Skip to content
This repository has been archived by the owner on Jul 22, 2024. It is now read-only.

XPC Communication

Jump to bottom
Simone Martorelli edited this page Mar 16, 2021 · 5 revisions

In order to make calls to the JAMF binary, you will need privilege escalation and a secure way to communicate with the binary. The enrollment application utilizes a helper binary to facilitate this. The shared protocol between the helper binary and parent enrollment app allow for executing a policy event trigger string similar to how you might execute it directly:

jamf policy event -triggerString

To securely tie the parent application to the helper allowing for the command to pass, you will need to set up anchor keys.

Setting up the privileged helper (PrivilegedCommandsHelper)

  1. Make sure your build targets all have proper signing certificates assigned in the Build Settings/General tab.
  2. Build copies of each target. You will need the build path the enrollment app target for step 5.
  3. Download a copy of the SMJobBlessUtil from Apple.
  4. Copy the python tool to the root of your project folder.
  5. From the terminal navigate to the root of your project folder and run the following :

./SMJobBlessUtil.py setreq /the/path/to/a/buildCopyOfYourApp enrollment/enrollment/Info.plist enrollment/PrivilegedCommandsHelper/PrivilegedCommandsHelper-Info.plist

This should create anchor keys in both the Info.plist for the app and -Info.plist of the helper. You can validate that the certificates are properly matching using the check option of the Utility:

./SMJobBlessUtil.py check /the/path/to/a/buildCopyOfYourApp

A blank return means success, but generally we are looking to see that no messages are present for a certificate mismatch. You can also see the anchor keys present in Xcode by looking at the corresponding property lists.

from enrollment.app Info.plist: Main Application Info.plist

from PrivilegedCommandsHelper-Info.plist: Helper-Info.plist

Clone this wiki locally