I am testing NEURLFilter on macOS using the SimpleURLFilter sample, and I am seeing a failure from neagent while it is saving the local URL prefilter Bloom filter to its mmap file.
The relevant log is:
neagent +[NEBloomFilter mmapToFile:data:dataLength:numberOfBits:numberOfHashes:murmurSeed:tag:]: NEBloomFilter - failed to open mmap file /private/var/db/urlPrefilter/com.apple.networkextension.url-prefilter-data.temp.com.example.apple-samplecode.SimpleURLFilterTC3Q7MAJXF <errno 13 - Permission denied>
neagent <NEAgentURLFilterExtension: 0xc8ce64280>: -[NEAgentURLFilterExtension startURLFilter]_block_invoke - Failed to save first fetch of pre-filter data
Environment:
- macOS: 26.5.1 (25F80)
- Xcode: 26.5 (17F42)
- Platform: macOS
- Signing type: Apple Development (automatically manage signing)
What I am doing:
- Build and run the containing app.
- Save and enable the NEURLFilterManager configuration.
- The URL filter provider starts.
- The provider's prefilter code is reached.
- neagent logs the mmap failure above while trying to open a temporary file under
/private/var/db/urlPrefilter.
Expected result:
neagent should be able to create or open its system-managed URL prefilter cache / mmap file under /private/var/db/urlPrefilter, and the local Bloom filter should be loaded successfully.
Actual result:
neagent fails to open the temporary mmap file with errno 13 Permission denied:
/private/var/db/urlPrefilter/com.apple.networkextension.url-prefilter-data.temp.<bundle/team-specific suffix>
I am not manually creating, modifying, or chmod/chown-ing /private/var/db/urlPrefilter or anything inside it. The directory and its contents are entirely system-managed. The failure appears to happen inside neagent while it is handling the system-managed URL prefilter cache.
The failure occurs at the mmapToFile: step while neagent saves the Bloom filter prefilter data.
Directory state:
drwxr-xr-x 2 root wheel 64 /private/var/db/urlPrefilter
Has anyone else encountered this? Any suggestions on what could cause neagent to fail with errno 13 on its own mmap file under /private/var/db/urlPrefilter?