Skip to content

northpolesec/macops-MOLXPCConnection

 
 

Repository files navigation

MOLXPCConnection

A wrapper around NSXPCListener and NSXPCConnection to provide client multiplexing, signature validation of connecting clients, forced connection establishment and different exported interfaces for privileged/unprivileged clients.

Installation

Using CocoaPods

Add the following line to your Podfile:

pod 'MOLCodesignChecker'

Using Bazel

Add the following to your WORKSPACE:

load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")

# Needed for MOLXPConnection
git_repository(
    name = "MOLCertificate",
    remote = "https://github.com/google/macops-molcertificate.git",
    tag = "v2.0",
)

# Needed for MOLXPCConnection
git_repository(
    name = "MOLCodesignChecker",
    remote = "https://github.com/google/macops-molcodesignchecker.git",
    tag = "v2.0",
)

git_repository(
    name = "MOLXPCConnection",
    remote = "https://github.com/google/macops-molxpcconnection.git",
    tag = "v2.0",
)

And in your BUILD file, add MOLXPCConnection as a dependency:

objc_library(
    name = "MyAwesomeApp_lib",
    srcs = ["src/MyAwesomeApp.m", "src/MyAwesomeApp.h"],
    deps = ["@MOLXPCConnection//:MOLXPCConnection"],
)

Example

Example server started by launchd where the launchd job has a MachServices key:

MOLXPCConnection *conn = [[MOLXPCConnection alloc] initServerWithName:@"MyServer"];
conn.privilegedInterface = [NSXPCInterface interfaceWithProtocol:@protocol(MyServerProtocol)];
conn.exportedObject = myObject;
[conn resume];

Example client, connecting to above server:

MOLXPCConnection *conn = [[MOLXPCConnection alloc] initClientWithName:"MyServer" withOptions:0];
conn.remoteInterface = [NSXPCInterface interfaceWithProtocol:@protocol(MyServerProtocol)];
conn.invalidationHandler = ^{ NSLog(@"Connection invalidated") };
[conn resume];

The client can send a message to the server with:

[conn.remoteObjectProxy selectorInRemoteInterface];

One advantage of the way that MOLXPCConnection works over using NSXPCConnection directly is that from the client-side once the resume method has finished, the connection is either valid or the invalidation handler will be called. Ordinarily, the connection doesn't actually get made until the first message is sent across it.

messages are always delivered on a background thread!

Documentation

Reference documentation is at CocoaDocs.org:

http://cocoadocs.org/docsets/MOLXPCConnection

Contributing

Patches to this library are very much welcome. Please see the CONTRIBUTING file.

About

An NSXPCConnection wrapper that does signature validation

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Objective-C 87.9%
  • Python 8.4%
  • Ruby 3.7%