I'm working on an XPC server and need to determine the owner of the client process that connects to it. Specifically, I'd like to retrieve details such as the fully qualified user name or other identifying information from the XPC client connection.I'm considering using xpc_connection_get_pid() to get the client’s process ID, but I’m unsure of the best way to map this to the user who owns the process.
Is there a recommended API or approach to capture this information securely?
I have a bunch of links to docs and forums posts in XPC Resources. I recommend that you keep that handy.
As to your current question, don’t use xpc_connection_get_pid. Like all pid-based APIs, it’s subject to pid wrap attacks.
In general you should prefer audit token APIs (audit_token_t). However, there’s no API to get an audit token from an XPC connection for… well… reasons [1].
Fortunately, in this case you can get user information directly from an XPC connection using xpc_connection_get_euid. However, note this doc comment:
The EUID of the remote peer at the time the connection was made.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] The fundamental issue here is that audit token travel via Mach messages. XPC is based on Mach messaging, but there isn’t a direct mapping between a Mach message and an XPC connection. That’s why it took us so long to get setCodeSigningRequirement: and friends, as discussed in this post.