The macOS entitlements granting process is a disaster. No feedback, frequent mistakes in whatâs granted, nonsense requests (canât link to app if canât release app w/o entitlement), extremely slow (4-6 weeks turnaround in idea case), & some developers clearly favoured over others. https://twitter.com/thomasareed/status/1330883486773768192">https://twitter.com/thomasare...
                        
                            
                            
                            
                        
                        
                        
                        
                                                
                    
                    
                                    
                    
                        
                        
                        I& #39;ve not attempted to obtain EndpointSecurity entitlements, but I& #39;ve been through the rigamarole of requesting DriverKit entitlements for clients a bunch of times now, and the form at
https://developer.apple.com/contact/request/system-extension/
doesn& #39;t">https://developer.apple.com/contact/r... make it clear at all what you have to be explicit about.
                    
                                    
                    https://developer.apple.com/contact/request/system-extension/
doesn& #39;t">https://developer.apple.com/contact/r... make it clear at all what you have to be explicit about.
                        
                        
                        So if you& #39;re filling it out for the first time and by some miracle, you are granted what you technically asked for, you& #39;re very likely to be in for a nasty surprise. It seems that by default you& #39;re only granted the development entitlement, which isn& #39;t much good to anyone.
                        
                        
                        
                        
                                                
                    
                    
                                    
                    
                        
                        
                        So then you have to apply again and ask for the distribution entitlement in the free-form text field, and wait another 4-6 weeks.
Chances are you& #39;ll also want user space apps & tools to access your driver. You have to apply for that specially via free-form request too, etc.
                    
                                    
                    Chances are you& #39;ll also want user space apps & tools to access your driver. You have to apply for that specially via free-form request too, etc.
                        
                        
                        Obviously by now I& #39;m basically an expert at asking for DriverKit entitlements, but it& #39;s ridiculous that "filling out a form on Apple& #39;s developer website" is a consulting service I should even need to offer.
                        
                        
                        
                        
                                                
                    
                    
                                    
                    
                        
                        
                        Iâll finish up this thread by clarifying that Iâve reported these issues to Apple - probably about 6 months ago. I canât see any changes so far yet; draw your own conclusions.
Plus, a few bits of actionable advice for developers:
                    
                                    
                    Plus, a few bits of actionable advice for developers:
                        
                        
                        1) Apply for the entitlements you will need and wait to receive them before you start coding. Seriously, if you aren& #39;t granted them, your only recourse is to expect your users to turn off SIP. In other words, you will have wasted your efforts if the oracle denies your request.
                        
                        
                        
                        
                                                
                    
                    
                
                 
                         Read on Twitter
Read on Twitter 
                                     
                                    