Get token audit for a NSXPCConnection

App & System Services Processes & Concurrency
smaryus OP
Created Oct ’22
Replies 5
Boosts 0
Views 2.2k
Participants 2

Hi,

I have a question regarding securing XPC communication. I'm trying to get on the server side the process audit token for the connecting client.

  1. I've saw NSXPCConnection has a member called auditSessionIdentifier which I saw it is always returning same number for different connections. What does this represent, can it be used to identify the client connecting process?
  2. NSXPCConnection has auditToken, which is what I need, but it is a private property. I would use this, but I'm not sure if this will not result in app being rejected by Apple. Is anyone using it and had the app rejected/accepted?
  3. NSXPCConnection has processIdentifier but this alone it is kind of useless. But I was thinking to combine this with task_extmod_info (detect process changes) and audit token with task_name_for_pid.

Any other suggestions to get the client process audit token based on NSXPCConnection?

Thanks

Answered by DTS Engineer in 731071022

I'm trying to get on the server side the process audit token for the connecting client.

To what end?

Most folks who ask this question are trying to restricted access to their XPC service, and going through the audit token is not the best option for that. See Validating Signature Of XPC Process.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  5
Boosts  0
Views  2.2k
Participants  2
DTS Engineer OP
Apple
Oct ’22
Accepted Answer

I'm trying to get on the server side the process audit token for the connecting client.

To what end?

Most folks who ask this question are trying to restricted access to their XPC service, and going through the audit token is not the best option for that. See Validating Signature Of XPC Process.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
smaryus OP
Oct ’22

Hi,

Yes, thanks that is what I need.

Unfortunately I need from MacOS version 10+, so I'll have to implement SecCodeCreateWithXPCMessage for 11 and up, and the private method for 10.

I was using NSXPCConnection, but so far I didn't saw any way to get to the xpc_object_t (except maybe the private method _xpcConnection). So I'll have to rewrite using C API.

Thanks for your help

0
DTS Engineer OP
Apple
Oct ’22

Are you distributing via the Mac App Store?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
smaryus OP
Oct ’22

Yes, it will be with App Store. That's why I try to avoid private APIs and I'll switch to C API instead of NSXPCConnection.

For version 10, I've found xpc_connection_get_audit_token. If that is not working, I'll find something else to prevent possible rejection.

0
smaryus OP
Oct ’22

Actually I was wrong that part is not distributed on App Store.

0
Get token audit for a NSXPCConnection
First post date Last post date
 
 
Q