Launch XPC service from plug-in in a sandboxed app

Question

kdg82 OP

Created Aug ’18

Replies 9

Boosts 0

Views 5.0k

Participants 6

Hi!

I have a CoreMediaIO DAL Plug-in, and it often has to work in a sandboxed environment, since more and more containing applications are sandboxed nowadays: QuickTime, FaceTime, PhotoBooth, Safari WebProcess, etc. So since my plug-in is sandboxed, I decided to separate some functionality to an XPC service, as suggested by Apple:

"In rare cases, your app might have a small piece of functionality that cannot be sandboxed. Rather than abandon App Sandbox altogether, you might relegate the ineligible code to an XPC service that is not sandboxed. It is easier to secure a smaller piece of code than a larger one, and in this way, the bulk of your app enjoys the benefits of App Sandbox."

So I created XPC Service, placed it into my plug-in bundle, inside XPCServices folder, and signed service and entire bundle with codesign.

Now the problem is that my XPC Service seems to be blocked by macOS and naturally no XPC connection is established between plug-in and service. Right when plug-in is loaded into app, the following message appears in console:

16/08/18 11:27:22,747 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.QuickTime Player.4316) Path not allowed in target domain: type = pid, path = /Library/CoreMediaIO/Plug-Ins/DAL/MyVideoDeviceCMIO.plugin/Contents/XPCServices/MyVideoDeviceXPCService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/QuickTime Player.app

Then, when I call

xpc_connection_t conn = xpc_connection_create("com.MyCompany.VideoDevice.xpc", NULL);

the following error appears:

16/08/18 11:27:24,585 com.apple.appkit.xpc.openAndSavePanelService[4318] assertion failed: 15E65: libxpc.dylib + 78986 [2CC7CF36-66D4-301B-A6D8-EBAE7405B008]: 0x89

Btw, if app is not sandboxed (e.g. Skype), my XPC Service works as expected, no errors appear in Console. It works even when plug-in bundle doesn't have code signature. The problem is only for sandboxed applications, i.e. apps that have .entitlements file embedded in code signature, with the following lines:

<key>com.apple.security.app-sandbox</key>

<true/>

So what am I doing wrong?

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’18

I’m going to recommend that you open a DTS tech support incident about this. I have a good idea what’s going on here at the XPC level, but that’s only half the story. I need to consult with some colleagues to understand the CoreMediaIO plug-in side of things, and that’s not easy in the context of DevForums.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

kdg82 OP

Aug ’18

Thank you for the reply!

I already have a ticket submitted to TS regarding possibilities for CoreMediaIO plug-in in a sandboxed apps (Case ID: 696701613). I'm currently waiting for an answer. XPC solution is something I decided to try on my own. If I get no help with my current ticket, I'll submit a new one specifically about XPC service for CoreMediaIO plug-in.

In the mean time, if you have a good understanding of what's going on at the XPC level, can you please explain what do these error messages mean:

- "Path not allowed in target domain"

- "error = 147: The specified service did not ship in the requestor's bundle"

?

0

Answer 3

DTS Engineer OP

Apple

Aug ’18

I already have a ticket submitted to TS regarding possibilities for CoreMediaIO plug-in in a sandboxed apps (Case ID: 696701613).

Awesome. That’s been picked up by one of my colleagues and I’ll let them respond via that formal channel.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 4

lagnat OP

Dec ’18

What ended up being the solution to this problem?

0

Answer 5

DTS Engineer OP

Apple

Jan ’19

I can’t talk about other developer’s TSIs here on forums, so I’m hoping that kdg82 will respond here.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 6

dognotdog OP

Jul ’20

As there is no apparent solution, yet, I also filed a bug as radr://FB8183080

0

Answer 7

artium OP

Sep ’20

While not using XPC, The code in the following repo demonstrates how to communicate between a DAL plugin and a user space application. The code uses Foundation's distributed objects and it is very straightforward and easy to understand.

Edit: Oh, I missed the part which says that distributed objects is deprecated :(

0

Answer 8

DTS Engineer OP

Apple

Sep ’20

distributed objects is deprecated

Not just deprecated but deprecated because it’s actively toxic. Don’t go there!

If you need to do something like this, try CFMessagePort. It’s not something I generally recommend — what I generally recommend is XPC! — but it’s still a lot better than DO.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 9

wehrkwhkerwrwe OP

Nov ’20

Hello,

I am also interested in XPC communication between DAL and its helper application. What is the solution? Is there anything you can share here or do I need to open a DTS incident?

Thank you

0