Get token audit for a NSXPCConnection

Hi,

I have a question regarding securing XPC communication. I'm trying to get on the server side the process audit token for the connecting client.

  1. I've saw NSXPCConnection has a member called auditSessionIdentifier which I saw it is always returning same number for different connections. What does this represent, can it be used to identify the client connecting process?
  2. NSXPCConnection has auditToken, which is what I need, but it is a private property. I would use this, but I'm not sure if this will not result in app being rejected by Apple. Is anyone using it and had the app rejected/accepted?
  3. NSXPCConnection has processIdentifier but this alone it is kind of useless. But I was thinking to combine this with task_extmod_info (detect process changes) and audit token with task_name_for_pid.

Any other suggestions to get the client process audit token based on NSXPCConnection?

Thanks

Answered by DTS Engineer in 731071022

I'm trying to get on the server side the process audit token for the connecting client.

To what end?

Most folks who ask this question are trying to restricted access to their XPC service, and going through the audit token is not the best option for that. See Validating Signature Of XPC Process.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

I'm trying to get on the server side the process audit token for the connecting client.

To what end?

Most folks who ask this question are trying to restricted access to their XPC service, and going through the audit token is not the best option for that. See Validating Signature Of XPC Process.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi,

Yes, thanks that is what I need.

Unfortunately I need from MacOS version 10+, so I'll have to implement SecCodeCreateWithXPCMessage for 11 and up, and the private method for 10.

I was using NSXPCConnection, but so far I didn't saw any way to get to the xpc_object_t (except maybe the private method _xpcConnection). So I'll have to rewrite using C API.

Thanks for your help

Are you distributing via the Mac App Store?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Yes, it will be with App Store. That's why I try to avoid private APIs and I'll switch to C API instead of NSXPCConnection.

For version 10, I've found xpc_connection_get_audit_token. If that is not working, I'll find something else to prevent possible rejection.

Actually I was wrong that part is not distributed on App Store.

Get token audit for a NSXPCConnection
 
 
Q