Get token audit for a NSXPCConnection

Hi,

I have a question regarding securing XPC communication. I'm trying to get on the server side the process audit token for the connecting client.

  1. I've saw NSXPCConnection has a member called auditSessionIdentifier which I saw it is always returning same number for different connections. What does this represent, can it be used to identify the client connecting process?
  2. NSXPCConnection has auditToken, which is what I need, but it is a private property. I would use this, but I'm not sure if this will not result in app being rejected by Apple. Is anyone using it and had the app rejected/accepted?
  3. NSXPCConnection has processIdentifier but this alone it is kind of useless. But I was thinking to combine this with task_extmod_info (detect process changes) and audit token with task_name_for_pid.

Any other suggestions to get the client process audit token based on NSXPCConnection?

Thanks

Up vote post of smaryus Down vote post of smaryus
1.6k views
Posted by
smaryus
Reply
Add a Comment

Accepted Reply

I'm trying to get on the server side the process audit token for the connecting client.

To what end?

Most folks who ask this question are trying to restricted access to their XPC service, and going through the audit token is not the best option for that. See Validating Signature Of XPC Process.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

I'm trying to get on the server side the process audit token for the connecting client.

To what end?

Most folks who ask this question are trying to restricted access to their XPC service, and going through the audit token is not the best option for that. See Validating Signature Of XPC Process.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Hi,

Yes, thanks that is what I need.

Unfortunately I need from MacOS version 10+, so I'll have to implement SecCodeCreateWithXPCMessage for 11 and up, and the private method for 10.

I was using NSXPCConnection, but so far I didn't saw any way to get to the xpc_object_t (except maybe the private method _xpcConnection). So I'll have to rewrite using C API.

Thanks for your help

Posted by
smaryus
Up vote reply of smaryus Down vote reply of smaryus
Add a Comment

Are you distributing via the Mac App Store?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Yes, it will be with App Store. That's why I try to avoid private APIs and I'll switch to C API instead of NSXPCConnection.

For version 10, I've found xpc_connection_get_audit_token. If that is not working, I'll find something else to prevent possible rejection.

Posted by
smaryus
Up vote reply of smaryus Down vote reply of smaryus
Add a Comment

Actually I was wrong that part is not distributed on App Store.

Posted by
smaryus
Up vote reply of smaryus Down vote reply of smaryus
Add a Comment