There are a few items in his example that I think should be included in this project, since this has been around longer and I suspect many people have used this as a foundation in their apps eg
SecCodeCopyGuestWithAttributes should not validate using the PID
the signing requirements should include bundle identifier and minimum version
Unfortunately I feel unqualified to create a PR for this so thought I'd raise the issue here and see what others think.
I've just been reading the slides from Wojciech Reguła's talk "Abusing and Securing XPC in macOS Apps" (https://objectivebythesea.com/v3/talks/OBTS_v3_wReguła.pdf).
He has provided https://github.com/securing/SimpleXPCApp as a secure example of an XPC helper.
There are a few items in his example that I think should be included in this project, since this has been around longer and I suspect many people have used this as a foundation in their apps eg
SecCodeCopyGuestWithAttributes
should not validate using the PIDUnfortunately I feel unqualified to create a PR for this so thought I'd raise the issue here and see what others think.
Related, my earlier issue regarding security: https://github.com/erikberglund/SwiftPrivilegedHelper/issues/22