Hello, is it possible to interact with a nearby device through Bluetooth LE, from the authorization plugin? Currently, I have:
- a plugin bundle, registered with the authorization mechanisms;
- a daemon that I have set up to contain all the business logic
- added the
com.apple.security.device.bluetooth
entitlement to the daemon package, to allow Bluetooth communication; - registered the daemon through
LaunchDaemons
so that it is managed by launchd And I'm using XPC to communicate between the plugin and the daemon.
When I send the request to the daemon to scan for peripherals, I get a TCC error: 0xd5a Error 0x23e5 161 0 tccd: [com.apple.TCC:access] Refusing TCCAccessRequest for service kTCCServiceBluetoothAlways from client Sub:{...} in background session
The above error seems to suggest that I can't grant the bluetooth permission from the daemon itself, is there a recommended way to grant permissions before running it? And if granted, would I be able to utilize the framework successfully from the logon screen?
Other options I have tried:
- Invoking the framework directly from the plugin, which failed. Probably because the Security agent process isn't entitled to communicate via Bluetooth and that it would require changing the host process entitlements plist, which I don't have access to? 🤔
- Attempting to use a launch agent in lieu of a daemon, with proper entitlement, but that didn't work either. Probably because launch agents are loaded after the user has successfully logged in and I was invoking it before? 🤔
- And lastly, I looked into the possibility of utilizing Privacy Preference MDM payload to grant access, but it seems like the MDM options do not include Bluetooth support.
Is there any other way to accomplish this?
Thank you!