MessageAcceptor still exists, but is purely an internal implementation details of XPCClientRequirement that nowhere else in the codebase knows about (nor has access to).
This means that API users can create requirements just like SecureXPC does, with two intentional carve outs:
alwaysAccepting which is internally only ever used as the default for an XPCServiceServer, using it elsewhere defeats the security of this package (and if such functionality is truly desired, it can be accomplished by using a highly permissive SecRequirement - but the fact doing so is cumbersome is a feature, not a bug)
sameProcess which is internally only ever used as the default for an XPCAnonymousServer which is safe and highly convenient in that exact use case, but is absolutely insecure for a Mach service as its prone to PID races
XPCClientRequirement has been changed from an enum to a struct with identical names which means it can be used the same at the call site except that now it throws at access time which I think is a much clearer way of representing failure.
MessageAcceptor
still exists, but is purely an internal implementation details ofXPCClientRequirement
that nowhere else in the codebase knows about (nor has access to).This means that API users can create requirements just like SecureXPC does, with two intentional carve outs:
alwaysAccepting
which is internally only ever used as the default for anXPCServiceServer
, using it elsewhere defeats the security of this package (and if such functionality is truly desired, it can be accomplished by using a highly permissiveSecRequirement
- but the fact doing so is cumbersome is a feature, not a bug)sameProcess
which is internally only ever used as the default for anXPCAnonymousServer
which is safe and highly convenient in that exact use case, but is absolutely insecure for a Mach service as its prone to PID racesXPCClientRequirement
has been changed from an enum to a struct with identical names which means it can be used the same at the call site except that now it throws at access time which I think is a much clearer way of representing failure.