Example application using a privileged helper tool with authentication in an unsandboxed application written in Swift
This is an example application to demonstrate how to use a privileged helper tool with authentication in Swift 4.2.
NOTE: Privilege escalation is not supported in sandboxed applications.
Please undestand the code and improve and customize it to suit your needs and your application.
I have rewritten the whole project for Swift 4.2 and improved the example in many places:
Automatic Code Signing
Now the project uses automatic code signing, you no longer have to manually edit the code signing information in the app or helper plists.
Connection Validation
Now the helper validates that the calling application is signed using the same signing certificate as the calling application to avoid a simple attack vector for helper tools.
Tool and language versions
This project was created and only tested using Xcode Version 10.0 (10A255) and Swift 4.2.
Developer Certificate
To use a privileged helper tool the application and helper has to be signed by a valid deverloper certificate.
SMJobBlessUtil
The python tool for verifying signing of applications using SMJobBless included in the SMJobBless example project is extremely useful for troubleshooting signing issues.
Dowload it here: SMJobBlessUtil.py
Use it like this: ./SMJobBlessUtil.py check /path/to/MyApplication.app
To test the project, you need to update it to use your own signing certificate.
Use SMJobBlessUtil.py and correct all issues reported until it doesn’t show any output.
The project uses a bash script to automatically update the needed code signing requirements for your current certificate so that they will be correct both during normal builds and archiving.
This script has hardcoded bundle identifiers for the app and the helper, so if you change the bundle identifiers for any of these you have to update the script accordingly.
The helper is installed by using SMJobBless.
When installed, you can enter a directory path in the text field at the top and select to run the /bin/ls
command (with the entered path as argument) using the helper tool with or without requiring authorization.
The application caches the authorization reference which means that you only have to authorize that action once until you press the “Destroy Cached Authorization” or restart the application.
This behaviour can easily be changed to either require authrization every time, after x seconds or never.
If you modify or add/remove code that’s used in the helper tool you MUST update the helper bundle version so when run the next time the application will recognize the helper has to be updated. Or else your new code will never be run.
Links to documentation on the authorization system on macOS.