Greetings! I want to add my pre-compiled binary of v2ray to my application so I can activate it in background as a proxy and run stuff through it.
I've codesigned it via: codesign -s - -i production.myproject.v2ray -o runtime --entitlements v2ray.entitlements -f v2ray
Contents of entitlements file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
</dict>
</plist>
Originally I ran it like this without sandboxing from my main target app:
guard let v2rayPath = Bundle.main.path(forResource: "v2ray", ofType: nil) else {
throw NSError(domain: "ProxyController", code: 1, userInfo: [NSLocalizedDescriptionKey: "V2Ray binary not found in bundle"])
}
let task = Process()
task.executableURL = URL(fileURLWithPath: v2rayPath)
task.arguments = ["-config", configURL.path]
// Redirect output for debugging
let pipe = Pipe()
task.standardOutput = pipe
task.standardError = pipe```
And it ran flawlessly. Now it refuses to start. Any help, pointers or examples of such usage will be greatly appreciated
I talk about this in Resolving App Sandbox Inheritance Problems, part of my Resolving Trusted Execution Problems series. In short, you want this tool to inherit its sandbox from your app, and thus you need to sign it with just com.apple.security.app-sandbox and com.apple.security.inherit.
If you’re using Xcode to build your main app, see the Embed an externally built tool section of Embedding a command-line tool in a sandboxed app for advice on how to set that up.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"