According to Apple's development documentation, if I want to install an Endpoint Security system extension, I need to develop a host app that must be installed in the Applications directory.
Now, I want to create an ES extension to protect users from accessing certain folders. However, I don't want a custom app to pop up asking the user to allow the installation of the ES extension. (To clarify, it's fine if the system authorization request dialog pops up, but I don't want the host app's UI to appear.)
Is there any way to do this?
There are two supported ways to package an ES client:
- A system extension embedded in an app installed in Applications
- A
launchddaemon
In the system extension case, you install your sysex using System Extensions framework. That framework was designed to be use by a GUI app in response to user actions. Trying to hide that process from the user doesn’t end well.
If you’re not happy with that constraint it’s fine to package your ES client as a launchd daemon, and then install it via an installer package, using SMAppService, or any other privilege escalation path that takes your fance.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"