How host app and system extension communicate with each other?

should I use XPC?

Yes.

You tagged your question with both Endpoint Security and Network Extension, so it’s not clear which one you’re creating. Or perhaps you’re creating both. Regardless, both allow your sysex to publish a named XPC endpoint. With ES it’s via the NSEndpointSecurityMachServiceName, per the EndpointSecurity man page. With NE it’s via NEMachServiceName, which you can see in the NE template.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

and i check the system log: 2024-03-13 17:40:13.468430 +0800 sysextd waiting for external validation of extension with identifier com.a.ExtsLoadTestTool.HNetDataFltExt 2024-03-13 17:40:13.470535 +0800 nesessionmanager Validating system extension com.a.ExtsLoadTestTool.HNetDataFltExt 2024-03-13 17:40:13.517456 +0800 sysextd returning cdhash for local arch arm64 of extension com.a.ExtsLoadTestTool.HNetDataFltExt how to solve this problem?

What are all the logs here? It looks like nesessionmanager is looking at your bundle to evaluate if it's properly structured. Is there any other logs?