Use pure Swift to easily and securely communicate with XPC services and Mach services. A client-server model enables you
to use your own Codable conforming types to send requests
to routes you define and receive responses.
SecureXPC uses Swift concurrency on macOS 10.15 and later allowing clients to make non-blocking asynchronous requests to servers. A closure-based API is also available providing compatibility back to OS X 10.10.
This package can be used to communicate with any type of XPC service or Mach service, with customized support for:
- XPC services
- Helper tools installed using
SMJobBless - Login items enabled with
SMLoginItemSetEnabled - Daemons registered via
SMAppService.daemon(plistName:) - Agents registered via
SMAppService.agent(plistName:)
It's built with security in mind, minimizing the opportunities for exploits. Security checks are performed against the actual calling process instead of relying on PIDs which are known to be insecure.
The envisioned pattern when using this package is to define routes in a shared file, create a server in one program (such as a helper tool) and register these routes, then from another program (such as an app) create a client and send requests to these routes.
In a file shared by the client and server define one or more routes:
let route = XPCRoute.named("bedazzle")
.withMessageType(String.self)
.withReplyType(Bool.self)In one program retrieve a server, register those routes, and then start the server:
...
let server = <# server retrieval here #>
server.registerRoute(route, handler: bedazzle)
server.startAndBlock()
}
private func bedazzle(message: String) throws -> Bool {
<# implementation here #>
}On macOS 10.15 and later async functions and closures can also be registered as the handler for a route.
There are multiple types of servers which can be retrieved:
XPCServer.forThisXPCService()- For an XPC service, which is a private helper tool available only to the main application that contains it
XPCServer.forMachService()- For agents and daemons registered with
SMAppService,SMJobBlesshelper tools, andSMLoginItemSetEnabledlogin items
- For agents and daemons registered with
XPCServer.forMachService(withCriteria:)- For any type of Mach service including "classic" agents and daemons; see documentation for details
XPCServer.makeAnonymous()- Typically used for testing purposes
XPCServer.makeAnonymous(withClientRequirements:)- Enables advanced scenarios including apps directly communicating with each other; see documentation for details
In another program retrieve a client, then send a request to a registered route:
let client = <# client retrieval here #>
let reply = try await client.sendMessage("Get Schwifty", to: route)Closure-based variants are available for macOS 10.14 and earlier:
let client = <# client retrieval here #>
client.sendMessage("Get Schwifty", to: route, withResponse: { result in
switch result {
case .success(let reply):
<# use the reply #>
case .failure(let error):
<# handle the error #>
}
})There are three types of clients which can be retrieved:
XPCClient.forXPCService(named:)- For communicating with an XPC service
- This corresponds to servers created with
XPCServer.forThisXPCService()
XPCClient.forMachService(named:withServerRequirement:)- For communicating with a Mach service
- This corresponds to servers created with
XPCServer.forMachService()orXPCServer.forMachService(withCriteria:)
XPCClient.forEndpoint(_:withServerRequirement:)- This is the only way to communicate with an anonymous server
- This corresponds to servers created with
XPCServer.makeAnonymous()orXPCServer.makeAnonymous(withClientRequirements:) - This type of client can also be used to communicate with any server via its
endpointproperty
See the FAQ for answers to questions you may have or didn't even realize you wanted answered including topics such as using live file handles, sharing memory between processes, and working within sandbox restrictions.