My scenario is to develop an app extension for a hardened-only (not sandboxed) application of mine. This application cannot be sandboxed because it needs to execute shell commands (pdflatex, bash...), or more generally a user-deployed TeX environment. The "app extension" is a feature I would like to add to my application. But to make it work, the "app extension" must be sandboxed, which is a problem, since there is no entitlement to allow the execution of scripts outside of the sandbox. So I have a hardened application, hosting a sandboxed "app extension" which currently cannot perform useful work. My idea was to call an XPC service from the App extension, that XPC service being non-sandboxed, hosted by the same (hardened-only, non sandboxed) application hosting the App extension. I could succesfully build that, but it does not work. When I call the service from the hosting app, the XPC service is correctly launched on demand, and perfoms correctly. When I call the service from the app extension, the XPC service is not even launched, the remote proxy method call is a no-op (but strangely , no errors are raised, neither when connecting to the service, nor when trying to execute the remote method). I wonder if I misunderstood the way to use XPC to "escape the sandbox". I am doomed, or is there a correct procedure to ultimately call an *external* pdflatex from an app extension ?