swiftmacossandboxxpc

Very simple macOS XPC


I want to use the XPC technology simply to launch an app. I do not need any interprocess communication, or any of the other feature of XPC.

The only documents that I can find on the internet show a complex structure, with code for the XPC service, separate code to launch the XPC service via a script, and app code to communicate with the service.

In other words, I only want something that does the equivalent of this:

NSWorkspace.shared.openApplication(at: path,
                                   configuration: configuration,
                                   completionHandler: nil)

but with XPC. So I would need something along the lines of:

let listener = NSXPCListener.service("/path/to/my_app.app")
listener.resume()
RunLoop.main.run()

Obviously, the service method does not take an argument that would be an executable path, so this does not work.

How can I do that ?

PS: to explain the motivation, launching an XPC service will preserve sandbox restriction form the launching app, whereas launching the app directly via NSWorkspace.shared.openApplication will not preserve sandbox restrictions (because the spawned app does not have "com.apple.security.inherit" as entitlement).


Solution

  • It does not seem possible to launch a sub process while altering it's sandbox (i.e. giving it more or less entitlements than it was originally blessed with).

    I recommend stripping the sandboxing from the existing application, modifying the entitlements appropriately and then re-signing it. It's not a regular approach but would solve your specific issue.