SMJobBless will add your work to the startup system. See the SMJobBless code example for this.
http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html
However, the whole purpose of launchd is to control how and when tasks are started, and by default (in the code example) there is no actual specification of when the task should be launched, so the work will never actually start.
Nathan de Vries wrote a very good article and sample code for using SBJobBless and communicating with a privileged job using XPC. One of the factors affecting the import, of course, is that the action associated with trying to contact the launch service will actually launch the launch, so this will solve your problem.
http://atnan.com/blog/2012/02/29/modern-privileged-helper-tools-using-smjobbless-plus-xpc/
And to answer your question, SMJobSubmit can execute a privileged helper. It took me a long time, but the difference between the two is that SMJobSubmit will allow you to run the executable file with privileges by running, while SMJobBless will constantly add LaunchDaemon. The installed SMJobBless executable will remain blessed, while SMJobSubmit will require you to re-authenticate each time.
Please note that in both cases you must SMJobRemove the previous one to make sure that the new version is used.
So, I think you need either:
- SMJobRemove, SMJobSubmit every time the application starts, each time asking the user for authentication. Use the RunAtLoad property in the dictionary that you created to run the assistant immediately.
OR
- Use Nathan code, connect to XPC, ask for its version number, if you don’t update it, close it, then run SMJobRemove, SMJobBless new version, then plug in XPC and ask it to install your kext. Thus, the user must authenticate only for any new version.