I'm working on a Mac app that receives a process ID via NSXPCConnection, and I'm trying to figure out the best way to determine whether that process is a native macOS app like Safari—with bundles and all—or just a script launched by something like Node or Python. The executable is signed with a Team ID using codesign.
I was thinking about getting the executable's path as one way to handle it, but I’m wondering if there’s a more reliable method than relying on the folder structure.
It’s hard to answer your question without more context:
I'm trying to figure out the best way to determine whether that process is a native macOS app
Why? What high-level goal are you trying to achieve based on that information?
That matters because a lot of questions like this are motivated by security, and in that case there are much better options. For more on that, see the link to Validating Signature Of XPC Process in XPC Resources.
OTOH, if you have some other high-level goal then I’d love to hear about it.
ps Regardless of the motivation, it’s a good idea to steer clear of process IDs because they are susceptible to reuse attacks. The general replacement for that is an audit token, although that presents some challenges if you’re using NSXPCConnection. I’m happy to talk about this more, but it’s probably best if I start by understanding your high-level goal.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"