Verifying clients connecting via NSXPCConnection

Question

Created Nov ’15

Replies 1

Boosts 0

Participants 2

I would like to know the correct way to verify the clients connecting to a launch daeomon using the NSXPCConnection API. Is there a way to validate the codesigning of a client connecting using MachServices?

Boost

Answer 1

DTS Engineer OP

Apple

Nov ’15

NSXPCConnection has various properties that let you learn about the remote process:

```
auditSessionIdentifier
```
```
processIdentifier
```
```
effectiveUserIdentifier
```
```
effectiveGroupIdentifier
```

You can feed

processIdentifier

into the code signing API (

SecCodeCopyGuestWithAttributes

with

kSecGuestAttributePid

) to learn about its code signature.

WARNING Don’t put too much faith in the code signature. Many OS X processes can load unsigned (or differently signed) code within their address space, and so you can’t guarantee that the client code matches the client process’s code signature.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0