CFMessagePort和沙箱 [英] CFMessagePort and sandboxing
问题描述
我正在使MacOS应用程序适应使用沙箱.它使用了一个辅助应用程序(同一个捆绑包中的exe),当我尝试在控制台中使用"deny mach-lookup"消息拒绝调用CFMessagePortCreateRemote时,该应用程序会失败.
I am adapting a MacOS application to use sandboxing. It uses a helper application (an exe in the same bundle) that fails when I try calling CFMessagePortCreateRemote with a 'deny mach-lookup' message in the console.
我可以看到com.apple.security.temporary-exception.mach-lookup.global-name权利密钥可以解决此问题,但这只是暂时的.
I can see the com.apple.security.temporary-exception.mach-lookup.global-name entitlement key could solve this, but it is only temporary.
有没有办法在沙盒应用程序中通过马赫端口实现两个应用程序之间的通信?
Is there a way to achieve a communication between two apps with a mach port in a sandboxed application?
错误:
let port = CFMessagePortCreateLocal(nil, "XXXYYYZZZZ.MyAppGroupName" as CFString, Callback, nil, nil)
let runLoopSource = CFMessagePortCreateRunLoopSource(kCFAllocatorDefault, port, 0)
CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource, .commonModes)
*** CFMessagePort:bootstrap_register():失败1100(0x44c)'权限被拒绝',端口= 0x14807,名称='XXXYYYZZZZ.MyAppGroupName'
*** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x14807, name = 'XXXYYYZZZZ.MyAppGroupName'
推荐答案
同时针对目标应用程序和助手exe:
For both targets app and helper exe :
- 启用沙箱
- 添加一个以您的teamid为前缀的通用组
- Enable sandboxing
- Add a common group prefixed by you teamid
Z123456789.com.example.app-group
Z123456789.com.example.app-group
使用您的teamID命名您的马赫港口:
Name your mach port using your teamID ex :
Z123456789.com.example.app-group.Port_of_Kobe
Z123456789.com.example.app-group.Port_of_Kobe
这篇关于CFMessagePort和沙箱的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
