Privileged helper with SMAppService

If you want to escalate privileges, you need a daemon. In SMAppService, that means starting with the daemon(plistName:) class function.

See also BSD Privilege Escalation on macOS.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo thanks for reply

Yes, I use daemon. What I did:

1. I took the demo project from https://developer.apple.com/documentation/servicemanagement/updating_your_app_package_installer_to_use_the_new_service_management_api
2. Then redesigned agent to daemon, in daemon code added FileManager.moveitem()
3. Built project, registered daemon, in system settings I checked the authorization state for daemon
4. Ran test command and got error that 'filename' couldn’t be moved because you don’t have permission to access 'dirname'

If I run in terminal sudo mv ... with password prompt I can do this, but how to set privileges to daemon?

Have you checked that you’re actually running as root? A good way to to this is to add this code immediately above your call to FileManager:

assert(getuid() == 0)

In step 2, what URLs are you passing in?

What is the underlying error you got back? EACCES (13)? Or EPERM (1)? This matters, as I explain in On File System Permissions.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

hm, sorry for delayed answer, but now it works fine. I don't know why it didn't work but now is ok