System Extension & App communication

i have basic question .

I need to comunicate data / message between a System Extension and application (this is not the container app for System Extension ).

which IPC mechanism is recommended ?
is socket communication good for the same ?

which IPC mechanism is recommended ?

XPC.

is socket communication good for the same ?

No. While UNIX domain sockets are supported on macOS, and in some circumstances they are the right choice, in most cases you should do IPC using XPC.

How you set this up depends on your sysex type. Are you build an NetworkExtension provider? Or an EndpointSecurity client?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
thank you eskimo .

it is a NetworkExtension .

howz the setting up different in NetworkExtension & EndpointSecurity ?

howz the setting up different in NetworkExtension & EndpointSecurity ?

For NE, declare a Mach service using NEMachServiceName. For ES, you’d use NSEndpointSecurityMachServiceName.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
With default Network Extension Target the NEMachServiceName is already added.
should we just connect from the app to this NEMachServiceName and then start exchanging message.

was just curious whether I create the listener in the app and connect (from client) from the Network Extension. is it a good idea ?

should we just connect from the app to this NEMachServiceName and then start exchanging message.

Yes.

was just curious whether I create the listener in the app and connect (from client) from the Network Extension. is it a good idea ?

No, that’s a really bad idea. The problem is that this is a dependency inversion. In general, apps should call daemons. If you try to do it the other way around, you inevitably run into problems. For example, in a fast user switched environment, with multiple users running your app simultaneously, which one would the daemon connect to?

The XPC APIs are structured to support this model, which is one of the reasons you can’t register an XPC service from within an app.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

Is there something similar for EndpointSecurity?

No. While ES system extension are effectively launchd daemons under the covers, you don’t have direct control over their launchd property list file.

Having said that, setting up the listening socket via the launchd property list file is only relevant if you want to support starting on demand. For an ES sysex, which is always started, there’s no benefit to that, so you could just as easily create your listening socket as your sysex starts up. The only gotcha is that, if the client starts up before you, it won’t wait for you to start, so you’ll need some retry logic on the client side.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

System Extension & App communication
 
 
Q