File sharing between app and it's system extension

App & System Services Drivers
appledeveloper12 OP
Created Jan ’23
Replies 1
Boosts 2
Views 1.1k
Participants 2

We want our system extension to generate some files, and the container app to read those files.

  1. We tried using app group like this:

Configuring an app group (group.com.awesomecompany.app) in both the app and system extension

FileManager.containerURL(forSecurityApplicationGroupIdentifier: "group.com.awesomecompany.app")

For the system extension, this method returns path like this: /private/var/root/Library/Group Containers/group.com.awesomecompany.app

For the container app, this method returns a path like this: /Users/username/Library/Group Containers/group.com.awesomecompany.app

So even if system extension writes a file in that path, the container app cannot access it, because app cannot read files inside /private/var/root

  1. We tried asking the extension to write files in user's home directory.

Although the app extension runs as 'root', but it does not seem to have the permission to write files inside ~/SomeFolder or ~/Library/Group Containers/group.com.awesomecompany.app

What would be the correct way for the container app to read files generated by the system extension?

Replies  1
Boosts  2
Views  1.1k
Participants  2
DTS Engineer OP
Apple
Jan ’23

We tried using app group

Right. App group containers are per-user, and your sysex runs as root.

We tried asking the extension to write files in user's home directory.

Right. Getting that to work is quite tricky.

My preferred mechanism for this is IPC:

  1. The sysex creates a file in a directory under its control.

  2. It opens a read-only file descriptor for that.

  3. It uses IPC, typically XPC, to return that to the app.

  4. The app can then happily read the file.

This is nice because:

  • It entirely removes you from the business of file system permissions.

  • It protects the privileged code from any malarkey done by the non-privileged code.

However, it doesn’t work in all circumstances, usually related to the number of files you want to share or because the client needs a file system path for the file (because it passes that to a lower-level abstraction that requires a path). If that’s the case here, please clarify your specific requirements.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
File sharing between app and it's system extension
First post date Last post date
 
 
Q