Local Network permission prompt for daemon on macOS 15

App & System Services Networking
swethach OP
Created 2w
Replies 4
Boosts 1
Views 309
Participants 2

Hi Team,

OS is prompting for local network permission for our application which runs as root level daemon.

As per the our analysis, it looks like it is prompting from our own library which is trying to get network info ' using /usr/sbin/system_profiler with "-xml -detailLevel basic SPNetworkDataType" and then trying to iterate to find DNS.ServerAddresses for each item. Then using [NSHost hostWithAddress:IPAddress];(When this library is not linked to the app then there is no prompt, so most likely this is the code that is resulting in the prompt).

Is this expected ? . Is there any other way that we can get DNS host name without being prompted for local network permission on mac OS 15

Answered by DTS Engineer in 804106022

I suspect that you’re triggering a known bug in the interaction between local network privacy and DNS (r. 133953401). In theory, a launchd daemon running as root should always be allowed to use the local network. In practice, there’s a bug in the DNS infrastructure that means that it can be blocked )-:

I can’t see any workaround for this. All I can say is:

  • This is not fixed in the current macOS 15.1b4 beta seed.

  • As alway, you should test with macOS beta releases as we seed them.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  4
Boosts  1
Views  309
Participants  2
DTS Engineer OP
Apple
2w

In general, a daemon should be exempt from local network privacy checks. Before I sent you off to file a bug, I want to confirm one thing. You wrote:

root level daemon.

How is this daemon started? As a launchd daemon? With a property list in /Library/LaunchDaemons? Or something else?

Also, please make sure you’re testing on the macOS 15.0 release. macOS 15 had some late changes in this space. I think all the changes were in the release candidate, but it’s best to test with the release version now that it’s available.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
swethach OP
2w

It is with a property list in /Library/LaunchDaemons, We are seeing the alert on macOS 15.0 (24A335) also.

0
swethach OP
2w

It is with a property list in /Library/LaunchDaemons and during installation post install script, it is launched using below command. (In actual instead of APP, company it is the name of the app and company , just modified to paste it here) sudo /bin/bash -c "(/bin/sleep 5; $log 'Launching the APP!!!’; /bin/launchctl load -F /Library/LaunchDaemons/com.company.APP.launchdaemon.plist | $log; $log 'Finished launching the APP’) &". I have removed the dylib with reference to NSHOST, now it prompts from the code that uses websockets library(which communicates over localhost/127.0.0.0) . Is this expected? We are seeing the alert on macOS 15.0 (24A335) also.

0
DTS Engineer OP
Apple
2w
Recommended

I suspect that you’re triggering a known bug in the interaction between local network privacy and DNS (r. 133953401). In theory, a launchd daemon running as root should always be allowed to use the local network. In practice, there’s a bug in the DNS infrastructure that means that it can be blocked )-:

I can’t see any workaround for this. All I can say is:

  • This is not fixed in the current macOS 15.1b4 beta seed.

  • As alway, you should test with macOS beta releases as we seed them.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Local Network permission prompt for daemon on macOS 15
First post date Last post date
 
 
Q