├── .gitignore ├── LICENSE ├── README.md ├── Shared ├── Constants.swift └── SimpleXPCProtocol.swift ├── SimpleXPCApp.xcodeproj ├── project.pbxproj ├── project.xcworkspace │ ├── contents.xcworkspacedata │ └── xcshareddata │ │ └── IDEWorkspaceChecks.plist └── xcshareddata │ └── xcschemes │ ├── SimpleXPCApp.xcscheme │ └── biz.securing.SimpleXPCService.xcscheme ├── SimpleXPCApp ├── AppDelegate.swift ├── Assets.xcassets │ ├── AppIcon.appiconset │ │ └── Contents.json │ └── Contents.json ├── Base.lproj │ └── Main.storyboard ├── HelperInstaller.swift ├── Info.plist ├── SimpleXPCApp.entitlements ├── ViewController.swift └── securing_logo.png └── SimpleXPCService ├── AuditTokenHack.h ├── AuditTokenHack.m ├── ConnectionVerifier.swift ├── Info.plist ├── XPCDelegate.swift ├── biz.securing.SimpleXPCService-Bridging-Header.h ├── launchd.plist └── main.swift /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | 3 | # Xcode 4 | # 5 | # gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore 6 | 7 | ## User settings 8 | xcuserdata/ 9 | 10 | ## compatibility with Xcode 8 and earlier (ignoring not required starting Xcode 9) 11 | *.xcscmblueprint 12 | *.xccheckout 13 | 14 | ## compatibility with Xcode 3 and earlier (ignoring not required starting Xcode 4) 15 | build/ 16 | DerivedData/ 17 | *.moved-aside 18 | *.pbxuser 19 | !default.pbxuser 20 | *.mode1v3 21 | !default.mode1v3 22 | *.mode2v3 23 | !default.mode2v3 24 | *.perspectivev3 25 | !default.perspectivev3 26 | 27 | ## Obj-C/Swift specific 28 | *.hmap 29 | 30 | ## App packaging 31 | *.ipa 32 | *.dSYM.zip 33 | *.dSYM 34 | 35 | ## Playgrounds 36 | timeline.xctimeline 37 | playground.xcworkspace 38 | 39 | # Swift Package Manager 40 | # 41 | # Add this line if you want to avoid checking in source code from Swift Package Manager dependencies. 42 | # Packages/ 43 | # Package.pins 44 | # Package.resolved 45 | # *.xcodeproj 46 | # 47 | # Xcode automatically generates this directory with a .xcworkspacedata file and xcuserdata 48 | # hence it is not needed unless you have added a package configuration file to your project 49 | # .swiftpm 50 | 51 | .build/ 52 | 53 | # CocoaPods 54 | # 55 | # We recommend against adding the Pods directory to your .gitignore. However 56 | # you should judge for yourself, the pros and cons are mentioned at: 57 | # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control 58 | # 59 | # Pods/ 60 | # 61 | # Add this line if you want to avoid checking in source code from the Xcode workspace 62 | # *.xcworkspace 63 | 64 | # Carthage 65 | # 66 | # Add this line if you want to avoid checking in source code from Carthage dependencies. 67 | # Carthage/Checkouts 68 | 69 | Carthage/Build/ 70 | 71 | # Accio dependency management 72 | Dependencies/ 73 | .accio/ 74 | 75 | # fastlane 76 | # 77 | # It is recommended to not store the screenshots in the git repo. 78 | # Instead, use fastlane to re-generate the screenshots whenever they are needed. 79 | # For more information about the recommended setup visit: 80 | # https://docs.fastlane.tools/best-practices/source-control/#source-control 81 | 82 | fastlane/report.xml 83 | fastlane/Preview.html 84 | fastlane/screenshots/**/*.png 85 | fastlane/test_output 86 | 87 | # Code Injection 88 | # 89 | # After new code Injection tools there's a generated folder /iOSInjectionProject 90 | # https://github.com/johnno1962/injectionforxcode 91 | 92 | iOSInjectionProject/ 93 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 securing 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Secure Privileged XPC Helper 2 | 3 | Building secure privileged XPC services is not trivial. During my [talk](https://www.securing.biz/en/abusing-securing-xpc-in-macos-apps/index.html) "Abusing & Securing XPC in macOS apps" on [Objective By The Sea conference](https://objectivebythesea.com/v3/), I promised to share an example of a secure one. So, here it is! 4 | 5 | ## Learn XPC exploitation 6 | 7 | This tool is not only mentioned to help to secure vulnerable XPC apps but also may help you learning XPC exploitation. Go to the `ConnectionVerifier.swift` file and comment the if statements. 8 | 9 | ## Installation 10 | 11 | `1.` Please remember that you need to update the `Info.plist` files with a SecRequirement string basing on your developer certificate, since the Helper uses SMJobless API. More info [here](https://developer.apple.com/library/content/samplecode/SMJobBless/Introduction/Intro.html#//apple_ref/doc/uid/DTS40010071-Intro-DontLinkElementID_2) 12 | 13 | Note, that in order to be secure, the SecRequirement string at least has to include: 14 | 15 | * bundle identifiers (of the installer and the service) 16 | * your dev certificate's team ID 17 | * 'anchor trusted' prefix 18 | * minimum version (of the installer and the service) 19 | 20 | `2.` Updates also need to be performed in `Shared/Constants.swift`. -------------------------------------------------------------------------------- /Shared/Constants.swift: -------------------------------------------------------------------------------- 1 | import Foundation 2 | 3 | let MACH_SERVICE_NAME = "biz.securing.SimpleXPCService" 4 | let MAIN_APP_BUNDLE_ID = "biz.securing.SimpleXPCApp" 5 | let SUBJECT_CN = "Apple Development: wojciech.regula@securing.pl (GC8LN9PNDZ)" 6 | -------------------------------------------------------------------------------- /Shared/SimpleXPCProtocol.swift: -------------------------------------------------------------------------------- 1 | import Foundation 2 | 3 | @objc(SimpleXPCProtocol) 4 | protocol SimpleXPCProtocol { 5 | func privilegedHi(completion: @escaping (String) -> Void) 6 | func privilegedAlert() 7 | } 8 | -------------------------------------------------------------------------------- /SimpleXPCApp.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- 1 | // !$*UTF8*$! 2 | { 3 | archiveVersion = 1; 4 | classes = { 5 | }; 6 | objectVersion = 50; 7 | objects = { 8 | 9 | /* Begin PBXBuildFile section */ 10 | F1615BEE23FED6EB00D5CF4A /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615BED23FED6EB00D5CF4A /* AppDelegate.swift */; }; 11 | F1615BF023FED6EB00D5CF4A /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615BEF23FED6EB00D5CF4A /* ViewController.swift */; }; 12 | F1615BF223FED6ED00D5CF4A /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = F1615BF123FED6ED00D5CF4A /* Assets.xcassets */; }; 13 | F1615BF523FED6ED00D5CF4A /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = F1615BF323FED6ED00D5CF4A /* Main.storyboard */; }; 14 | F1615C1823FED7BB00D5CF4A /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615C1723FED7BB00D5CF4A /* main.swift */; }; 15 | F1615C1E23FED9CB00D5CF4A /* SimpleXPCProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615C1D23FED9CB00D5CF4A /* SimpleXPCProtocol.swift */; }; 16 | F1615C1F23FED9CB00D5CF4A /* SimpleXPCProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615C1D23FED9CB00D5CF4A /* SimpleXPCProtocol.swift */; }; 17 | F1615C3123FEDAE500D5CF4A /* Constants.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615C3023FEDAE500D5CF4A /* Constants.swift */; }; 18 | F1615C3223FEDAE500D5CF4A /* Constants.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615C3023FEDAE500D5CF4A /* Constants.swift */; }; 19 | F1615C3423FEDBF000D5CF4A /* XPCDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615C3323FEDBF000D5CF4A /* XPCDelegate.swift */; }; 20 | F1615C3623FEE87B00D5CF4A /* HelperInstaller.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615C3523FEE87B00D5CF4A /* HelperInstaller.swift */; }; 21 | F1615C3923FEE90700D5CF4A /* ServiceManagement.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = F1615C3823FEE90700D5CF4A /* ServiceManagement.framework */; }; 22 | F1615C3D23FEF02B00D5CF4A /* biz.securing.SimpleXPCService in Copy biz.securing.SimpleXPCService */ = {isa = PBXBuildFile; fileRef = F1615C1523FED7BB00D5CF4A /* biz.securing.SimpleXPCService */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; 23 | F1615C4323FF147500D5CF4A /* ConnectionVerifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = F1615C4223FF147500D5CF4A /* ConnectionVerifier.swift */; }; 24 | F1615C4623FF233A00D5CF4A /* AuditTokenHack.h in Sources */ = {isa = PBXBuildFile; fileRef = F1615C4523FF233A00D5CF4A /* AuditTokenHack.h */; }; 25 | F1615C4B23FFF5C700D5CF4A /* AuditTokenHack.m in Sources */ = {isa = PBXBuildFile; fileRef = F1615C4A23FFF5C700D5CF4A /* AuditTokenHack.m */; }; 26 | F1615C4D2400305E00D5CF4A /* securing_logo.png in Resources */ = {isa = PBXBuildFile; fileRef = F1615C4C2400305E00D5CF4A /* securing_logo.png */; }; 27 | F1615C4F240036C500D5CF4A /* AppKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = F1615C4E240036C500D5CF4A /* AppKit.framework */; }; 28 | /* End PBXBuildFile section */ 29 | 30 | /* Begin PBXContainerItemProxy section */ 31 | F1615C3A23FEEF4F00D5CF4A /* PBXContainerItemProxy */ = { 32 | isa = PBXContainerItemProxy; 33 | containerPortal = F1615BE223FED6EB00D5CF4A /* Project object */; 34 | proxyType = 1; 35 | remoteGlobalIDString = F1615C1423FED7BB00D5CF4A; 36 | remoteInfo = SimpleXPCService; 37 | }; 38 | /* End PBXContainerItemProxy section */ 39 | 40 | /* Begin PBXCopyFilesBuildPhase section */ 41 | F1615C1023FED73D00D5CF4A /* Embed XPC Services */ = { 42 | isa = PBXCopyFilesBuildPhase; 43 | buildActionMask = 2147483647; 44 | dstPath = "$(CONTENTS_FOLDER_PATH)/XPCServices"; 45 | dstSubfolderSpec = 16; 46 | files = ( 47 | ); 48 | name = "Embed XPC Services"; 49 | runOnlyForDeploymentPostprocessing = 0; 50 | }; 51 | F1615C1323FED7BB00D5CF4A /* CopyFiles */ = { 52 | isa = PBXCopyFilesBuildPhase; 53 | buildActionMask = 2147483647; 54 | dstPath = /usr/share/man/man1/; 55 | dstSubfolderSpec = 0; 56 | files = ( 57 | ); 58 | runOnlyForDeploymentPostprocessing = 1; 59 | }; 60 | F1615C3C23FEF00C00D5CF4A /* Copy biz.securing.SimpleXPCService */ = { 61 | isa = PBXCopyFilesBuildPhase; 62 | buildActionMask = 2147483647; 63 | dstPath = Contents/Library/LaunchServices; 64 | dstSubfolderSpec = 1; 65 | files = ( 66 | F1615C3D23FEF02B00D5CF4A /* biz.securing.SimpleXPCService in Copy biz.securing.SimpleXPCService */, 67 | ); 68 | name = "Copy biz.securing.SimpleXPCService"; 69 | runOnlyForDeploymentPostprocessing = 0; 70 | }; 71 | /* End PBXCopyFilesBuildPhase section */ 72 | 73 | /* Begin PBXFileReference section */ 74 | F1615BEA23FED6EB00D5CF4A /* SimpleXPCApp.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = SimpleXPCApp.app; sourceTree = BUILT_PRODUCTS_DIR; }; 75 | F1615BED23FED6EB00D5CF4A /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76 | F1615BEF23FED6EB00D5CF4A /* ViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ViewController.swift; sourceTree = ""; }; 77 | F1615BF123FED6ED00D5CF4A /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 78 | F1615BF423FED6ED00D5CF4A /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; 79 | F1615BF623FED6ED00D5CF4A /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 80 | F1615BF723FED6ED00D5CF4A /* SimpleXPCApp.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = SimpleXPCApp.entitlements; sourceTree = ""; }; 81 | F1615C1523FED7BB00D5CF4A /* biz.securing.SimpleXPCService */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = biz.securing.SimpleXPCService; sourceTree = BUILT_PRODUCTS_DIR; }; 82 | F1615C1723FED7BB00D5CF4A /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 83 | F1615C1D23FED9CB00D5CF4A /* SimpleXPCProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SimpleXPCProtocol.swift; sourceTree = ""; }; 84 | F1615C3023FEDAE500D5CF4A /* Constants.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Constants.swift; sourceTree = ""; }; 85 | F1615C3323FEDBF000D5CF4A /* XPCDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XPCDelegate.swift; sourceTree = ""; }; 86 | F1615C3523FEE87B00D5CF4A /* HelperInstaller.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = HelperInstaller.swift; sourceTree = ""; }; 87 | F1615C3823FEE90700D5CF4A /* ServiceManagement.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ServiceManagement.framework; path = System/Library/Frameworks/ServiceManagement.framework; sourceTree = SDKROOT; }; 88 | F1615C3E23FEF0BE00D5CF4A /* launchd.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = launchd.plist; sourceTree = ""; }; 89 | F1615C3F23FEF0BE00D5CF4A /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 90 | F1615C4223FF147500D5CF4A /* ConnectionVerifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ConnectionVerifier.swift; sourceTree = ""; }; 91 | F1615C4423FF233A00D5CF4A /* biz.securing.SimpleXPCService-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "biz.securing.SimpleXPCService-Bridging-Header.h"; sourceTree = ""; }; 92 | F1615C4523FF233A00D5CF4A /* AuditTokenHack.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AuditTokenHack.h; sourceTree = ""; }; 93 | F1615C4723FFE46B00D5CF4A /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; 94 | F1615C4A23FFF5C700D5CF4A /* AuditTokenHack.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AuditTokenHack.m; sourceTree = ""; }; 95 | F1615C4C2400305E00D5CF4A /* securing_logo.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = securing_logo.png; sourceTree = ""; }; 96 | F1615C4E240036C500D5CF4A /* AppKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppKit.framework; path = System/Library/Frameworks/AppKit.framework; sourceTree = SDKROOT; }; 97 | /* End PBXFileReference section */ 98 | 99 | /* Begin PBXFrameworksBuildPhase section */ 100 | F1615BE723FED6EB00D5CF4A /* Frameworks */ = { 101 | isa = PBXFrameworksBuildPhase; 102 | buildActionMask = 2147483647; 103 | files = ( 104 | F1615C3923FEE90700D5CF4A /* ServiceManagement.framework in Frameworks */, 105 | ); 106 | runOnlyForDeploymentPostprocessing = 0; 107 | }; 108 | F1615C1223FED7BB00D5CF4A /* Frameworks */ = { 109 | isa = PBXFrameworksBuildPhase; 110 | buildActionMask = 2147483647; 111 | files = ( 112 | F1615C4F240036C500D5CF4A /* AppKit.framework in Frameworks */, 113 | ); 114 | runOnlyForDeploymentPostprocessing = 0; 115 | }; 116 | /* End PBXFrameworksBuildPhase section */ 117 | 118 | /* Begin PBXGroup section */ 119 | F1615BE123FED6EB00D5CF4A = { 120 | isa = PBXGroup; 121 | children = ( 122 | F1615C1C23FED8ED00D5CF4A /* Shared */, 123 | F1615BEC23FED6EB00D5CF4A /* SimpleXPCApp */, 124 | F1615C1623FED7BB00D5CF4A /* SimpleXPCService */, 125 | F1615BEB23FED6EB00D5CF4A /* Products */, 126 | F1615C3723FEE90700D5CF4A /* Frameworks */, 127 | ); 128 | sourceTree = ""; 129 | }; 130 | F1615BEB23FED6EB00D5CF4A /* Products */ = { 131 | isa = PBXGroup; 132 | children = ( 133 | F1615BEA23FED6EB00D5CF4A /* SimpleXPCApp.app */, 134 | F1615C1523FED7BB00D5CF4A /* biz.securing.SimpleXPCService */, 135 | ); 136 | name = Products; 137 | sourceTree = ""; 138 | }; 139 | F1615BEC23FED6EB00D5CF4A /* SimpleXPCApp */ = { 140 | isa = PBXGroup; 141 | children = ( 142 | F1615BED23FED6EB00D5CF4A /* AppDelegate.swift */, 143 | F1615BEF23FED6EB00D5CF4A /* ViewController.swift */, 144 | F1615BF123FED6ED00D5CF4A /* Assets.xcassets */, 145 | F1615BF323FED6ED00D5CF4A /* Main.storyboard */, 146 | F1615BF623FED6ED00D5CF4A /* Info.plist */, 147 | F1615C4C2400305E00D5CF4A /* securing_logo.png */, 148 | F1615BF723FED6ED00D5CF4A /* SimpleXPCApp.entitlements */, 149 | F1615C3523FEE87B00D5CF4A /* HelperInstaller.swift */, 150 | ); 151 | path = SimpleXPCApp; 152 | sourceTree = ""; 153 | }; 154 | F1615C1623FED7BB00D5CF4A /* SimpleXPCService */ = { 155 | isa = PBXGroup; 156 | children = ( 157 | F1615C3F23FEF0BE00D5CF4A /* Info.plist */, 158 | F1615C3E23FEF0BE00D5CF4A /* launchd.plist */, 159 | F1615C1723FED7BB00D5CF4A /* main.swift */, 160 | F1615C3323FEDBF000D5CF4A /* XPCDelegate.swift */, 161 | F1615C4223FF147500D5CF4A /* ConnectionVerifier.swift */, 162 | F1615C4523FF233A00D5CF4A /* AuditTokenHack.h */, 163 | F1615C4A23FFF5C700D5CF4A /* AuditTokenHack.m */, 164 | F1615C4423FF233A00D5CF4A /* biz.securing.SimpleXPCService-Bridging-Header.h */, 165 | ); 166 | path = SimpleXPCService; 167 | sourceTree = ""; 168 | }; 169 | F1615C1C23FED8ED00D5CF4A /* Shared */ = { 170 | isa = PBXGroup; 171 | children = ( 172 | F1615C1D23FED9CB00D5CF4A /* SimpleXPCProtocol.swift */, 173 | F1615C3023FEDAE500D5CF4A /* Constants.swift */, 174 | ); 175 | path = Shared; 176 | sourceTree = ""; 177 | }; 178 | F1615C3723FEE90700D5CF4A /* Frameworks */ = { 179 | isa = PBXGroup; 180 | children = ( 181 | F1615C4E240036C500D5CF4A /* AppKit.framework */, 182 | F1615C4723FFE46B00D5CF4A /* Security.framework */, 183 | F1615C3823FEE90700D5CF4A /* ServiceManagement.framework */, 184 | ); 185 | name = Frameworks; 186 | sourceTree = ""; 187 | }; 188 | /* End PBXGroup section */ 189 | 190 | /* Begin PBXNativeTarget section */ 191 | F1615BE923FED6EB00D5CF4A /* SimpleXPCApp */ = { 192 | isa = PBXNativeTarget; 193 | buildConfigurationList = F1615BFA23FED6ED00D5CF4A /* Build configuration list for PBXNativeTarget "SimpleXPCApp" */; 194 | buildPhases = ( 195 | F1615BE623FED6EB00D5CF4A /* Sources */, 196 | F1615BE723FED6EB00D5CF4A /* Frameworks */, 197 | F1615BE823FED6EB00D5CF4A /* Resources */, 198 | F1615C1023FED73D00D5CF4A /* Embed XPC Services */, 199 | F1615C3C23FEF00C00D5CF4A /* Copy biz.securing.SimpleXPCService */, 200 | ); 201 | buildRules = ( 202 | ); 203 | dependencies = ( 204 | F1615C3B23FEEF4F00D5CF4A /* PBXTargetDependency */, 205 | ); 206 | name = SimpleXPCApp; 207 | productName = SimpleXPCApp; 208 | productReference = F1615BEA23FED6EB00D5CF4A /* SimpleXPCApp.app */; 209 | productType = "com.apple.product-type.application"; 210 | }; 211 | F1615C1423FED7BB00D5CF4A /* biz.securing.SimpleXPCService */ = { 212 | isa = PBXNativeTarget; 213 | buildConfigurationList = F1615C1923FED7BB00D5CF4A /* Build configuration list for PBXNativeTarget "biz.securing.SimpleXPCService" */; 214 | buildPhases = ( 215 | F1615C1123FED7BB00D5CF4A /* Sources */, 216 | F1615C1223FED7BB00D5CF4A /* Frameworks */, 217 | F1615C1323FED7BB00D5CF4A /* CopyFiles */, 218 | ); 219 | buildRules = ( 220 | ); 221 | dependencies = ( 222 | ); 223 | name = biz.securing.SimpleXPCService; 224 | productName = SimpleXPCService; 225 | productReference = F1615C1523FED7BB00D5CF4A /* biz.securing.SimpleXPCService */; 226 | productType = "com.apple.product-type.tool"; 227 | }; 228 | /* End PBXNativeTarget section */ 229 | 230 | /* Begin PBXProject section */ 231 | F1615BE223FED6EB00D5CF4A /* Project object */ = { 232 | isa = PBXProject; 233 | attributes = { 234 | LastSwiftUpdateCheck = 1130; 235 | LastUpgradeCheck = 1130; 236 | ORGANIZATIONNAME = WR; 237 | TargetAttributes = { 238 | F1615BE923FED6EB00D5CF4A = { 239 | CreatedOnToolsVersion = 11.3.1; 240 | }; 241 | F1615C1423FED7BB00D5CF4A = { 242 | CreatedOnToolsVersion = 11.3.1; 243 | LastSwiftMigration = 1130; 244 | }; 245 | }; 246 | }; 247 | buildConfigurationList = F1615BE523FED6EB00D5CF4A /* Build configuration list for PBXProject "SimpleXPCApp" */; 248 | compatibilityVersion = "Xcode 9.3"; 249 | developmentRegion = en; 250 | hasScannedForEncodings = 0; 251 | knownRegions = ( 252 | en, 253 | Base, 254 | ); 255 | mainGroup = F1615BE123FED6EB00D5CF4A; 256 | productRefGroup = F1615BEB23FED6EB00D5CF4A /* Products */; 257 | projectDirPath = ""; 258 | projectRoot = ""; 259 | targets = ( 260 | F1615BE923FED6EB00D5CF4A /* SimpleXPCApp */, 261 | F1615C1423FED7BB00D5CF4A /* biz.securing.SimpleXPCService */, 262 | ); 263 | }; 264 | /* End PBXProject section */ 265 | 266 | /* Begin PBXResourcesBuildPhase section */ 267 | F1615BE823FED6EB00D5CF4A /* Resources */ = { 268 | isa = PBXResourcesBuildPhase; 269 | buildActionMask = 2147483647; 270 | files = ( 271 | F1615C4D2400305E00D5CF4A /* securing_logo.png in Resources */, 272 | F1615BF223FED6ED00D5CF4A /* Assets.xcassets in Resources */, 273 | F1615BF523FED6ED00D5CF4A /* Main.storyboard in Resources */, 274 | ); 275 | runOnlyForDeploymentPostprocessing = 0; 276 | }; 277 | /* End PBXResourcesBuildPhase section */ 278 | 279 | /* Begin PBXSourcesBuildPhase section */ 280 | F1615BE623FED6EB00D5CF4A /* Sources */ = { 281 | isa = PBXSourcesBuildPhase; 282 | buildActionMask = 2147483647; 283 | files = ( 284 | F1615C3623FEE87B00D5CF4A /* HelperInstaller.swift in Sources */, 285 | F1615C1E23FED9CB00D5CF4A /* SimpleXPCProtocol.swift in Sources */, 286 | F1615BF023FED6EB00D5CF4A /* ViewController.swift in Sources */, 287 | F1615BEE23FED6EB00D5CF4A /* AppDelegate.swift in Sources */, 288 | F1615C3123FEDAE500D5CF4A /* Constants.swift in Sources */, 289 | ); 290 | runOnlyForDeploymentPostprocessing = 0; 291 | }; 292 | F1615C1123FED7BB00D5CF4A /* Sources */ = { 293 | isa = PBXSourcesBuildPhase; 294 | buildActionMask = 2147483647; 295 | files = ( 296 | F1615C1823FED7BB00D5CF4A /* main.swift in Sources */, 297 | F1615C1F23FED9CB00D5CF4A /* SimpleXPCProtocol.swift in Sources */, 298 | F1615C4B23FFF5C700D5CF4A /* AuditTokenHack.m in Sources */, 299 | F1615C4623FF233A00D5CF4A /* AuditTokenHack.h in Sources */, 300 | F1615C4323FF147500D5CF4A /* ConnectionVerifier.swift in Sources */, 301 | F1615C3423FEDBF000D5CF4A /* XPCDelegate.swift in Sources */, 302 | F1615C3223FEDAE500D5CF4A /* Constants.swift in Sources */, 303 | ); 304 | runOnlyForDeploymentPostprocessing = 0; 305 | }; 306 | /* End PBXSourcesBuildPhase section */ 307 | 308 | /* Begin PBXTargetDependency section */ 309 | F1615C3B23FEEF4F00D5CF4A /* PBXTargetDependency */ = { 310 | isa = PBXTargetDependency; 311 | target = F1615C1423FED7BB00D5CF4A /* biz.securing.SimpleXPCService */; 312 | targetProxy = F1615C3A23FEEF4F00D5CF4A /* PBXContainerItemProxy */; 313 | }; 314 | /* End PBXTargetDependency section */ 315 | 316 | /* Begin PBXVariantGroup section */ 317 | F1615BF323FED6ED00D5CF4A /* Main.storyboard */ = { 318 | isa = PBXVariantGroup; 319 | children = ( 320 | F1615BF423FED6ED00D5CF4A /* Base */, 321 | ); 322 | name = Main.storyboard; 323 | sourceTree = ""; 324 | }; 325 | /* End PBXVariantGroup section */ 326 | 327 | /* Begin XCBuildConfiguration section */ 328 | F1615BF823FED6ED00D5CF4A /* Debug */ = { 329 | isa = XCBuildConfiguration; 330 | buildSettings = { 331 | ALWAYS_SEARCH_USER_PATHS = NO; 332 | CLANG_ANALYZER_NONNULL = YES; 333 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 334 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; 335 | CLANG_CXX_LIBRARY = "libc++"; 336 | CLANG_ENABLE_MODULES = YES; 337 | CLANG_ENABLE_OBJC_ARC = YES; 338 | CLANG_ENABLE_OBJC_WEAK = YES; 339 | CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; 340 | CLANG_WARN_BOOL_CONVERSION = YES; 341 | CLANG_WARN_COMMA = YES; 342 | CLANG_WARN_CONSTANT_CONVERSION = YES; 343 | CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; 344 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 345 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 346 | CLANG_WARN_EMPTY_BODY = YES; 347 | CLANG_WARN_ENUM_CONVERSION = YES; 348 | CLANG_WARN_INFINITE_RECURSION = YES; 349 | CLANG_WARN_INT_CONVERSION = YES; 350 | CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; 351 | CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; 352 | CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; 353 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 354 | CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; 355 | CLANG_WARN_STRICT_PROTOTYPES = YES; 356 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 357 | CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; 358 | CLANG_WARN_UNREACHABLE_CODE = YES; 359 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 360 | COPY_PHASE_STRIP = NO; 361 | DEBUG_INFORMATION_FORMAT = dwarf; 362 | ENABLE_STRICT_OBJC_MSGSEND = YES; 363 | ENABLE_TESTABILITY = YES; 364 | GCC_C_LANGUAGE_STANDARD = gnu11; 365 | GCC_DYNAMIC_NO_PIC = NO; 366 | GCC_NO_COMMON_BLOCKS = YES; 367 | GCC_OPTIMIZATION_LEVEL = 0; 368 | GCC_PREPROCESSOR_DEFINITIONS = ( 369 | "DEBUG=1", 370 | "$(inherited)", 371 | ); 372 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 373 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 374 | GCC_WARN_UNDECLARED_SELECTOR = YES; 375 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 376 | GCC_WARN_UNUSED_FUNCTION = YES; 377 | GCC_WARN_UNUSED_VARIABLE = YES; 378 | MACOSX_DEPLOYMENT_TARGET = 10.15; 379 | MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; 380 | MTL_FAST_MATH = YES; 381 | ONLY_ACTIVE_ARCH = YES; 382 | SDKROOT = macosx; 383 | SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; 384 | SWIFT_OPTIMIZATION_LEVEL = "-Onone"; 385 | }; 386 | name = Debug; 387 | }; 388 | F1615BF923FED6ED00D5CF4A /* Release */ = { 389 | isa = XCBuildConfiguration; 390 | buildSettings = { 391 | ALWAYS_SEARCH_USER_PATHS = NO; 392 | CLANG_ANALYZER_NONNULL = YES; 393 | CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; 394 | CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; 395 | CLANG_CXX_LIBRARY = "libc++"; 396 | CLANG_ENABLE_MODULES = YES; 397 | CLANG_ENABLE_OBJC_ARC = YES; 398 | CLANG_ENABLE_OBJC_WEAK = YES; 399 | CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; 400 | CLANG_WARN_BOOL_CONVERSION = YES; 401 | CLANG_WARN_COMMA = YES; 402 | CLANG_WARN_CONSTANT_CONVERSION = YES; 403 | CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; 404 | CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; 405 | CLANG_WARN_DOCUMENTATION_COMMENTS = YES; 406 | CLANG_WARN_EMPTY_BODY = YES; 407 | CLANG_WARN_ENUM_CONVERSION = YES; 408 | CLANG_WARN_INFINITE_RECURSION = YES; 409 | CLANG_WARN_INT_CONVERSION = YES; 410 | CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; 411 | CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; 412 | CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; 413 | CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; 414 | CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; 415 | CLANG_WARN_STRICT_PROTOTYPES = YES; 416 | CLANG_WARN_SUSPICIOUS_MOVE = YES; 417 | CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; 418 | CLANG_WARN_UNREACHABLE_CODE = YES; 419 | CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; 420 | COPY_PHASE_STRIP = NO; 421 | DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; 422 | ENABLE_NS_ASSERTIONS = NO; 423 | ENABLE_STRICT_OBJC_MSGSEND = YES; 424 | GCC_C_LANGUAGE_STANDARD = gnu11; 425 | GCC_NO_COMMON_BLOCKS = YES; 426 | GCC_WARN_64_TO_32_BIT_CONVERSION = YES; 427 | GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; 428 | GCC_WARN_UNDECLARED_SELECTOR = YES; 429 | GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; 430 | GCC_WARN_UNUSED_FUNCTION = YES; 431 | GCC_WARN_UNUSED_VARIABLE = YES; 432 | MACOSX_DEPLOYMENT_TARGET = 10.15; 433 | MTL_ENABLE_DEBUG_INFO = NO; 434 | MTL_FAST_MATH = YES; 435 | SDKROOT = macosx; 436 | SWIFT_COMPILATION_MODE = wholemodule; 437 | SWIFT_OPTIMIZATION_LEVEL = "-O"; 438 | }; 439 | name = Release; 440 | }; 441 | F1615BFB23FED6ED00D5CF4A /* Debug */ = { 442 | isa = XCBuildConfiguration; 443 | buildSettings = { 444 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 445 | CODE_SIGN_ENTITLEMENTS = SimpleXPCApp/SimpleXPCApp.entitlements; 446 | CODE_SIGN_STYLE = Automatic; 447 | COMBINE_HIDPI_IMAGES = YES; 448 | DEVELOPMENT_TEAM = Q4GTM2NEQD; 449 | ENABLE_HARDENED_RUNTIME = YES; 450 | INFOPLIST_FILE = SimpleXPCApp/Info.plist; 451 | LD_RUNPATH_SEARCH_PATHS = ( 452 | "$(inherited)", 453 | "@executable_path/../Frameworks", 454 | ); 455 | MACOSX_DEPLOYMENT_TARGET = 10.14; 456 | PRODUCT_BUNDLE_IDENTIFIER = biz.securing.SimpleXPCApp; 457 | PRODUCT_NAME = "$(TARGET_NAME)"; 458 | SWIFT_VERSION = 5.0; 459 | }; 460 | name = Debug; 461 | }; 462 | F1615BFC23FED6ED00D5CF4A /* Release */ = { 463 | isa = XCBuildConfiguration; 464 | buildSettings = { 465 | ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; 466 | CODE_SIGN_ENTITLEMENTS = SimpleXPCApp/SimpleXPCApp.entitlements; 467 | CODE_SIGN_STYLE = Automatic; 468 | COMBINE_HIDPI_IMAGES = YES; 469 | DEVELOPMENT_TEAM = Q4GTM2NEQD; 470 | ENABLE_HARDENED_RUNTIME = YES; 471 | INFOPLIST_FILE = SimpleXPCApp/Info.plist; 472 | LD_RUNPATH_SEARCH_PATHS = ( 473 | "$(inherited)", 474 | "@executable_path/../Frameworks", 475 | ); 476 | MACOSX_DEPLOYMENT_TARGET = 10.14; 477 | PRODUCT_BUNDLE_IDENTIFIER = biz.securing.SimpleXPCApp; 478 | PRODUCT_NAME = "$(TARGET_NAME)"; 479 | SWIFT_VERSION = 5.0; 480 | }; 481 | name = Release; 482 | }; 483 | F1615C1A23FED7BB00D5CF4A /* Debug */ = { 484 | isa = XCBuildConfiguration; 485 | buildSettings = { 486 | CLANG_ENABLE_MODULES = YES; 487 | CODE_SIGN_STYLE = Automatic; 488 | DEVELOPMENT_TEAM = Q4GTM2NEQD; 489 | ENABLE_HARDENED_RUNTIME = YES; 490 | INFOPLIST_FILE = "$(SRCROOT)/SimpleXPCService/Info.plist"; 491 | LD_RUNPATH_SEARCH_PATHS = ( 492 | "$(inherited)", 493 | "@executable_path/../Frameworks", 494 | "@loader_path/../Frameworks", 495 | ); 496 | MACOSX_DEPLOYMENT_TARGET = 10.14; 497 | OTHER_LDFLAGS = ( 498 | "-sectcreate", 499 | __TEXT, 500 | __info_plist, 501 | "\"$(SRCROOT)/SimpleXPCService/Info.plist\"", 502 | "-sectcreate", 503 | __TEXT, 504 | __launchd_plist, 505 | "\"$(SRCROOT)/SimpleXPCService/launchd.plist\"", 506 | ); 507 | PRODUCT_NAME = "$(TARGET_NAME)"; 508 | SWIFT_OBJC_BRIDGING_HEADER = "SimpleXPCService/biz.securing.SimpleXPCService-Bridging-Header.h"; 509 | SWIFT_OPTIMIZATION_LEVEL = "-Onone"; 510 | SWIFT_VERSION = 5.0; 511 | }; 512 | name = Debug; 513 | }; 514 | F1615C1B23FED7BB00D5CF4A /* Release */ = { 515 | isa = XCBuildConfiguration; 516 | buildSettings = { 517 | CLANG_ENABLE_MODULES = YES; 518 | CODE_SIGN_STYLE = Automatic; 519 | DEVELOPMENT_TEAM = Q4GTM2NEQD; 520 | ENABLE_HARDENED_RUNTIME = YES; 521 | INFOPLIST_FILE = "$(SRCROOT)/SimpleXPCService/Info.plist"; 522 | LD_RUNPATH_SEARCH_PATHS = ( 523 | "$(inherited)", 524 | "@executable_path/../Frameworks", 525 | "@loader_path/../Frameworks", 526 | ); 527 | MACOSX_DEPLOYMENT_TARGET = 10.14; 528 | OTHER_LDFLAGS = ( 529 | "-sectcreate", 530 | __TEXT, 531 | __info_plist, 532 | "\"$(SRCROOT)/SimpleXPCService/Info.plist\"", 533 | "-sectcreate", 534 | __TEXT, 535 | __launchd_plist, 536 | "\"$(SRCROOT)/SimpleXPCService/launchd.plist\"", 537 | ); 538 | PRODUCT_NAME = "$(TARGET_NAME)"; 539 | SWIFT_OBJC_BRIDGING_HEADER = "SimpleXPCService/biz.securing.SimpleXPCService-Bridging-Header.h"; 540 | SWIFT_VERSION = 5.0; 541 | }; 542 | name = Release; 543 | }; 544 | /* End XCBuildConfiguration section */ 545 | 546 | /* Begin XCConfigurationList section */ 547 | F1615BE523FED6EB00D5CF4A /* Build configuration list for PBXProject "SimpleXPCApp" */ = { 548 | isa = XCConfigurationList; 549 | buildConfigurations = ( 550 | F1615BF823FED6ED00D5CF4A /* Debug */, 551 | F1615BF923FED6ED00D5CF4A /* Release */, 552 | ); 553 | defaultConfigurationIsVisible = 0; 554 | defaultConfigurationName = Release; 555 | }; 556 | F1615BFA23FED6ED00D5CF4A /* Build configuration list for PBXNativeTarget "SimpleXPCApp" */ = { 557 | isa = XCConfigurationList; 558 | buildConfigurations = ( 559 | F1615BFB23FED6ED00D5CF4A /* Debug */, 560 | F1615BFC23FED6ED00D5CF4A /* Release */, 561 | ); 562 | defaultConfigurationIsVisible = 0; 563 | defaultConfigurationName = Release; 564 | }; 565 | F1615C1923FED7BB00D5CF4A /* Build configuration list for PBXNativeTarget "biz.securing.SimpleXPCService" */ = { 566 | isa = XCConfigurationList; 567 | buildConfigurations = ( 568 | F1615C1A23FED7BB00D5CF4A /* Debug */, 569 | F1615C1B23FED7BB00D5CF4A /* Release */, 570 | ); 571 | defaultConfigurationIsVisible = 0; 572 | defaultConfigurationName = Release; 573 | }; 574 | /* End XCConfigurationList section */ 575 | }; 576 | rootObject = F1615BE223FED6EB00D5CF4A /* Project object */; 577 | } 578 | -------------------------------------------------------------------------------- /SimpleXPCApp.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /SimpleXPCApp.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | IDEDidComputeMac32BitWarning 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /SimpleXPCApp.xcodeproj/xcshareddata/xcschemes/SimpleXPCApp.xcscheme: -------------------------------------------------------------------------------- 1 | 2 | 5 | 8 | 9 | 15 | 21 | 22 | 23 | 24 | 25 | 30 | 31 | 32 | 33 | 43 | 45 | 51 | 52 | 53 | 54 | 60 | 62 | 68 | 69 | 70 | 71 | 73 | 74 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /SimpleXPCApp.xcodeproj/xcshareddata/xcschemes/biz.securing.SimpleXPCService.xcscheme: -------------------------------------------------------------------------------- 1 | 2 | 5 | 8 | 9 | 15 | 21 | 22 | 23 | 24 | 25 | 30 | 31 | 32 | 33 | 43 | 45 | 51 | 52 | 53 | 54 | 60 | 62 | 68 | 69 | 70 | 71 | 73 | 74 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /SimpleXPCApp/AppDelegate.swift: -------------------------------------------------------------------------------- 1 | import Cocoa 2 | 3 | @NSApplicationMain 4 | class AppDelegate: NSObject, NSApplicationDelegate { 5 | 6 | } 7 | 8 | -------------------------------------------------------------------------------- /SimpleXPCApp/Assets.xcassets/AppIcon.appiconset/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "images" : [ 3 | { 4 | "idiom" : "mac", 5 | "size" : "16x16", 6 | "scale" : "1x" 7 | }, 8 | { 9 | "idiom" : "mac", 10 | "size" : "16x16", 11 | "scale" : "2x" 12 | }, 13 | { 14 | "idiom" : "mac", 15 | "size" : "32x32", 16 | "scale" : "1x" 17 | }, 18 | { 19 | "idiom" : "mac", 20 | "size" : "32x32", 21 | "scale" : "2x" 22 | }, 23 | { 24 | "idiom" : "mac", 25 | "size" : "128x128", 26 | "scale" : "1x" 27 | }, 28 | { 29 | "idiom" : "mac", 30 | "size" : "128x128", 31 | "scale" : "2x" 32 | }, 33 | { 34 | "idiom" : "mac", 35 | "size" : "256x256", 36 | "scale" : "1x" 37 | }, 38 | { 39 | "idiom" : "mac", 40 | "size" : "256x256", 41 | "scale" : "2x" 42 | }, 43 | { 44 | "idiom" : "mac", 45 | "size" : "512x512", 46 | "scale" : "1x" 47 | }, 48 | { 49 | "idiom" : "mac", 50 | "size" : "512x512", 51 | "scale" : "2x" 52 | } 53 | ], 54 | "info" : { 55 | "version" : 1, 56 | "author" : "xcode" 57 | } 58 | } -------------------------------------------------------------------------------- /SimpleXPCApp/Assets.xcassets/Contents.json: -------------------------------------------------------------------------------- 1 | { 2 | "info" : { 3 | "version" : 1, 4 | "author" : "xcode" 5 | } 6 | } -------------------------------------------------------------------------------- /SimpleXPCApp/Base.lproj/Main.storyboard: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | 265 | 266 | 267 | 268 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | 283 | 284 | 285 | 286 | 287 | 288 | 289 | 290 | 291 | 292 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | 312 | 313 | 314 | 315 | 316 | 317 | 318 | 319 | 320 | 321 | 322 | 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | 335 | 336 | 337 | 338 | 339 | 340 | 341 | 342 | 343 | 344 | 345 | 346 | 347 | 348 | 349 | 350 | 351 | 352 | 353 | 354 | 355 | 356 | 357 | 358 | 359 | 360 | 361 | 362 | 363 | 364 | 365 | 366 | 367 | 368 | 369 | 370 | 371 | 372 | 373 | 374 | 375 | 376 | 377 | 378 | 379 | 380 | 381 | 382 | 383 | 384 | 385 | 386 | 387 | 388 | 389 | 390 | 391 | 392 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | 400 | 401 | 402 | 403 | 404 | 405 | 406 | 407 | 408 | 409 | 410 | 411 | 412 | 413 | 414 | 415 | 416 | 417 | 418 | 419 | 420 | 421 | 422 | 423 | 424 | 425 | 426 | 427 | 428 | 429 | 430 | 431 | 432 | 433 | 434 | 435 | 436 | 437 | 438 | 439 | 440 | 441 | 442 | 443 | 444 | 445 | 446 | 447 | 448 | 449 | 450 | 451 | 452 | 453 | 454 | 455 | 456 | 457 | 458 | 459 | 460 | 461 | 462 | 463 | 464 | 465 | 466 | 467 | 468 | 469 | 470 | 471 | 472 | 473 | 474 | 475 | 476 | 477 | 478 | 479 | 480 | 481 | 482 | 483 | 484 | 485 | 486 | 487 | 488 | 489 | 490 | 491 | 492 | 493 | 494 | 495 | 496 | 497 | 498 | 499 | 500 | 501 | 502 | 503 | 504 | 505 | 506 | 507 | 508 | 509 | 510 | 511 | 512 | 513 | 514 | 515 | 516 | 517 | 518 | 519 | 520 | 521 | 522 | 523 | 524 | 525 | 526 | 527 | 528 | 529 | 530 | Default 531 | 532 | 533 | 534 | 535 | 536 | 537 | Left to Right 538 | 539 | 540 | 541 | 542 | 543 | 544 | Right to Left 545 | 546 | 547 | 548 | 549 | 550 | 551 | 552 | 553 | 554 | 555 | Default 556 | 557 | 558 | 559 | 560 | 561 | 562 | Left to Right 563 | 564 | 565 | 566 | 567 | 568 | 569 | Right to Left 570 | 571 | 572 | 573 | 574 | 575 | 576 | 577 | 578 | 579 | 580 | 581 | 582 | 583 | 584 | 585 | 586 | 587 | 588 | 589 | 590 | 591 | 592 | 593 | 594 | 595 | 596 | 597 | 598 | 599 | 600 | 601 | 602 | 603 | 604 | 605 | 606 | 607 | 608 | 609 | 610 | 611 | 612 | 613 | 614 | 615 | 616 | 617 | 618 | 619 | 620 | 621 | 622 | 623 | 624 | 625 | 626 | 627 | 628 | 629 | 630 | 631 | 632 | 633 | 634 | 635 | 636 | 637 | 638 | 639 | 640 | 641 | 642 | 643 | 644 | 645 | 646 | 647 | 648 | 649 | 650 | 651 | 652 | 653 | 654 | 655 | 656 | 657 | 658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 | 666 | 667 | 668 | 669 | 670 | 671 | 672 | 673 | 674 | 675 | 676 | 677 | 678 | 679 | 680 | 681 | 682 | 683 | 684 | 685 | 686 | 687 | 688 | 689 | 690 | 691 | 692 | 693 | 694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | 702 | 703 | 704 | 705 | 706 | 707 | 708 | 709 | 710 | 711 | 712 | 713 | 724 | 735 | 746 | 747 | 748 | 749 | 750 | 751 | 752 | 753 | 754 | 755 | 756 | 757 | 758 | 759 | 760 | 761 | 762 | 763 | -------------------------------------------------------------------------------- /SimpleXPCApp/HelperInstaller.swift: -------------------------------------------------------------------------------- 1 | // Installer implemented basing on https://github.com/erikberglund/SwiftPrivilegedHelper 2 | 3 | import Foundation 4 | import ServiceManagement 5 | 6 | enum HelperAuthorizationError: Error { 7 | case message(String) 8 | } 9 | 10 | class HelperInstaller { 11 | 12 | private static func executeAuthorizationFunction(_ authorizationFunction: () -> (OSStatus) ) throws { 13 | let osStatus = authorizationFunction() 14 | guard osStatus == errAuthorizationSuccess else { 15 | throw HelperAuthorizationError.message(String(describing: SecCopyErrorMessageString(osStatus, nil))) 16 | } 17 | } 18 | 19 | static func authorizationRef(_ rights: UnsafePointer?, 20 | _ environment: UnsafePointer?, 21 | _ flags: AuthorizationFlags) throws -> AuthorizationRef? { 22 | var authRef: AuthorizationRef? 23 | try executeAuthorizationFunction { AuthorizationCreate(rights, environment, flags, &authRef) } 24 | return authRef 25 | } 26 | 27 | static func install() -> Void { 28 | 29 | var cfError: Unmanaged? 30 | var authItem = AuthorizationItem(name: kSMRightBlessPrivilegedHelper, valueLength: 0, value:UnsafeMutableRawPointer(bitPattern: 0), flags: 0) 31 | var authRights = AuthorizationRights(count: 1, items: &authItem) 32 | 33 | do { 34 | let authRef = try authorizationRef(&authRights, nil, [.interactionAllowed, .extendRights, .preAuthorize]) 35 | SMJobBless(kSMDomainSystemLaunchd, MACH_SERVICE_NAME as CFString, authRef, &cfError) 36 | } catch let err { 37 | print("Error in installing the helper -> \(err.localizedDescription)") 38 | } 39 | } 40 | 41 | } 42 | -------------------------------------------------------------------------------- /SimpleXPCApp/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | SMPrivilegedExecutables 6 | 7 | biz.securing.SimpleXPCService 8 | identifier "biz.securing.SimpleXPCService" and anchor apple generic and certificate leaf[subject.CN] = "Apple Development: wojciech.regula@securing.pl (GC8LN9PNDZ)" and info [CFBundleShortVersionString] >= "1.0.0" 9 | 10 | CFBundleDevelopmentRegion 11 | $(DEVELOPMENT_LANGUAGE) 12 | CFBundleExecutable 13 | $(EXECUTABLE_NAME) 14 | CFBundleIconFile 15 | 16 | CFBundleIdentifier 17 | $(PRODUCT_BUNDLE_IDENTIFIER) 18 | CFBundleInfoDictionaryVersion 19 | 6.0 20 | CFBundleName 21 | $(PRODUCT_NAME) 22 | CFBundlePackageType 23 | $(PRODUCT_BUNDLE_PACKAGE_TYPE) 24 | CFBundleShortVersionString 25 | 1.0.0 26 | CFBundleVersion 27 | 1 28 | LSApplicationCategoryType 29 | public.app-category.utilities 30 | LSMinimumSystemVersion 31 | $(MACOSX_DEPLOYMENT_TARGET) 32 | NSHumanReadableCopyright 33 | Copyright © 2020 WR. All rights reserved. 34 | NSMainStoryboardFile 35 | Main 36 | NSPrincipalClass 37 | NSApplication 38 | NSSupportsAutomaticTermination 39 | 40 | NSSupportsSuddenTermination 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /SimpleXPCApp/SimpleXPCApp.entitlements: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | com.apple.security.get-task-allow 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /SimpleXPCApp/ViewController.swift: -------------------------------------------------------------------------------- 1 | import Cocoa 2 | 3 | class ViewController: NSViewController { 4 | 5 | override func viewDidLoad() { 6 | super.viewDidLoad() 7 | } 8 | 9 | @IBAction func installHelperClicked(_ sender: Any) { 10 | HelperInstaller.install() 11 | } 12 | 13 | @IBAction func sendPrivilegedHiMessage(_ sender: Any) { 14 | 15 | let connection = NSXPCConnection(machServiceName: MACH_SERVICE_NAME, options: .privileged) 16 | connection.remoteObjectInterface = NSXPCInterface(with: SimpleXPCProtocol.self) 17 | connection.resume() 18 | 19 | let remoteObject = connection.remoteObjectProxyWithErrorHandler { (err) in 20 | print("Error \(err.localizedDescription)") 21 | } as? SimpleXPCProtocol 22 | 23 | remoteObject?.privilegedHi(completion: { (message) in 24 | DispatchQueue.main.async { 25 | let alert = NSAlert() 26 | alert.messageText = "Helper responded" 27 | alert.informativeText = message 28 | alert.alertStyle = .informational 29 | alert.addButton(withTitle: "OK") 30 | alert.runModal() 31 | } 32 | }) 33 | 34 | } 35 | 36 | @IBAction func spawnPrivilegedAlert(_ sender: Any) { 37 | let connection = NSXPCConnection(machServiceName: MACH_SERVICE_NAME, options: .privileged) 38 | connection.remoteObjectInterface = NSXPCInterface(with: SimpleXPCProtocol.self) 39 | connection.resume() 40 | 41 | let remoteObject = connection.remoteObjectProxyWithErrorHandler { (err) in 42 | print("Error \(err.localizedDescription)") 43 | } as? SimpleXPCProtocol 44 | 45 | remoteObject?.privilegedAlert() 46 | } 47 | } 48 | 49 | -------------------------------------------------------------------------------- /SimpleXPCApp/securing_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securing/SimpleXPCApp/973f127f96f776a8a88fa845487b524ee2ad7520/SimpleXPCApp/securing_logo.png -------------------------------------------------------------------------------- /SimpleXPCService/AuditTokenHack.h: -------------------------------------------------------------------------------- 1 | #import 2 | 3 | @interface NSXPCConnection(PrivateAuditToken) 4 | 5 | @property (nonatomic, readonly) audit_token_t auditToken; 6 | 7 | @end 8 | 9 | 10 | @interface AuditTokenHack : NSObject 11 | 12 | +(NSData *)getAuditTokenDataFromNSXPCConnection:(NSXPCConnection *)connection; 13 | 14 | @end 15 | -------------------------------------------------------------------------------- /SimpleXPCService/AuditTokenHack.m: -------------------------------------------------------------------------------- 1 | #import "AuditTokenHack.h" 2 | 3 | @implementation AuditTokenHack 4 | 5 | + (NSData *)getAuditTokenDataFromNSXPCConnection:(NSXPCConnection *)connection { 6 | audit_token_t auditToken = connection.auditToken; 7 | return [NSData dataWithBytes:&auditToken length:sizeof(audit_token_t)]; 8 | } 9 | 10 | @end 11 | -------------------------------------------------------------------------------- /SimpleXPCService/ConnectionVerifier.swift: -------------------------------------------------------------------------------- 1 | import Foundation 2 | 3 | class ConnectionVerifier { 4 | 5 | private static func prepareCodeReferencesFromAuditToken(connection: NSXPCConnection, secCodeOptional: inout SecCode?, secStaticCodeOptional: inout SecStaticCode?) -> Bool { 6 | let auditTokenData = AuditTokenHack.getAuditTokenData(from: connection) 7 | 8 | let attributesDictrionary = [ 9 | kSecGuestAttributeAudit : auditTokenData 10 | ] 11 | 12 | if SecCodeCopyGuestWithAttributes(nil, attributesDictrionary as CFDictionary, SecCSFlags(rawValue: 0), &secCodeOptional) != errSecSuccess { 13 | NSLog("Couldn't get SecCode with the audit token") 14 | return false 15 | } 16 | 17 | guard let secCode = secCodeOptional else { 18 | NSLog("Couldn't unwrap the secCode") 19 | return false 20 | } 21 | 22 | SecCodeCopyStaticCode(secCode, SecCSFlags(rawValue: 0), &secStaticCodeOptional) 23 | 24 | guard let _ = secStaticCodeOptional else { 25 | NSLog("Couldn't unwrap the secStaticCode") 26 | return false 27 | } 28 | 29 | return true 30 | } 31 | 32 | private static func verifyHardenedRuntimeAndProblematicEntitlements(secStaticCode: SecStaticCode) -> Bool { 33 | var signingInformationOptional: CFDictionary? = nil 34 | if SecCodeCopySigningInformation(secStaticCode, SecCSFlags(rawValue: kSecCSDynamicInformation), &signingInformationOptional) != errSecSuccess { 35 | NSLog("Couldn't obtain signing information") 36 | return false 37 | } 38 | 39 | guard let signingInformation = signingInformationOptional else { 40 | return false 41 | } 42 | 43 | let signingInformationDict = signingInformation as NSDictionary 44 | 45 | let signingFlagsOptional = signingInformationDict.object(forKey: "flags") as? UInt32 46 | 47 | if let signingFlags = signingFlagsOptional { 48 | let hardenedRuntimeFlag: UInt32 = 0x10000 49 | if (signingFlags & hardenedRuntimeFlag) != hardenedRuntimeFlag { 50 | NSLog("Hardened runtime is not set for the sender") 51 | return false 52 | } 53 | } else { 54 | return false 55 | } 56 | 57 | let entitlementsOptional = signingInformationDict.object(forKey: "entitlements-dict") as? NSDictionary 58 | guard let entitlements = entitlementsOptional else { 59 | return false 60 | } 61 | NSLog("Entitlements are \(entitlements)") 62 | let problematicEntitlements = [ 63 | "com.apple.security.get-task-allow", 64 | "com.apple.security.cs.disable-library-validation", 65 | "com.apple.security.cs.allow-dyld-environment-variables" 66 | ] 67 | 68 | for problematicEntitlement in problematicEntitlements { 69 | if let presentEntitlement = entitlements.object(forKey: problematicEntitlement) { 70 | if presentEntitlement as! Int == 1 { 71 | NSLog("The sender has \(problematicEntitlement) entitlement set to true") 72 | return false 73 | } 74 | } 75 | } 76 | return true 77 | } 78 | 79 | private static func verifyWithRequirementString(secCode: SecCode) -> Bool { 80 | let requirementString = "anchor apple generic and identifier \"\(MAIN_APP_BUNDLE_ID)\" and certificate leaf[subject.CN] = \"\(SUBJECT_CN)\"" as NSString 81 | 82 | var secRequirement: SecRequirement? = nil 83 | if SecRequirementCreateWithString(requirementString as CFString, SecCSFlags(rawValue: 0), &secRequirement) != errSecSuccess { 84 | NSLog("Couldn't create the requirement string") 85 | return false 86 | } 87 | 88 | if SecCodeCheckValidity(secCode, SecCSFlags(rawValue: 0), secRequirement) != errSecSuccess { 89 | NSLog("NSXPC client does not meet the requirements") 90 | return false 91 | } 92 | 93 | return true 94 | } 95 | 96 | public static func isValid(connection: NSXPCConnection) -> Bool { 97 | var secCodeOptional: SecCode? = nil 98 | var secStaticCodeOptional: SecStaticCode? = nil 99 | 100 | if !prepareCodeReferencesFromAuditToken(connection: connection, secCodeOptional: &secCodeOptional, secStaticCodeOptional: &secStaticCodeOptional) { 101 | return false 102 | } 103 | 104 | if !verifyHardenedRuntimeAndProblematicEntitlements(secStaticCode: secStaticCodeOptional!) { 105 | return false 106 | } 107 | 108 | if !verifyWithRequirementString(secCode: secCodeOptional!) { 109 | return false 110 | } 111 | 112 | return true 113 | } 114 | 115 | } 116 | -------------------------------------------------------------------------------- /SimpleXPCService/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | CFBundleIdentifier 6 | biz.securing.SimpleXPCService 7 | CFBundleInfoDictionaryVersion 8 | 6.0 9 | CFBundleName 10 | biz.securing.SimpleXPCService 11 | CFBundleShortVersionString 12 | 1.0.0 13 | CFBundleVersion 14 | 1 15 | SMAuthorizedClients 16 | 17 | identifier "biz.securing.SimpleXPCApp" and anchor apple generic and certificate leaf[subject.CN] = "Apple Development: wojciech.regula@securing.pl (GC8LN9PNDZ)" and info [CFBundleShortVersionString] >= "1.0.0" 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /SimpleXPCService/XPCDelegate.swift: -------------------------------------------------------------------------------- 1 | import Foundation 2 | import AppKit 3 | 4 | class XPCDelegate: NSObject, NSXPCListenerDelegate, SimpleXPCProtocol { 5 | 6 | func privilegedAlert() { 7 | DispatchQueue.main.async { 8 | let alert = NSAlert() 9 | alert.messageText = "This is a privileged alert" 10 | alert.informativeText = "You got me!" 11 | alert.alertStyle = .warning 12 | alert.addButton(withTitle: "OK") 13 | alert.runModal() 14 | } 15 | } 16 | 17 | func privilegedHi(completion: @escaping (String) -> Void) { 18 | completion("Privileged hi! My GID is \(getgid())") 19 | } 20 | 21 | func listener(_ listener: NSXPCListener, shouldAcceptNewConnection newConnection: NSXPCConnection) -> Bool { 22 | 23 | if ConnectionVerifier.isValid(connection: newConnection) { 24 | newConnection.exportedInterface = NSXPCInterface(with: SimpleXPCProtocol.self) 25 | newConnection.exportedObject = self 26 | newConnection.resume() 27 | return true 28 | } 29 | 30 | return false 31 | } 32 | 33 | 34 | } 35 | -------------------------------------------------------------------------------- /SimpleXPCService/biz.securing.SimpleXPCService-Bridging-Header.h: -------------------------------------------------------------------------------- 1 | #import "AuditTokenHack.h" 2 | -------------------------------------------------------------------------------- /SimpleXPCService/launchd.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Label 6 | biz.securing.SimpleXPCService 7 | MachServices 8 | 9 | biz.securing.SimpleXPCService 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /SimpleXPCService/main.swift: -------------------------------------------------------------------------------- 1 | import Foundation 2 | 3 | let listener = NSXPCListener.init(machServiceName: MACH_SERVICE_NAME) 4 | let delegate = XPCDelegate() 5 | 6 | listener.delegate = delegate 7 | listener.resume() 8 | 9 | RunLoop.main.run() 10 | --------------------------------------------------------------------------------