My application includes as a key component a kernel extension. That kernel extension is controlled by a system control socket. For security reasons, that system control socket only accepts connections from the superuser.
To communicate from my regular, non-superuser application, I have a SMJobBless helper to act as an intermediary. The problem is, I only want my application (signed by me) to be able to connect to this XPC service. Is there any way to verify the signature on the executable on the other end of the connection? If I can get the PID of the process on the other end, that is sufficient, I know how to verify the signature from there.
If I can get the PID of the process on the other end
You can, using xpc_connection_get_pid().