CoreMediaIO DAL Plugin architecture incompatible with sandboxed apps

Originator:dognotdog
Number:rdar://FB8183080 Date Originated:2020-07-27
Status:Open Resolved:
Product:CoreMedia Product Version:
Classification: Reproducible:yes
 
This is an issue on macOS 10.14 and later.

As per Apple's own recommendation, CoreMediaIO DAL plugins should have assistant services per-user, and if necessary per-system, to manage source access. However, this scheme cannot currently work, as there is no way to establish communications to a service's (XPC service or Launch Agent) Mach port through a 3rd party plugin, even if Library Validation is disabled in the host app, and 3rd party plugins can be loaded, as the sandbox prevents the service from being accessed. 

In non-sandboxed apps, the XPC service can be used to communicate to system or user level service with an App Group that is the same as the service, but if an app is sandboxed this is impossible.

This affects, for example, QuickTime Player, which is a sandboxed app and cannot use CoreMediaIO DAL plugins that rely on an external process to mediate device access despite the plugin itself being available, as the plugin cannot access its XPC service.

I would expect that a 3rd party plugin could communicate with its own services, but that is not the case.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!