fix: add code signing requirements to xpc connections#206
+132 −124
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
MemberAuthor
This stack of pull requests is managed by Graphite. Learn more about stacking. |
This was referenced Jul 24, 2025
ethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from c7dbde8 to ef8832aCompareethanndicksonforce-pushed the ethan/xpc-validation branch from ea87f52 to 5bf788fCompareethanndicksonforce-pushed the ethan/xpc-validation branch from 5bf788f to 547fd97Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from ef8832a to e32d7deCompare
deansheather approved these changes Jul 30, 2025
Uh oh!
There was an error while loading. Please reload this page.
ethanndicksonforce-pushed the ethan/xpc-validation branch from 547fd97 to 6687411Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from eebf562 to 291e5a1Compareethanndicksonforce-pushed the ethan/xpc-validation branch from 6687411 to ef370dbCompareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from 291e5a1 to b0c196fCompareethanndicksonforce-pushed the ethan/xpc-validation branch from ef370db to 55319f4Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from b0c196f to b81afc9Compareethanndicksonforce-pushed the ethan/xpc-validation branch from 55319f4 to 8670f11Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from b81afc9 to e96075eCompareethanndicksonforce-pushed the ethan/xpc-validation branch 2 times, most recently from be347a8 to e6a3578Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch 2 times, most recently from a4b58e5 to bd905aeCompareethanndicksonforce-pushed the ethan/xpc-validation branch from e6a3578 to a1864f6Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from bd905ae to 33931d6Compareethanndicksonforce-pushed the ethan/xpc-validation branch from a1864f6 to 8b4c8cdCompareethanndicksonforce-pushed the ethan/xpc-validation branch from 8b4c8cd to 78fd6c0Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from 33931d6 to 0999089Compareethanndicksonforce-pushed the ethan/xpc-validation branch from 78fd6c0 to a5d5337Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from 0999089 to 1453e77Compareethanndicksonforce-pushed the ethan/xpc-validation branch from a5d5337 to c450bd4Compareethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from 1453e77 to d09250bCompareThere was a problem hiding this comment.
Pull Request Overview
This PR enhances security by adding code signing requirements to XPC connections to prevent unauthorized binaries from connecting to the Helper service. The changes implement validation that ensures only binaries signed by the Coder Apple development team can establish XPC connections.
Key changes:
- Refactored validation logic from
Download.swiftinto a dedicatedValidate.swiftfile - Added
xpcPeerRequirementproperty to enforce code signing requirements on XPC connections - Applied code signing validation to all XPC connection points in the application
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| Coder-Desktop/VPNLib/Validate.swift | New file containing extracted validation logic with added XPC peer requirement string |
| Coder-Desktop/VPNLib/Download.swift | Removed validation code that was moved to Validate.swift |
| Coder-Desktop/VPN/NEHelperXPCClient.swift | Added code signing requirement to XPC client connection |
| Coder-Desktop/Coder-DesktopHelper/HelperXPCListeners.swift | Added code signing requirements to both XPC server listeners |
| Coder-Desktop/Coder-Desktop/AppHelperXPCClient.swift | Added code signing requirement to app helper XPC client |
| } | ||
| guard let plistName = infoPlist[infoNameKey] as? String, plistName == expectedName else{ | ||
| throw .invalidIdentifier(identifier: infoPlist[infoNameKey] as? String) |
There was a problem hiding this comment.
The error type should be a name-specific validation error, not invalidIdentifier. This validation is checking the bundle name, not the identifier, so it should throw a different error type or the existing invalidIdentifier case should be renamed to be more generic.
Suggested change
| throw.invalidIdentifier(identifier:infoPlist[infoNameKey]as?String) | |
| throw.invalidName(name:infoPlist[infoNameKey]as?String) |
ethanndicksonforce-pushed the ethan/networking-in-launchdaemon branch from d09250b to d286679Compareethanndicksonforce-pushed the ethan/xpc-validation branch from c450bd4 to 557e4feCompareMemberAuthor
Merge activity
|
ethanndickson changed the base branch from ethan/networking-in-launchdaemon to graphite-base/206
ethanndicksonforce-pushed the ethan/xpc-validation branch from 557e4fe to 6b4106aCompareethanndickson merged commit ff169e3 into main 4 checks passed
Uh oh!
There was an error while loading. Please reload this page.
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Continues to address #201.
I've manually tested that this change prevents binaries not signed by the Coder Apple development team from connecting to the Helper over XPC.
Most of the PR diff is me moving the validator out of
Download.swiftand intoValidate.swift