堆栈内存溢出
  简体   繁体   English

无法在 Safari Web Extension Native App 中创建出站 unix 域套接字

[英]Unable to create outbound unix domain socket in Safari Web Extension Native App

 原文  2022-06-15 16:54:16       macos/ appstore-sandbox/ safari-web-extension

问题描述

I am creating a Safari Web Extension to add some security features to Safari browser.我正在创建一个 Safari Web 扩展来为 Safari 浏览器添加一些安全功能。 Web Extension has 2 parts, 1st - script code, which loads in browser and 2nd - a separate application/process called Native App which gets notifications and data of browser activities. Web 扩展有 2 个部分,第一个 - 脚本代码,它加载到浏览器中,第二个 - 一个名为 Native App 的单独应用程序/进程,它获取浏览器活动的通知和数据。 I am able to get notifications of various browser activities in Safari Native App.我能够在 Safari Native App 中获得各种浏览器活动的通知。 When such notification is received, this needs to be sent to other daemon process running on same MacOS machine over unix domain socket (used for local IPC).当收到此类通知时,需要通过 unix 域套接字(用于本地 IPC)将其发送到在同一 MacOS 机器上运行的其他守护进程。 This Safari Native App is running within a sandbox.此 Safari 原生应用程序在沙箱中运行。

The issue is, when trying to connect to already listening socket of other process from Safari Native App, the sandbox of Native App denies outbound socket network connection.问题是,当尝试从 Safari Native App 连接到已经在侦听其他进程的套接字时,Native App 的沙箱拒绝出站套接字网络连接。 Question: Is there a way to communicate from sandboxed Native App using socket with other processes.问题:有没有办法使用套接字从沙盒本机应用程序与其他进程进行通信。

Disclaimers:免责声明:

Sandbox cannot be disabled, if disabled it stops getting notifications from Safari for activities, which is its basic work.沙盒不能被禁用,如果禁用它会停止从 Safari 获取活动通知,这是它的基本工作。

Entitlements and app groups addition can be done, but the process to which it has to communicate cannot be added to app group.可以添加权利和应用程序组,但它必须与之通信的进程不能添加到应用程序组。

Please help/suggest what can be way out from this problem.请帮助/建议可以解决此问题的方法。

1 个解决方案

解决方案1
 0  2022-06-28 07:43:36

I was able to find how to communicate from a sandboxed process using sockets on MacOS machine.我能够找到如何使用 MacOS 机器上的套接字从沙盒进程进行通信。 The answer is, using TCP/IP sockets instead of unix domain sockets.答案是使用 TCP/IP 套接字而不是 unix 域套接字。

Use case we tested with our POC application was, listening on a TCP/IP socket from application running as root user, and connecting through TCP/IP socket from 3 clients running as logged-in users.我们用 POC 应用程序测试的用例是,从以 root 用户身份运行的应用程序监听 TCP/IP 套接字,并通过以登录用户身份运行的 3 个客户端通过 TCP/IP 套接字进行连接。

And all 3 clients were able to communicate with server.并且所有 3 个客户端都能够与服务器通信。 All 3 client applications were run from 3 logged-in users simultaneously.所有 3 个客户端应用程序同时由 3 个登录用户运行。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我可以直接从 Safari Web Extension 的后台页面向 Native App 发送消息吗? - Can I send message directly from Safari Web Extension’s background page to Native App? Mac Catalyst,无法创建Safari扩展 - Mac Catalyst, unable to create a Safari Extension 如何通过 safari web 扩展打开本地应用程序? - how to open local app through safari web extension? 为使用 Electron 创建的 macOS 应用程序创建“Safari App Extension”? - Create a “Safari App Extension” for macOS application created with Electron? 未安装Safari App Extension - Safari App Extension not installed 在Mac OS X中访问Unix域套接字 - Accessing a unix domain socket in Mac OS X 无法连接到OS X上的Unix域套接字 - failed to connect to unix domain socket on os x connect() 与 unix 域套接字和完整的积压 - connect() with unix-domain socket and full backlog Postgres:无法连接到域套接字 - Postgres: Unable to connect to domain socket Safari App Extension与包含的应用程序进行通信的方式 - Ways of Safari App Extension to communicate with containing app
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM