.environmentObject(appDelegate.helper)

let helper: HelperService

helper = HelperService()

import os

import ServiceManagement

// Whilst the GUI app installs the helper, the System Extension communicates

// with it over XPC

class HelperService: ObservableObject {

private let logger = Logger(subsystem: Bundle.main.bundleIdentifier!, category: "HelperService")

let plistName = "com.coder.Coder-Desktop.Helper.plist"

@Published var state: HelperState = .uninstalled {

didSet {

logger.info("helper daemon state set: \(self.state.description, privacy: .public)")

}

}

init() {

update()

}

func update() {

let daemon = SMAppService.daemon(plistName: plistName)

state = HelperState(status: daemon.status)

}

func install() {

let daemon = SMAppService.daemon(plistName: plistName)

do {

try daemon.register()

} catch let error as NSError {

self.state = .failed(.init(error: error))

} catch {

state = .failed(.unknown(error.localizedDescription))

}

state = HelperState(status: daemon.status)

}

func uninstall() {

let daemon = SMAppService.daemon(plistName: plistName)

do {

try daemon.unregister()

} catch let error as NSError {

self.state = .failed(.init(error: error))

} catch {

state = .failed(.unknown(error.localizedDescription))

}

state = HelperState(status: daemon.status)

}

enum HelperState: Equatable {

case uninstalled

case installed

case requiresApproval

case failed(HelperError)

var description: String {

switch self {

case .uninstalled:

"Uninstalled"

case .installed:

"Installed"

case .requiresApproval:

"Requires Approval"

case let .failed(error):

"Failed: \(error.localizedDescription)"

}

}

init(status: SMAppService.Status) {

self = switch status {

case .notRegistered:

.uninstalled

case .enabled:

.installed

case .requiresApproval:

.requiresApproval

case .notFound:

// `Not found`` is the initial state, if `register` has never been called

.uninstalled

@unknown default:

.failed(.unknown("Unknown status: \(status)"))

}

}

enum HelperError: Error, Equatable {

case alreadyRegistered

case launchDeniedByUser

case invalidSignature

case unknown(String)

init(error: NSError) {

self = switch error.code {

case kSMErrorAlreadyRegistered:

.alreadyRegistered

case kSMErrorLaunchDeniedByUser:

.launchDeniedByUser

case kSMErrorInvalidSignature:

.invalidSignature

default:

.unknown(error.localizedDescription)

}

}

var localizedDescription: String {

switch self {

case .alreadyRegistered:

"Already registered"

case .launchDeniedByUser:

"Launch denied by user"

case .invalidSignature:

"Invalid signature"

case let .unknown(message):

message

}

}

import LaunchAtLogin

import SwiftUI

struct ExperimentalTab: View {

var body: some View {

Form {

HelperSection()

}.formStyle(.grouped)

}

import LaunchAtLogin

import ServiceManagement

import SwiftUI

struct HelperSection: View {

var body: some View {

Section {

HelperButton()

Text("""

.font(.subheadline)

.foregroundColor(.secondary)

}

}

struct HelperButton: View {

@EnvironmentObject var helperService: HelperService

var buttonText: String {

switch helperService.state {

case .uninstalled, .failed:

"Install"

case .installed:

"Uninstall"

case .requiresApproval:

"Open Settings"

}

}

var buttonDescription: String {

switch helperService.state {

case .uninstalled, .installed:

""

case .requiresApproval:

"Requires approval"

case let .failed(err):

err.localizedDescription

}

}

func buttonAction() {

switch helperService.state {

case .uninstalled, .failed:

helperService.install()

if helperService.state == .requiresApproval {

SMAppService.openSystemSettingsLoginItems()

}

case .installed:

helperService.uninstall()

case .requiresApproval:

SMAppService.openSystemSettingsLoginItems()

}

}

var body: some View {

HStack {

Text("Privileged Helper")

Spacer()

Text(buttonDescription)

.foregroundColor(.secondary)

Button(action: buttonAction) {

Text(buttonText)

}

}.onReceive(NotificationCenter.default.publisher(for: NSApplication.didBecomeActiveNotification)) { _ in

helperService.update()

}.onAppear {

helperService.update()

}

}

#Preview {

HelperSection().environmentObject(HelperService())

ExperimentalTab()

.tabItem {

Label("Experimental", systemImage: "gearshape.2")

}.tag(SettingsTab.experimental)

case experimental

logger.debug("VPN xpc connect called")

logger.debug("VPN xpc already exists")

logger.error("VPN XPC connection invalidated.")

logger.error("VPN XPC connection interrupted.")

import Foundation

@objc protocol HelperXPCProtocol {

func removeQuarantine(path: String, withReply reply: @escaping (Int32, String) -> Void)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.coder.Coder-Desktop.Helper</string>

<key>BundleProgram</key>

<string>Contents/MacOS/com.coder.Coder-Desktop.Helper</string>

<key>MachServices</key>

<dict>

<!-- $(TeamIdentifierPrefix) isn't populated here, so this value is hardcoded -->

<key>4399GN35BJ.com.coder.Coder-Desktop.Helper</key>

<true/>

</dict>

<key>AssociatedBundleIdentifiers</key>

<array>

<string>com.coder.Coder-Desktop</string>

</array>

</dict>

</plist>

import Foundation

import os

class HelperToolDelegate: NSObject, NSXPCListenerDelegate, HelperXPCProtocol {

private var logger = Logger(subsystem: Bundle.main.bundleIdentifier!, category: "HelperToolDelegate")

override init() {

super.init()

}

func listener(_: NSXPCListener, shouldAcceptNewConnection newConnection: NSXPCConnection) -> Bool {

newConnection.exportedInterface = NSXPCInterface(with: HelperXPCProtocol.self)

newConnection.exportedObject = self

newConnection.invalidationHandler = { [weak self] in

self?.logger.info("Helper XPC connection invalidated")

}

newConnection.interruptionHandler = { [weak self] in

self?.logger.debug("Helper XPC connection interrupted")

}

logger.info("new active connection")

newConnection.resume()

return true

}

func removeQuarantine(path: String, withReply reply: @escaping (Int32, String) -> Void) {

guard isCoderDesktopDylib(at: path) else {

reply(1, "Path is not to a Coder Desktop dylib: \(path)")

return

}

let task = Process()

let pipe = Pipe()

task.standardOutput = pipe

task.standardError = pipe

task.arguments = ["-d", "com.apple.quarantine", path]

task.executableURL = URL(fileURLWithPath: "/usr/bin/xattr")

do {

try task.run()

} catch {

reply(1, "Failed to start command: \(error)")

return

}

let data = pipe.fileHandleForReading.readDataToEndOfFile()

let output = String(data: data, encoding: .utf8) ?? ""

task.waitUntilExit()

reply(task.terminationStatus, output)

}

func isCoderDesktopDylib(at rawPath: String) -> Bool {

let url = URL(fileURLWithPath: rawPath)

.standardizedFileURL

.resolvingSymlinksInPath()

// *Must* be within the Coder Desktop System Extension sandbox

let requiredPrefix = ["/", "var", "root", "Library", "Containers",

"com.coder.Coder-Desktop.VPN"]

guard url.pathComponents.starts(with: requiredPrefix) else { return false }

guard url.pathExtension.lowercased() == "dylib" else { return false }

guard FileManager.default.fileExists(atPath: url.path) else { return false }

return true

let delegate = HelperToolDelegate()

let listener = NSXPCListener(machServiceName: "4399GN35BJ.com.coder.Coder-Desktop.Helper")

listener.delegate = delegate

listener.resume()

RunLoop.main.run()