My application needs to write files to restricted places on the filesystem.
To do so, I use a helper tool that is run as root.

Everything is working correctly, following this example, my helper tool is correctly installed and run. I use this solution to be able to "wake" the helper tool, otherwise it isn't launched more than one time after initial load.

The helper tool is waiting for messages to come from the main application, and executes them correctly. I also have a kind of message that ask the tool to shutdown, which also works correctly.

The problem is that launchd relaunch the tool every time it quits, no matter what keys I specify in the launchd.plist file.
I don't want the helper tool to run forever, waiting for messages, but instead start only on demand.

Question : is it normal that the helper tool is restarted every time it ends ? If not, how to let it die and restart on demand ?

Here is the launchd.plist content :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>KeepAlive</key>
        <dict>
            <key>SuccessfulExit</key>
            <false/>
        </dict>
        <key>RunAtLoad</key>
        <true/>
        <key>Label</key>
        <string>com.mycompany.Helper</string>
        <key>MachServices</key>
            <dict>
                <key>com.mycompany.Helper</key>
                <true/>
            </dict>
     </dict>
</plist>

Of course, I tried various combinations of keys and values, and also various exit status codes for the helper tool. It didn't changed in any way launchd manages the process.

Typing man launchd.plist into Terminal gives you all the options that launchd understands. Among those you can find (emphasis mine):

KeepAlive < boolean or dictionary of stuff >

This optional key is used to control whether your job is to be kept continuously running or to let demand and conditions control the invocation. The default is false and therefore only demand will start the job. The value may be set to true to unconditionally keep the job alive. Alternatively, a dictionary of conditions may be specified to selectively control whether launchd keeps a job alive or not. If multiple keys are provided, launchd ORs them, thus providing maximum flexibility to the job to refine the logic and stall if necessary. If launchd finds no reason to restart the job, it falls back on demand based invocation. Jobs that exit quickly and frequently when configured to be kept alive will be throttled to conserve system resources.

You don't write what your "various combinations of keys and values" were exactly. But from this documentation, if you want a daemon that gets launched on demand, you should simply drop the <key>KeepAlive</key> from your plist or have its value set to <false/> instead of a <dict>...</dict>.