ES SystemExtension can't connect to XPC Service hosted outside

Question

Created Oct ’20

Replies 1

Boosts 0

Participants 2

I am building a SystemExtension with Endpoint Security API's. It runs as a client and needs to talk to XPC service hosted by an agent. I find the SystemExtension is unable to connect to any XPC service hosted outside of it. The listener function never gets called, and the connection fails while getting the remoteObjectProxy.

The agent creates the XPC listener as follows:

Code Block let delegate = ServiceDelegateAgent()
let listener = NSXPCListener(machServiceName: "com.xxxx.extension.agent.xpc" )
listener.delegate = delegate;
listener.resume()
class ServiceDelegateAgent : NSObject, NSXPCListenerDelegate {
    func listener(_ listener: NSXPCListener, shouldAcceptNewConnection newConnection: NSXPCConnection) -> Bool {
        newConnection.exportedInterface = NSXPCInterface(with: AgentXPCProtocol.self)
        newConnection.exportedObject = AgentXPC()
        newConnection.resume()
        return true
    }
}

The SystemExtension uses the following pseudo code to establish the connection with com.xxxx.extension.agent.xpc but fails to do so:

Code Block let connection = NSXPCConnection(machServiceName: "com.xxxx.extension.agent.xpc")
connection.remoteObjectInterface = NSXPCInterface(with: AgentXPCProtocol.self)
connection.resume()
let service = connection.remoteObjectProxyWithErrorHandler { error in
    NSLog("Failed to connect: \(error)")
} as? AgentXPCProtocol

I can successfully establish a connection where the XPC service is hosted inside the SystemExtension, and agent connects to it to get the ES events.

Could you let me know how I can get the SystemExtension connect to the XPC service hosted outside of it? Is there limitations on how it can talk to agent outside of it?

Boost

Answer 1

DTS Engineer OP

Apple

Oct ’20

I am building a SystemExtension with Endpoint Security API's. It runs
as a client and needs to talk to XPC service hosted by an agent.

This doesn’t make sense architecturally. An sysex is effective a launchd daemon, and hence runs in the global context. An agent, by definition, runs in some login context. You can’t have global context code connecting to a login context service because there’s no way for the system to know which login context to target.

To learn more about this, see Technote 2083 Daemons and Agents. I haven’t updated it in years, but it covers a lot of really important basics.

I can successfully establish a connection where the XPC service is
hosted inside the SystemExtension, and agent connects to it to get the
ES events.

Right, and this makes perfect sense because the service provided by your ES sysex exists in the global context and login context code can always connect ‘down’ to a global context service [1].

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

[1] Unless it’s blocked by the App Sandbox.

0