How to perform bluetooth advertising from a MAC before login to the MAC

This is not possible. Accessing Bluetooth is protected behind user level TCC (Transparency, Consent, and Control) prompts, which requires the requesting app to be running in a user context.

Therefore is not possible to use Bluetooth from a process without a logged in user.

Your best bet would be to separate the Bluetooth functionality into a user level component, perhaps a user agent, and communicate between your daemon and your process interacting with Bluetooth. If there are specific actions the daemon needs to take, it can delegate them to the user level process.

Thankyou for proving the insights. Can you help me on the below question from what you mentioned

"Therefore is not possible to use Bluetooth from a process without a logged in user. Your best bet would be to separate the Bluetooth functionality into a user level component, perhaps a user agent,"

so, if I create a user agent will I be able to invoke this user agent before login to user session? Because my need is to perform bluetooth advertising before user login (not unlock scenario)

HI Team,

Any update on the above question please.

if I create a user agent will I be able to invoke this user agent before login to user session?

No.

Because my need is to perform bluetooth advertising before user login

There’s no supported way to do this.

My colleague was suggesting that you split the Bluetooth parts of your daemon out into an agent so that the agent can do Bluetooth work on the daemons behalf. The user can then grant the agent the necessary privileges. This approach works for many products that have a daemon that needs to access Bluetooth.

However, it won’t work in the pre-login environment because:

• The only agents that run pre-login are launchd pre-login agents.
• Those run as root, so there’s no way for the user to grant them the required privilege.

I’m presuming that you’re trying to do this as part of your authorisation plug-in feature. If so, there’s no path forward for you currently )-: The user must explicitly grant access to Bluetooth and that’s not possible in the pre-login environment because there is no user yet.

My advice is that you file an enhancement request explaining your situation and requesting that Apple provide a path forward for you. Please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi Quinn,

Thankyou for the update and Yes, I am trying this as part of authorisation plug-in only. As you suggested, I tried separating out the bluetooth advertising from my daemon and invoke the bluetooth agent pre-login and perform advertising.

Can you please help me understand when exactly this daemon gets invoked like is it only after restart or even at logout and login will I be able to invoke agent through daemon (how to control it)?

I am trying this as part of authorisation plug-in only.

Quoting myself here:

There’s no supported way to do this.

and:

My advice is that you file an enhancement request

I can answer your specific questions, but those answers won’t change this conclusion.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

HI Quinn,

When using the above created BLEAdvertising app by adding it to the LaunchDaemon (in logged in session not pre-login), once advertising started when I try to unload the app using "sudo launchctl unload /Library/LaunchDaemons/com.abc.myBLEapp.plist" it is stoping advertising as expected.

But when I try to load again using "sudo launchctl load /Library/LaunchDaemons/com.abc.myBLEapp.plist" it is not starting advertising, to get the advertising I have to perform "sudo pkill bluetoothd". Am I missing anything to get the advertising start again when I load my app through launchctl?

As pkill will kill and restart the bluetooth process, due to this if there are any other ble connected devices they need to get reconnected, so Is using pkill bluethoothd a proper approach?

There is no “proper approach” to this. Using Core Bluetooth outside of a GUI login context is unsupported and will remain unsupported unless there are changes to the way that Core Bluetooth handles authorisation.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"