I am adapting a MacOS application to use sandboxing. It uses a helper application (an exe in the same bundle) that fails when I try calling CFMessagePortCreateRemote with a 'deny mach-lookup' message in the console.
I can see the com.apple.security.temporary-exception.mach-lookup.global-name
entitlement key could solve this, but it is only temporary.
Is there a way to achieve a communication between two apps with a mach port in a sandboxed application?
Errors:
let port = CFMessagePortCreateLocal(nil, "XXXYYYZZZZ.MyAppGroupName" as CFString, Callback, nil, nil)
let runLoopSource = CFMessagePortCreateRunLoopSource(kCFAllocatorDefault, port, 0)
CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource, .commonModes)
*** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x14807, name = 'XXXYYYZZZZ.MyAppGroupName'
For both targets app and helper exe :
- Enable sandboxing
- Add a common group prefixed by you teamid
Z123456789.com.example.app-group
Name your mach port using your teamID ex :
Z123456789.com.example.app-group.Port_of_Kobe
Apple documentation link
My call to CFMessagePortCreateRunLoopSource
was crashing when using the wrong CFStringRef name
parameter in CFMessagePortCreateLocal
.
I was using the name of my app group, XXXYYYZZZZ.MyAppGroupName
.
After reading the Apple documentation, I changed it to XXXYYYZZZZ.MyAppGroupName.someOtherString
and the crash went away.
Mach port names must begin with the application group identifier, followed by a period (.), followed by a name of your choosing.
For example, if your application group’s name is Z123456789.com.example.app-group
, you might create a Mach port named Z123456789.com.example.app-group.Port_of_Kobe
.
https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW24
Edit:
The following morning, I'm trying to run the same code. This time, I'm getting the crash with the same appended ".someOtherString"
that I was using last night. It works fine if I change to some other string. This is frustrating, as I have no idea when/how that string becomes invalid.
Thread 1: EXC_BAD_ACCESS (code=1, address=0x8)
*** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0xcd07, name = 'XXXYYYZZZZ.MyAppGroupName.someOtherString'
Edit 2:
I hit the crash again, this time with the new string. The issue is possibly related to running a version of the app from the /Applications/
folder in addition to a version from my Xcode build folder.
Port names should generally be unique within the current user context; otherwise, you might run into conflicts.
https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/Multithreading/RunLoopManagement/RunLoopManagement.html