Revision: 23499 http://trac.macosforge.org/projects/launchd/changeset/23499 Author: zarzycki@apple.com Date: 2008-01-28 10:38:20 -0800 (Mon, 28 Jan 2008) Log Message: ----------- <rdar://problem/5653227> work with Seatbelt to provide access control on spawn_via_launchd Modified Paths: -------------- branches/SULeopard/launchd/src/launchd_core_logic.c branches/SULeopard/launchd/src/libbootstrap_private.h Modified: branches/SULeopard/launchd/src/launchd_core_logic.c =================================================================== --- branches/SULeopard/launchd/src/launchd_core_logic.c 2008-01-28 18:20:19 UTC (rev 23498) +++ branches/SULeopard/launchd/src/launchd_core_logic.c 2008-01-28 18:38:20 UTC (rev 23499) @@ -6548,6 +6548,7 @@ job_assumes(j, mspolicy_new(target_j, target_service, flags & BOOTSTRAP_ALLOW_LOOKUP, flags & BOOTSTRAP_PER_PID_SERVICE, false)); } else { target_j->deny_unknown_mslookups = !(flags & BOOTSTRAP_ALLOW_LOOKUP); + target_j->deny_job_creation = (bool)(flags & BOOTSTRAP_DENY_JOB_CREATION); } } else { job_log(j, LOG_WARNING, "Jobs that have policies assigned to them may not set policies."); Modified: branches/SULeopard/launchd/src/libbootstrap_private.h =================================================================== --- branches/SULeopard/launchd/src/libbootstrap_private.h 2008-01-28 18:20:19 UTC (rev 23498) +++ branches/SULeopard/launchd/src/libbootstrap_private.h 2008-01-28 18:38:20 UTC (rev 23499) @@ -29,6 +29,7 @@ #define BOOTSTRAP_PER_PID_SERVICE 0x1 #define BOOTSTRAP_ALLOW_LOOKUP 0x2 +#define BOOTSTRAP_DENY_JOB_CREATION 0x4 kern_return_t bootstrap_register2(mach_port_t bp, name_t service_name, mach_port_t sp, uint64_t flags);