Basic automation with URL scheme and other improvements #253
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…eep linking support
…ixed VMController memory leaks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Improvements
VMControllerinstances 💦Automation
This pull request introduces the
virtualbuddy://URL scheme that can be used to automate basic functions of the app. It's just the foundation for future developments in this area, which I currently plan on including a command-line interface and Shortcuts actions.URL Scheme Actions
Here's the list of actions currently supported by the URL scheme:
open: Opens the Window for a Specific Virtual MachineExample:
virtualbuddy://open?name=macOS%20Sonomaboot: Boots a Virtual MachineThis action supports options:
bootInRecoveryMode(macOS only): boots the VM in recovery modebootOnInstallDevice(Linux only): boots the VM from the installer ISO (if available)Example:
virtualbuddy://boot?name=macOS%20Sonoma&options.bootInRecoveryMode=truestop: Stops a Virtual MachineExample:
virtualbuddy://stop?name=macOS%20SonomaSecurity Considerations
I didn't want to have a URL scheme that can control people's VMs without any sort of authentication, since any app on macOS can open any URL scheme without explicit permission from the user.
This PR includes the
DeepLinkSecurityframework that implements an Apple TCC-like approach to user consent.The first time an app attempts to open a URL scheme in VirtualBuddy, the user will be prompted to allow the app to do so. If allowed, the app may then continue to open URLs in VirtualBuddy, if not, all further attempts will be ignored.
Authentication is done by collecting the audit token from the open URL Apple Event, validating it against the app's code signature, then storing the user's decisions on the Keychain. This data is signed with a private key owned by VirtualBuddy, which is generated and stored on the Keychain the first time it's needed.
This prevents other apps from modifying the data directly in order to spoof authorization, since access to the private key owned by VirtualBuddy would trigger a Keychain permission prompt.