Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CFMessagePort and sandboxing

I am adapting a MacOS application to use sandboxing. It uses a helper application (an exe in the same bundle) that fails when I try calling CFMessagePortCreateRemote with a 'deny mach-lookup' message in the console.

I can see the com.apple.security.temporary-exception.mach-lookup.global-name entitlement key could solve this, but it is only temporary.

Is there a way to achieve a communication between two apps with a mach port in a sandboxed application?

Errors:

let port = CFMessagePortCreateLocal(nil, "XXXYYYZZZZ.MyAppGroupName" as CFString, Callback, nil, nil)
let runLoopSource = CFMessagePortCreateRunLoopSource(kCFAllocatorDefault, port, 0)
CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource, .commonModes)

*** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x14807, name = 'XXXYYYZZZZ.MyAppGroupName'

like image 742
Thomas Avatar asked Mar 27 '12 12:03

Thomas


1 Answers

For both targets app and helper exe :

  • Enable sandboxing
  • Add a common group prefixed by you teamid

    Z123456789.com.example.app-group

Name your mach port using your teamID ex :

Z123456789.com.example.app-group.Port_of_Kobe

Apple documentation link

like image 200
Pierrot Avatar answered Sep 30 '22 06:09

Pierrot