Skip to content
macsyscalls

Glossary

Mach port

The fundamental IPC primitive on macOS — a kernel-managed endpoint that processes hold rights to and send messages through.

A Mach port is the only IPC primitive in macOS. Every form of inter-process communication on the platform — XPC, NSXPC, distributed objects, IOKit user clients, WindowServer events, launchd service lookup — is implemented on top of Mach ports.

Conceptually a port is a kernel-managed message queue. A process holds port rights that describe what it can do with the port:

  • Send right — can send messages to the port.
  • Send-once right — can send exactly one message (used for RPC replies).
  • Receive right — can receive messages from the port. Only one process at a time holds the receive right.
  • Port set — a collection of receive rights you can wait on together.
  • Dead name — what a send right becomes when the receive right is destroyed.

Rights are reference-counted and migrate between processes through the descriptor part of a Mach message. That's how the system passes capabilities around: handing a process a send right is handing it the ability to talk to whoever holds the receive right.

The trap surface for managing ports lives in _kernelrpc_mach_port_* (_kernelrpc_mach_port_allocate_trap, _kernelrpc_mach_port_deallocate_trap, etc.) and the messaging surface is mach_msg_trap and its newer cousin mach_msg2_trap.

The most security-relevant port is the task port — possessing one for another process is equivalent to arbitrary code execution in it.