Hi all,
We have received our Endpoint Security Client entitlement for our application from Apple.
However, upon applying and integrating to our endpoint app, we encountered the following error during execution in Big Sur beta:
Test Environment:
macOS Big Sur 11.0.1 Beta (SIP->ON)
System Log Error:
ASP: Security policy would not allow process: 1199, /Library/Application Support/test/bin/FamRTServicebig
/Library/Application Support/test/bin/FamRTServicebig signature not valid: -67050
Application (FamRTServicebig) Entitlements Config:
Executable=/Library/Application Support/test/bin/FamRTServicebig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.developer.endpoint-security.client</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<false/>
<key>com.apple.security.application-groups</key>
<array>
<string>realtime.scan</string>
</array>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>/</string>
</array>
<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<array>
<string>/</string>
</array>
</dict>
</plist>
FamRTServicebig codesign options:
codesign --force --options runtime --deep --sign <cert> --entitlement /Path/FamRTService.entitlements /Path/FamRTServicebig
Questions:
By the way, when SIP is disabled, the program can run normally.
We have signed all our binaries with the same teamid.
What are the possible reasons which may have caused this problem?
Thanks in advance for your help.
We have received our Endpoint Security Client entitlement for our application from Apple.
However, upon applying and integrating to our endpoint app, we encountered the following error during execution in Big Sur beta:
Test Environment:
macOS Big Sur 11.0.1 Beta (SIP->ON)
System Log Error:
ASP: Security policy would not allow process: 1199, /Library/Application Support/test/bin/FamRTServicebig
/Library/Application Support/test/bin/FamRTServicebig signature not valid: -67050
Application (FamRTServicebig) Entitlements Config:
Executable=/Library/Application Support/test/bin/FamRTServicebig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.developer.endpoint-security.client</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<false/>
<key>com.apple.security.application-groups</key>
<array>
<string>realtime.scan</string>
</array>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>/</string>
</array>
<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<array>
<string>/</string>
</array>
</dict>
</plist>
FamRTServicebig codesign options:
codesign --force --options runtime --deep --sign <cert> --entitlement /Path/FamRTService.entitlements /Path/FamRTServicebig
Questions:
By the way, when SIP is disabled, the program can run normally.
We have signed all our binaries with the same teamid.
What are the possible reasons which may have caused this problem?
Thanks in advance for your help.