Unable to create outbound unix domain socket in Safari Web Extension Native App
Question
I am creating a Safari Web Extension to add some security features to Safari browser. Web Extension has 2 parts, 1st - script code, which loads in browser and 2nd - a separate application/process called Native App which gets notifications and data of browser activities. I am able to get notifications of various browser activities in Safari Native App. When such notification is received, this needs to be sent to other daemon process running on same MacOS machine over unix domain socket (used for local IPC). This Safari Native App is running within a sandbox.
The issue is, when trying to connect to already listening socket of other process from Safari Native App, the sandbox of Native App denies outbound socket network connection. Question: Is there a way to communicate from sandboxed Native App using socket with other processes.
Disclaimers:
Sandbox cannot be disabled, if disabled it stops getting notifications from Safari for activities, which is its basic work.
Entitlements and app groups addition can be done, but the process to which it has to communicate cannot be added to app group.
Please help/suggest what can be way out from this problem.
1 answers
solution1
0 2022-06-28 07:43:36
I was able to find how to communicate from a sandboxed process using sockets on MacOS machine. The answer is, using TCP/IP sockets instead of unix domain sockets.
Use case we tested with our POC application was, listening on a TCP/IP socket from application running as root user, and connecting through TCP/IP socket from 3 clients running as logged-in users.
And all 3 clients were able to communicate with server. All 3 client applications were run from 3 logged-in users simultaneously.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.