My scenario is to develop an app extension for a hardened-only (not sandboxed) application of mine.
This application cannot be sandboxed because it needs to execute shell commands (pdflatex, bash...), or more generally a user-deployed TeX environment.
The "app extension" is a feature I would like to add to my application. But to make it work, the "app extension" must be sandboxed, which is a problem, since there is no entitlement to allow the execution of scripts outside of the sandbox.
So I have a hardened application, hosting a sandboxed "app extension" which currently cannot perform useful work.
My idea was to call an XPC service from the App extension, that XPC service being non-sandboxed, hosted by the same (hardened-only, non sandboxed) application hosting the App extension.
I could succesfully build that, but it does not work.
When I call the service from the hosting app, the XPC service is correctly launched on demand, and perfoms correctly.
When I call the service from the app extension, the XPC service is not even launched, the remote proxy method call is a no-op (but strangely , no errors are raised, neither when connecting to the service, nor when trying to execute the remote method).
I wonder if I misunderstood the way to use XPC to "escape the sandbox". I am doomed, or is there a correct procedure to ultimately call an *external* pdflatex from an app extension ?
This application cannot be sandboxed because it needs to execute shell commands (pdflatex, bash...), or more generally a user-deployed TeX environment.
The "app extension" is a feature I would like to add to my application. But to make it work, the "app extension" must be sandboxed, which is a problem, since there is no entitlement to allow the execution of scripts outside of the sandbox.
So I have a hardened application, hosting a sandboxed "app extension" which currently cannot perform useful work.
My idea was to call an XPC service from the App extension, that XPC service being non-sandboxed, hosted by the same (hardened-only, non sandboxed) application hosting the App extension.
I could succesfully build that, but it does not work.
When I call the service from the hosting app, the XPC service is correctly launched on demand, and perfoms correctly.
When I call the service from the app extension, the XPC service is not even launched, the remote proxy method call is a no-op (but strangely , no errors are raised, neither when connecting to the service, nor when trying to execute the remote method).
I wonder if I misunderstood the way to use XPC to "escape the sandbox". I am doomed, or is there a correct procedure to ultimately call an *external* pdflatex from an app extension ?
As you suggested, I have moved the XPC service to embedd it inside the sandboxed App Extension rather than inside the hardened-only hosting application.
It seems to work : the sandboxed app extension can call the hardened-only service, which can call pdflatex on the shell.
I though that embedding the XPC service inside the sandboxed app extension would somehow sandbox the service itself, but it seems not to be the case.
As far as I understand : fixed.
It seems to work : the sandboxed app extension can call the hardened-only service, which can call pdflatex on the shell.
I though that embedding the XPC service inside the sandboxed app extension would somehow sandbox the service itself, but it seems not to be the case.
As far as I understand : fixed.