Part of: #9941
Problem
Apple's XPC security guidelines require that NSXPCInterface objects have explicit class allow-lists for any collection or object-type method arguments via setClasses:forSelector:argumentIndex:ofReply:. Without them the XPC layer accepts arbitrary Objective-C objects, which is a potential sandbox escape vector and will be flagged in security review.
Affected files
src/gui/macOS/findersyncxpc_mac.mmshell_integration/MacOSX/NextcloudIntegration/FinderSyncExt/FinderSyncXPCManager.mshell_integration/MacOSX/NextcloudIntegration/FileProviderExt/FileProviderExtension+NSXPCListenerDelegate.swift
Required change
For every NSXPCInterface created in the above files, call setClasses:forSelector:argumentIndex:ofReply: to restrict the allowed classes to the minimal set actually required by each protocol.
Part of: #9941
Problem
Apple's XPC security guidelines require that
NSXPCInterfaceobjects have explicit class allow-lists for any collection or object-type method arguments viasetClasses:forSelector:argumentIndex:ofReply:. Without them the XPC layer accepts arbitrary Objective-C objects, which is a potential sandbox escape vector and will be flagged in security review.Affected files
src/gui/macOS/findersyncxpc_mac.mmshell_integration/MacOSX/NextcloudIntegration/FinderSyncExt/FinderSyncXPCManager.mshell_integration/MacOSX/NextcloudIntegration/FileProviderExt/FileProviderExtension+NSXPCListenerDelegate.swiftRequired change
For every
NSXPCInterfacecreated in the above files, callsetClasses:forSelector:argumentIndex:ofReply:to restrict the allowed classes to the minimal set actually required by each protocol.