Passing File Handle to XPC Does Not Allow Accessing The File
Originator: | developer.computers | ||
Number: | rdar://FB9293644 | Date Originated: | 2021-07-08 |
Status: | Open | Resolved: | |
Product: | MacOS | Product Version: | macOS 11.3 Big Sur |
Classification: | App Sandbox | Reproducible: | Yes |
Our main app opens a USB connection and gets the FileHandle from IO Kit to /dev/cu.usbmodem<Device> file. Main app is able to use the file handle to read/write to the file using FileManager. After we transfer the file handle to XPC using SecureCoding, XPC is able to read data using that file handle but is unable to access the file using FileManager. We need access to this device via path because the USB device restarts and the /dev/cu.usbmodem<Device> file is recreated, which invalidates the file handle. As a workaround, we were forced abandon XPC as a solution and move our XPC code back to the main app. At the same time, the main app is able to launch process using Process (https://developer.apple.com/documentation/foundation/process/2890108-run) and that process has access to the device using the path. It seems like Process has higher privileges than XPC. In the Apple documentation for Process, we are told "Important In a sandboxed application, child processes created with the Process class inherit the sandbox of the parent app. You should generally write helper applications as XPC Services instead, because XPC Services allows you to specify different sandbox entitlements for helper apps."
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!