[23499] branches/SULeopard/launchd/src

Revision: 23499
Author: zarzycki@apple.com
Date: 2008-01-28 10:38:20 -0800 (Mon, 28 Jan 2008)

Log Message

<rdar://problem/5653227> work with Seatbelt to provide access control on spawn_via_launchd

Modified Paths

branches/SULeopard/launchd/src/launchd_core_logic.c
branches/SULeopard/launchd/src/libbootstrap_private.h

Diff

Modified: branches/SULeopard/launchd/src/launchd_core_logic.c (23498 => 23499)


--- branches/SULeopard/launchd/src/launchd_core_logic.c	2008-01-28 18:20:19 UTC (rev 23498)
+++ branches/SULeopard/launchd/src/launchd_core_logic.c	2008-01-28 18:38:20 UTC (rev 23499)
@@ -6548,6 +6548,7 @@
 			job_assumes(j, mspolicy_new(target_j, target_service, flags & BOOTSTRAP_ALLOW_LOOKUP, flags & BOOTSTRAP_PER_PID_SERVICE, false));
 		} else {
 			target_j->deny_unknown_mslookups = !(flags & BOOTSTRAP_ALLOW_LOOKUP);
+			target_j->deny_job_creation = (bool)(flags & BOOTSTRAP_DENY_JOB_CREATION);
 		}
 	} else {
 		job_log(j, LOG_WARNING, "Jobs that have policies assigned to them may not set policies.");

Modified: branches/SULeopard/launchd/src/libbootstrap_private.h (23498 => 23499)


--- branches/SULeopard/launchd/src/libbootstrap_private.h	2008-01-28 18:20:19 UTC (rev 23498)
+++ branches/SULeopard/launchd/src/libbootstrap_private.h	2008-01-28 18:38:20 UTC (rev 23499)
@@ -29,6 +29,7 @@
 
 #define BOOTSTRAP_PER_PID_SERVICE	0x1
 #define BOOTSTRAP_ALLOW_LOOKUP		0x2
+#define BOOTSTRAP_DENY_JOB_CREATION	0x4
 
 kern_return_t bootstrap_register2(mach_port_t bp, name_t service_name, mach_port_t sp, uint64_t flags);