--- title: Conforming to Mach IPC security restrictions framework: xcode role: article role_heading: Article path: xcode/conforming-to-mach-ipc-security-restrictions --- # Conforming to Mach IPC security restrictions Avoid crashes and potentially insecure situations associated with Mach messages. ## Overview Overview Mach ports represent low-level inter-process communication (IPC) capabilities on the system, and as such are a fundamental and powerful construct. An attacker who gains access to a Mach port for your app or extension potentially gains a lot of privileges they can use to attack your app and other resources on the system. Higher-level IPC mechanisms, including the Mach Interface Generator (MIG) and XPC, are designed to mitigate many of the security issues related to Mach IPC. Using Mach IPC traps directly doesn’t take advantage of these mitigations, and is very difficult to do correctly. Adopt the com.apple.security.hardened-process.platform-restrictions entitlement in the Enhanced Security capability to turn potentially insecure misuse of Mach and VM APIs into crashes, and use the crash reports to diagnose and fix or remove the potentially insecure code. Replace Mach IPC traps with other IPC mechanisms The easiest way to fix potentially insecure use of Mach IPC traps is to completely avoid using the API. Instead, use a different IPC mechanism that avoids the potentially insecure situations, for example, XPC. Diagnose crashes due to additional run-time platform restrictions If your process has the com.apple.security.hardened-process.platform-restrictions entitlement with a value of at least 1 and the system detects a potentially insecure use of Mach IPC, the system crashes your process. The crash report has an exception type of EXC_GUARD, and exception subtype of GUARD_TYPE_MACH_PORT. The exception message in the crash report is one of these values: ## See Also ### Security and privacy - [Verifying the origin of your XCFrameworks](xcode/verifying-the-origin-of-your-xcframeworks.md) - [Enabling enhanced security for your app](xcode/enabling-enhanced-security-for-your-app.md) - [Creating enhanced security helper extensions](xcode/creating-enhanced-security-helper-extensions.md) - [Adopting type-aware memory allocation](xcode/adopting-type-aware-memory-allocation.md)