CFMessagePort and Sandbox

Question

CFMessagePort and Sandbox

I am adapting a macOS application to use sandboxing. It uses a helper application (exe in the same package) which fails when I try to call CFMessagePortCreateRemote with the message "deny mach-lookup" in the console.

I see that the right key com.apple.security.temporary-exception.mach-lookup.global-name

can solve this, but it is only temporary.

Is there a way to achieve communication between two applications using mach port in a sandboxed application?

+3

sandbox macos appstore-sandbox

Thomas 27 Mar 12:03 pm

source to share

1 answer

Pierrot · Answer 1 · 2017-03-08T23:11:18+0000

For both the app and helper exe:

Enable sandbox
Add a general group with the teamid prefix

Z123456789.com.example.app-group

Name your mach port using the teamID ex command:

Z123456789.com.example.app-group.Port_of_Kobe

Apple Documentation Link

CFMessagePort and Sandbox

More articles: