As you suggested, I have moved the XPC service to embedd it inside the sandboxed App Extension rather than inside the hardened-only hosting application.
It seems to work : the sandboxed app extension can call the hardened-only service, which can call pdflatex on the shell.
I though that embedding the XPC service inside the sandboxed app extension would somehow sandbox the service itself, but it seems not to be the case.
As far as I understand : fixed.
chacha21
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for