jakaplan
commented
2 years ago @amomchilov optionally available for your review. Will leave this open for at least a couple days.
The motivation behind this was discovering that despite login items running from the app bundle they're contained within, any non-sandboxed app on the system can communicate with them. (This is true even when the login item is itself sandboxed - the sandbox is clearly unidirectional and provides no incoming protection.) This potentially allows for certain types of privilege escalation, from the Apple Developer forums:
[W]hen you look at it from the per-process privilege model now supported on the Mac, this may well represent a privilege escalation. For example, the user might have granted your app a TCC privilege (in System Preferences > Security & Privacy > Privacy) and you don’t want to hand that out to anyone.
I continue to be rather surprised and unimpressed by XPC's default security.
From a API user perspective this is basically the equivalent of
forThisBlessedHelperTool()forSMJobBless. Under the hood, the implementation is considerably different. I've tested this manually, but don't have any great ideas on how to go about doing this in automated fashion (without adopting/implementing an entire integration testing setup).