At present, we can create an NSXPC listener in a launch agent process which a sandboxed app extension can communicate with via the com.apple.security.temporary-exception.mach-lookup.global-name entitlement.
If I were to pass an NSXPCListener endpoint to this XPC service can the app extension act as a listener for incoming connections from the launch agent process? Will the sandbox impose restrictions on this?
If I were to pass an
NSXPCListenerendpoint to this XPC service can the app extension act as a listener for incoming connections from the launch agent process?
Yes. The App Sandbox checks Mach bootstrap service name lookups. If you can get an endpoint to the remote peer, it can connect to that without having to do a service name lookup and thus the sandbox has no opportunity to block it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
