I have been updating some NSXPCConnection code in my macOS 26 app (not sandboxed) to use XPCSession and friends instead. And it is working well and the experience has been generally good.
But I have run into a problem when using XPCSession.setPeerRequirement() which I really want to use.
It works well when I use something simple like XPCPeerRequirement.isFromSameTeam() but I want to check some more requirements and also use the code from multiple apps (but same team). That is, I want to check for multiple identifiers and team ID and version (and perhaps also in the future that the certificate is a Developer ID).
And previously I would use SecRequirementCreateWithString with an entitlement string conceptually like this:
var entitlement = "anchor apple generic and ("
entitlement += "identifier idA"
entitlement += " or identifier idB"
entitlement += ")"
entitlement += " and certificate leaf[subject.OU] = TeamID"
entitlement += #" and info [CFBundleShortVersionString] >= "1.0""#
and it works just as it should when creating and using that SecRequirement so I don't think that there is anything particularly wrong with the entitlement.
And I had hoped that I could use the same string with XPCPeerRequirement.hasEntitlement(entitlement) but it doesn't work (I get a general "Peer forbidden" error).
So I think that I don't really understand what sort of entitlement that hasEntitlement() wants. And also I don't really understand the other ways available to create a XPCPeerRequirement. I have also tried to use a XPCDictionary with XPCPeerRequirement(lightweightCodeRequirements:) but I can't get that to work either (and it seems a bit wrong to have to drop down to use e.g. xpc_object_t with new modern API:s).
So my question is: is it possible to create a XPCPeerRequirement with an entitlement like above and, in that case, how? Or is there some other work-around to use XPCSession.setPeerRequirement() with a more complex requirement, e.g. is there a way to combine multiple XPCPeerRequirements into one?
Thank you for reading this.
/Peter