To gain exclusive access to keyboard HID devices like Amazon Fire Bluetooth remote controls, my app has been installing a privileged helper tool with SMJobBless
in the past. The app - which also has Accessibility permissions - then invoked and communicated with that helper tool through XPC.
Now I'm looking into replacing that with a daemon installed through the newer SMAppService
APIs, but running into a permission problem:
If I try to exclusively open a keyboard HID device from the SMAppService-registered XPC service/daemon (which runs as root as seen in Activity Monitor), IOHIDDeviceOpen
returns kIOReturnNotPermitted
.
I've spent many hours now trying to get it to work, but so far didn't find a solution.
Could it be that XPC services registered as a daemon through SMAppService
do not inherit the TCC permissions from the invoking process (here: Accessibility permissions) - and the exclusive IOHIDDeviceOpen
therefore fails?