On macOS 15.7.1 I'm trying to install an XPC service outside the app (Developer ID). It mostly seems to go ok, but when I set Launch Constraints on Responsible, AMFI complains of a violation, saying the service is responsible for itself, and fails to launch. Removing that constraint (or adding the service itself to the constraint) works fine.
The service is an optional download, and installed to /Users/Shared with a LaunchAgent specifying the MachService. The service is correctly launched and seems to pass all codesigning, notarization, and other checks, but the Responsible isn't set to the "calling" app.
Is this broken, or working as intended?
I want to start by being clear about terminology. An XPC service is a bundled executable with the .xpc extension. For third-party developers, we only support XPC services that are bundled within the app [1]. You can’t install them elsewhere on the system.
It seems like you’re creating a launchd agent which vends a named XPC endpoint via the MachServices property.
I think this distinction is relevant here. The responsibility constraint doc specifically mention an “XPC service”, and I think it means what it says, meaning that responsibility constraints don’t apply to launchd daemons and agents.
If you’re looking to constrain what process can connect to your named XPC endpoint, check out the Validating Signature Of XPC Process link in XPC Resources.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Well, the story here is a little muddled, because XPC services can be embedded in a framework. The system makes a lot of use of that feature, and I think that’ll work for third-party developers as well, although I’m not sure if we officially support it.
