Launch XPC service from plug-in in a sandboxed app

Hi!


I have a CoreMediaIO DAL Plug-in, and it often has to work in a sandboxed environment, since more and more containing applications are sandboxed nowadays: QuickTime, FaceTime, PhotoBooth, Safari WebProcess, etc. So since my plug-in is sandboxed, I decided to separate some functionality to an XPC service, as suggested by Apple:


"In rare cases, your app might have a small piece of functionality that cannot be sandboxed. Rather than abandon App Sandbox altogether, you might relegate the ineligible code to an XPC service that is not sandboxed. It is easier to secure a smaller piece of code than a larger one, and in this way, the bulk of your app enjoys the benefits of App Sandbox."


So I created XPC Service, placed it into my plug-in bundle, inside XPCServices folder, and signed service and entire bundle with codesign.

Now the problem is that my XPC Service seems to be blocked by macOS and naturally no XPC connection is established between plug-in and service. Right when plug-in is loaded into app, the following message appears in console:


16/08/18 11:27:22,747 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.QuickTime Player.4316) Path not allowed in target domain: type = pid, path = /Library/CoreMediaIO/Plug-Ins/DAL/MyVideoDeviceCMIO.plugin/Contents/XPCServices/MyVideoDeviceXPCService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/QuickTime Player.app


Then, when I call


xpc_connection_t conn = xpc_connection_create("com.MyCompany.VideoDevice.xpc", NULL);


the following error appears:


16/08/18 11:27:24,585 com.apple.appkit.xpc.openAndSavePanelService[4318] assertion failed: 15E65: libxpc.dylib + 78986 [2CC7CF36-66D4-301B-A6D8-EBAE7405B008]: 0x89


Btw, if app is not sandboxed (e.g. Skype), my XPC Service works as expected, no errors appear in Console. It works even when plug-in bundle doesn't have code signature. The problem is only for sandboxed applications, i.e. apps that have .entitlements file embedded in code signature, with the following lines:


<key>com.apple.security.app-sandbox</key>

<true/>


So what am I doing wrong?

Up vote post of kdg82 Down vote post of kdg82
4.6k views
Posted by
kdg82
Reply
Add a Comment

Replies

I’m going to recommend that you open a DTS tech support incident about this. I have a good idea what’s going on here at the XPC level, but that’s only half the story. I need to consult with some colleagues to understand the CoreMediaIO plug-in side of things, and that’s not easy in the context of DevForums.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thank you for the reply!


I already have a ticket submitted to TS regarding possibilities for CoreMediaIO plug-in in a sandboxed apps (Case ID: 696701613). I'm currently waiting for an answer. XPC solution is something I decided to try on my own. If I get no help with my current ticket, I'll submit a new one specifically about XPC service for CoreMediaIO plug-in.

In the mean time, if you have a good understanding of what's going on at the XPC level, can you please explain what do these error messages mean:

- "Path not allowed in target domain"

- "error = 147: The specified service did not ship in the requestor's bundle"

?

Posted by
kdg82
Up vote reply of kdg82 Down vote reply of kdg82
Add a Comment

I already have a ticket submitted to TS regarding possibilities for CoreMediaIO plug-in in a sandboxed apps (Case ID: 696701613).

Awesome. That’s been picked up by one of my colleagues and I’ll let them respond via that formal channel.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

What ended up being the solution to this problem?

Posted by
lagnat
Up vote reply of lagnat Down vote reply of lagnat
Add a Comment

I can’t talk about other developer’s TSIs here on forums, so I’m hoping that kdg82 will respond here.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
As there is no apparent solution, yet, I also filed a bug as radr://FB8183080
Posted by
dognotdog
Up vote reply of dognotdog Down vote reply of dognotdog
Add a Comment
While not using XPC, The code in the following repo demonstrates how to communicate between a DAL plugin and a user space application. The code uses Foundation's distributed objects and it is very straightforward and easy to understand.

Edit: Oh, I missed the part which says that distributed objects is deprecated :(
Posted by
artium
Up vote reply of artium Down vote reply of artium
Add a Comment

distributed objects is deprecated

Not just deprecated but deprecated because it’s actively toxic. Don’t go there!

If you need to do something like this, try CFMessagePort. It’s not something I generally recommend — what I generally recommend is XPC! — but it’s still a lot better than DO.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Hello,

I am also interested in XPC communication between DAL and its helper application. What is the solution? Is there anything you can share here or do I need to open a DTS incident?

Thank you
Posted by
wehrkwhkerwrwe
Up vote reply of wehrkwhkerwrwe Down vote reply of wehrkwhkerwrwe
Add a Comment