Launch daemons and launch agents introduce new user privacy protections. Specifying privacy-sensitive files and folders in a launchd property list might not work as expected and prevent the service from running. Having Program or ProgramArguments pointing to an executable in a privacy sensitive location is currently allowed, but may be restricted in a future release. (49702405)
To comply with the new privacy protections, resources for a launchd service must be stored in locations that aren’t privacy sensitive. If necessary, the app can set up resources during its execution rather than using launchd property list keys, making it possible to grant the app access using System Preferences > Security & Privacy > Privacy.
The following launchd property list keys are affected: KeepAlive, PathState, QueueDirectories, Sockets, SockPathName, StandardErrorPath, StandardInPath, StandardOutPath, and WatchPaths.