I wrote a daemon that is launched from the following plist in /Library/LaunchDaemons:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.mycompany.daemon.xpc</key>
<true/>
</dict>
<key>Label</key>
<string>com.mycompany.daemon</string>
<key>Program</key>
<string>/Applications/MyApp.app/Contents/MacOS/MyDaemon</string>
<key>AssociatedBundleIdentifiers</key>
<string>com.mycompany.myapp</string>
<key>SpawnConstraint</key>
<dict>
<key>team-identifier</key>
<string>XXXXXXXXX</string>
<key>signing-identifier</key>
<string>com.mycompany.myapp</string>
</dict>
</dict>
</plist>
No I want to make sure the daemon can only be launched via xpc by MyApp and I embedded the following responsible process plist into the daemon:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>team-identifier</key>
<string>XXXXXXXXX</string>
<key>signing-identifier</key>
<string>com.mycompany.myapp</string>
</dict>
</plist>
But as soon as the plist is embedded, macOS refuses to launch the daemon because of a launch constraint violation. As I read in the documentation, the process opening and xpc connection is the responsible process. So what I am doing wrong?
Thanks.
As I read in the documentation, the process opening and xpc connection is the responsible process.
Really? Can you point me at the docs that suggest that?
One thing to watch out for is that you’re creating a daemon, and it doesn’t make sense for the process that opened the XPC connection to be the responsible process for a daemon because a daemon can service many clients.
If you’re building a daemon, use the techniques from this post to authenticate clients.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"