Hello,
I have sandboxed mac app which is launching a helper app. The main app has sandbox enabled and has get-task-allow entitlement. From main app I launch[1] a helper which is an application bundle located in Contents/Helpers of the main bundle. The helper has sandbox enabled and com.apple.security.inherit entitlement.
Currently I have a problem attaching debugger to helper process or getting access to location services from it (but that's probably different issue). I checked the responsible process and it seems to set up to correct PID of the main application.
The Xcode is reporting "Not allowed to attach to process" error and I see the same in the log:
macOSTaskPolicy: (com.apple.debugserver) may not get the task control port of (com.****) (pid: 31628): (com.****) is hardened, (com.****) doesn't have get-task-allow, (com.apple.debugserver) is a declared debugger(com.apple.debugserver) is not a declared read-only debugger
To add a more of the context what I'm trying to achieve is that we run certain parts of our app in separate child processes so we can restart then if anything goes wrong [2].
So I have few questions:
- Do I need to launch the helper (child) process a particular way to be able to attach debugger to it?
- Is there a tool to inspect sandboxes (rules applied and the inheritance)?
- Do I really need to explicitly enable sandboxing and inheritance on the helper app, doesn't it run in the parent' s sandbox anyway?
Thank you.
- [1] We use boost::child_process for launching the helper, which is using
popen
behind the scene, but I have the same experience with NSTask. - [2] I know that's what XPCServices are for but don't ask :-)