2

I created an App and started to sandbox it. Now I did privilege separation using xpc-services. I downloaded the "SandboxedFetch" example from Apple, which shows two xpc-services like an application (application-icon). In my App the xpc-services show the "pluggin"-icon. The summary tab in the project setting for my xpc-service is not available, which means that I cannot configure the entitlements like I can do on the main app. I copied a custom made entitlements-file to the xpc-service and referenced it in the project settings. But the service is running always without privilege restrictions applied to the service.

Do I need a new certificate for the service? If my app is named "com.mycompany.app" and my service is named "com.mycompany.app.service" I cannot apply my app certificate to the service. I am somehow confused about this sandboxing stuff. Do I need a new certificate for my xpc-service? If not, how can I apply the entitlements to it?

Cœur
  • 37,241
  • 25
  • 195
  • 267
JackPearse
  • 2,922
  • 23
  • 31

1 Answers1

1

This seems to be a "bug" of Xcode. Maybe The XPC-service-template will have a summary-tab in future. Now you can create a entitlements plist file manually or use the application entitlement file and copy it into your xpc-service folder. In project settings type the path and name for this new entitlement file into the entitlement field. Change your entitlements inside this file. Sandboxing will run now.

For codesigning, select your "3rd Party Mac Developer" certificate (and not the Mac Developer certificate).

JackPearse
  • 2,922
  • 23
  • 31