jakaplan
commented
2 years ago @amomchilov available for your review if you'd like to (and post-merge reviews are also always most welcome)
Closed jakaplan closed 2 years ago
jakaplan
commented
2 years ago @amomchilov available for your review if you'd like to (and post-merge reviews are also always most welcome)
MessageAcceptorstill exists, but is purely an internal implementation details ofXPCClientRequirementthat nowhere else in the codebase knows about (nor has access to).This means that API users can create requirements just like SecureXPC does, with two intentional carve outs:
alwaysAcceptingwhich is internally only ever used as the default for anXPCServiceServer, using it elsewhere defeats the security of this package (and if such functionality is truly desired, it can be accomplished by using a highly permissiveSecRequirement- but the fact doing so is cumbersome is a feature, not a bug)sameProcesswhich is internally only ever used as the default for anXPCAnonymousServerwhich is safe and highly convenient in that exact use case, but is absolutely insecure for a Mach service as its prone to PID racesXPCClientRequirementhas been changed from an enum to a struct with identical names which means it can be used the same at the call site except that now it throws at access time which I think is a much clearer way of representing failure.