18, contents = "Connection invalid" } } error Optional(Error Domain=NSCocoaErrorDomain Code=256 "The application “APP_NAME” could not be launched because a miscellaneous error occurred." UserInfo={NSURL=file:/Applications/APP_NAME.app/, NSLocalizedDescription=The application “APP_NAME” could not be launched because a miscellaneous error occurred., NSUnderlyingError=0x7fcf005634d0 {Error Domain=NSOSStatusErrorDomain Code=-10822 "kLSServerCommunicationErr: The server process (registration and recent items) is not available" UserInfo={_LSLine=354, _LSFunction=-[_LSRemoteOpenCall invokeWithError:]}}}) Want is the best practice to open the containing application from the system extension. Thanks

Hi! I'm trying to move from CoreMedio I/O DAL Plug-In to CoreMedia I/O camera extensions, announced in macOS 12.3. I created a test extension, placed it inside my app bundle into Contents/Library/SystemExtensions and signed with codesigning certificate. But when I try to install my extension from inside my app, using this code (Swift): func requestActivation() { guard case .idle = status else { fatalError("Invalid state") } print("Requesting activation of extension \"\(extensionIdentifier)\"") let req = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: extensionIdentifier, queue: DispatchQueue.main) req.delegate = self OSSystemExtensionManager.shared.submitRequest(req) status = .requested } I'm getting an error: OSSystemExtensionErrorDomain error 8: Code Signature Invalid which is rather generic. Can anybody tell me what I am doing wrong? Or at least propose some steps to find it out? I'm posting here entitlements and codesign output for my extension and containing application for further information. kdg@admins-Mac-mini SystemExtensions % codesign -d --entitlements - ./com.visicom.VirtualCamera.avextension.systemextension Executable=/Applications/VirtualCamera.app/Contents/Library/SystemExtensions/com.visicom.VirtualCamera.avextension.systemextension/Contents/MacOS/com.visicom.VirtualCamera.avextension [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 6SUWV7QQBJ.com.visicom.VirtualCamera kdg@admins-Mac-mini /Applications % codesign -d --entitlements - ./VirtualCamera.app Executable=/Applications/VirtualCamera.app/Contents/MacOS/VirtualCamera [Dict] [Key] com.apple.developer.system-extension.install [Value] [Bool] true [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 6SUWV7QQBJ.com.visicom.VirtualCamera [Key] com.apple.security.files.user-selected.read-only [Value] [Bool] true kdg@admins-Mac-mini SystemExtensions % codesign -dvvv ./com.visicom.VirtualCamera.avextension.systemextension Executable=/Applications/VirtualCamera.app/Contents/Library/SystemExtensions/com.visicom.VirtualCamera.avextension.systemextension/Contents/MacOS/com.visicom.VirtualCamera.avextension Identifier=com.visicom.VirtualCamera.avextension Format=bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1553 flags=0x10700(hard,kill,expires,runtime) hashes=37+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=25bd80657bfd6e0ab95467146c7b532817e9e520 CandidateCDHashFull sha256=25bd80657bfd6e0ab95467146c7b532817e9e5209fd50b0cb7ceef40dcfb40e8 Hash choices=sha256 CMSDigest=25bd80657bfd6e0ab95467146c7b532817e9e5209fd50b0cb7ceef40dcfb40e8 CMSDigestType=2 CDHash=25bd80657bfd6e0ab95467146c7b532817e9e520 Signature size=9006 Authority=Developer ID Application: Visicom Media Inc. (6SUWV7QQBJ) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=7 Jul 2022, 21:49:32 Info.plist entries=23 TeamIdentifier=6SUWV7QQBJ Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=0 Internal requirements count=1 size=200 kdg@admins-Mac-mini /Applications % codesign -dvvv ./VirtualCamera.app Executable=/Applications/VirtualCamera.app/Contents/MacOS/VirtualCamera Identifier=com.visicom.VirtualCamera Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1989 flags=0x10700(hard,kill,expires,runtime) hashes=51+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=31e15fbbd436a67a20c5b58c597d8a4796a67720 CandidateCDHashFull sha256=31e15fbbd436a67a20c5b58c597d8a4796a6772020308fb69f4ee80b4e32788b Hash choices=sha256 CMSDigest=31e15fbbd436a67a20c5b58c597d8a4796a6772020308fb69f4ee80b4e32788b CMSDigestType=2 CDHash=31e15fbbd436a67a20c5b58c597d8a4796a67720 Signature size=9006 Authority=Developer ID Application: Visicom Media Inc. (6SUWV7QQBJ) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=7 Jul 2022, 21:58:09 Info.plist entries=20 TeamIdentifier=6SUWV7QQBJ Runtime Version=12.3.0 Sealed Resources version=2 rules=13 files=4 Internal requirements count=1 size=188 Thanks in advance!

I have tried to implement Network Extension. Unfortunately, NE was throw some errors and restart, that make my IPCConnection was interrupted. \ I want to reconnect IPCConnection when NE was interrupted!

We are trying to update the network system extension on macOS12.4. But sysextd is crashing and failing to update the system extension. I am sharing the sysextd logs and crash report here: sysextd console logs: sysextd_logs.txt sysextd crash report: sysextd_crash.txt I am still working to figure out what is happening right now. Can somebody help me in resolving this issue?

It occurs only in m1 macbookPro. Panic does not occur in intel macbook. Load my Product EndpointSecurity using NSEndpointSecurityEarlyBoot. Install karabiner. Reboot After the reboot is completed, a panic occurs before 1 minute later.(100%) forever rebooting There is a singularity here. If EndpointSecurity calls the es_subscribe() function, no panic occurs. Here's the question. To use NSEndpointySecurityEarlyBoot, must the es_subscribe() function be called at least once unconditionally? If the es_subscribe() is not called, is the panicking behavior normal? For reference, system diagnostic logs cannot be collected.  This is because panic occurs forever when rebooting.

Hi, i am implementing NETunnelProviderProtocol but i dont need to use server address because on the system extension side is xpc communication instead of tcp/ip. When i leave serverAddress empty, tunneling is not started. It is not problem to set some default value, but i am just wondering. Thank you

While trying to re-create the CIFilterCam demo shown in the WWDC session, I hit a roadblock when trying to access a hardware camera from inside my extension. Can I simply use an AVCaptureSession + AVCaptureDeviceInput + AVCaptureVideoDataOutput to get frames from an actual hardware camera and pass them to the extension's stream? If yes, when should I ask for camera access permissions? It seems the extension code is run as soon as I install the extension, but I never get prompted for access permission. Do I need to set up the capture session lazily? What's the best practice for this use case?

I built an app which hosts a CMIOExtension. The app works, and it can activate the extension. The extension loads in e.g. Photo Booth and shows the expected video (a white horizontal line which moves down the picture). I have a couple of questions about this though. The sample Camera Extension is built with a CMIOExtension dictionary with just one entry, CMIOExtensionMachServiceName which is $(TeamIdentifierPrefix)$(PRODUCT_BUNDLE_IDENTIFIER) This Mach service name won't work though. When attempting to activate the extension, sysextd says that the extensions has an invalid mach service name or is not signed, the value must be prefixed with one of the App Groups in the entitlement. So in order to get the sample extension to activate from my app, I have to change its CMIOExtensionMachServiceName to <my team ID>.com.mycompany.my-app-group.<myextensionname> Is this to be expected? The template CMIOExtension generates its own video using a timer. My app is intended to capture video from a source, filter that video, then feed it to the CMIOExtension, somehow. The template creates an app group called "$(TeamIdentifierPrefix)com.example.app-group", which suggests that it might be possible to use XPC to send frames from the app to the extension. However, I've been unable to do so. I've used NSXPCConnection * connection = [[NSXPCConnection alloc] initWithMachServiceName:, using the CMIOExtensionMachServiceName with no options and with the NSXPCConnectionPrivileged option. I've tried NSXPCConnection * connection = [[NSXPCConnection alloc] initWithServiceName: using the extension's bundle identifier. In all cases when I send the first message I get an error in the remote object proxy's handler: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named <whatever name I try> was invalidated: failed at lookup with error 3 - No such process." According to the "Daemons and Services Programming Guide" an XPC service should have a CFBundlePackageType of XPC!, but a CMIOExtension is of type SYSX. It can't be both. Does the CMIOExtension loading apparatus cook up a synthetic name for the XPC service, and if so, what is it? If none, how is one expected to get pixel buffers into the camera extension?

Is there a way to tell using device / stream properties if a camera extension is being actively used by a client?

Hi. I'm in the process of making changes to a MacOS SwiftUI project in order to have it be deployed using Developer ID. The project is a VPN using a packet tunnel provider so I'm converting the NetworkExtension to the SystemExtension equivalent. I run the exported app from the Applications folder and it starts up fine but I get a log saying that the current bundle does not have a SystemExtensions directory. When I check the contents of the package, it has put the extension in the Plugins folder instead, which tells me that the extension is still being treated as an app extension rather than a system extension. When I try to run the extension from my app, I get a log saying "Provider is an app extension and therefore cannot be signed with a Developer ID certificate" I have followed all steps listed here: https://developer.apple.com/forums/thread/125508 I have packet-tunnel-provider-systemextension in the Network Extensions array in the entitlements for both the main app and the extension. I've got Network Extension entitlements on both identifiers and and System Extension on the main app identifier I've created and imported provisioning profiles for both. No errors on either. In the extension's info.plist, I have made sure to set the bundle type to SYSX The product name for my extension matches it's bundle identifier The extension's wrapper extension is systemextension Can anyone think of anything I have missed which would cause Xcode to continue packaging it as an appex rather than a sysex? Or is there possibly somehow something I need to change in the swift code which Xcode will pick up on when packaging? Let me know if you need more info from me. Thanks in advance

In the General system settings panel in Ventura, under Login Items, there are 2 sections: "Add Login Items", and "Login Items Added by Apps". What is this second category, and where can I find more about how to create such login items?

There is no documentation for running, debugging and testing system extensions on iPadOS16. The WWDC 2022 session "Bring your driver to iPad with DriverKit" does not count because (as of beta 2) it is completely unreproducible. This document tells us that to test our system extensions we must disable SIP so it's clearly only for macOS: https://developer.apple.com/documentation/driverkit/debugging_and_testing_system_extensions It would be nice if this document were updated with reproducible instructions for testing system extensions on iPadOS! FB10427776

I struggle to add custom properties to my streams as described in the WWDC22 video https://developer.apple.com/videos/play/wwdc2022/10022/ minute 28:17 The speaker describes using this technique in his CIFilterCam demo (would the source code be available please?) to let the app control which filter the extension should apply. Presumably, there's thus a way to: 1 - define a custom property in the camera extension's stream/device/provider? 2 - be able to use CoreMediaIO (from Swift?) in the app in order to set values of that custom property. This is not documented anywhere I could find. Help and sample code would be greatly appreciated. Thank you. Laurent

I am developing EndpointSecurity on macOS 11.0 Beta 6. What I want to do is, when EndpointSecurity is installed and running, replace it with a new version of EndpointSecurity. Implemented in my EndpointSecurity bundle app OSSystemExtensionReplacementActionReplace is returned inside Request:actionForReplacingExtension:withExtension: method. I checked through NSLog that the Request:actionForReplacingExtension:withExtension: method is called normally. However, if you check the console.app at this time, sysextd crashes. And I checked with the systemextensionsctl list command. A crash in sysextd did not replace the new version of EndpointSecurity. I need your help. sysextd crash logs - https://developer.apple.com/forums/content/attachment/dc54cc07-7a09-4645-ae02-b042405757c3 Also, I have posted the relevant content to the Feedback Assistant. FB8622798 Of course, I also forwarded the information to the Technical Support Incident. 745704790