Hi all! I'm writing an enpoint security daemon, which is packed in an application bundle with embedded.provisionfile in its Contents folder.
This daemon can be successfully loaded and started with launchctl on Big Sur with SIP disabled, but fails to run when SIP is enabled. The os log from kernel contains the following messages:
(Sandbox) sandboxd rejected approval request from esservice for kTCCServiceSystemPolicyAllFiles(null): denied
(EndpointSecurity) Task has not been granted user permission to connect
Could anybody please explain me what could be the reason for this kind of messages? Is it a sign that something wrong with my provision profile file or something else?
Thanks in advance, Aleksandr
Hmm, it looks like my daemon needs Full Disk Access, because it runs successfully, if I allow it Full Disk Access in System Preferences. The question is why the app, which is a wrapper around endpoint service daemon, requires that access? And how does the system know it needs it?