Revision: 23487 http://trac.macosforge.org/projects/launchd/changeset/23487 Author: zarzycki@apple.com Date: 2008-01-18 13:24:30 -0800 (Fri, 18 Jan 2008) Log Message: ----------- <rdar://problem/5653227> work with Seatbelt to provide access control on spawn_via_launchd Modified Paths: -------------- branches/SULeopard/launchd/src/launchd_core_logic.c branches/SULeopard/launchd/src/liblaunch_public.h Modified: branches/SULeopard/launchd/src/launchd_core_logic.c =================================================================== --- branches/SULeopard/launchd/src/launchd_core_logic.c 2008-01-18 17:50:12 UTC (rev 23486) +++ branches/SULeopard/launchd/src/launchd_core_logic.c 2008-01-18 21:24:30 UTC (rev 23487) @@ -361,7 +361,7 @@ currently_ignored:1, forced_peers_to_demand_mode:1, setnice:1, hopefully_exits_last:1, removal_pending:1, wait4pipe_eof:1, sent_sigkill:1, debug_before_kill:1, weird_bootstrap:1, start_on_mount:1, per_user:1, hopefully_exits_first:1, deny_unknown_mslookups:1, unload_at_mig_return:1, abandon_pg:1, - poll_for_vfs_changes:1, internal_exc_handler:1, can_kickstart:1; + poll_for_vfs_changes:1, internal_exc_handler:1, deny_job_creation:1; const char label[0]; }; @@ -1575,10 +1575,10 @@ bool found_key = false; switch (key[0]) { - case 'c': - case 'C': - if (strcasecmp(key, LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS) == 0) { - j->can_kickstart = launch_data_get_bool(obj); + case 'd': + case 'D': + if (strcasecmp(key, LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS) == 0) { + j->deny_job_creation = launch_data_get_bool(obj); found_key = true; } break; @@ -5140,6 +5140,10 @@ return BOOTSTRAP_NO_MEMORY; } + if (unlikely(j->deny_job_creation)) { + return BOOTSTRAP_NOT_PRIVILEGED; + } + runtime_get_caller_creds(&ldc); job_log(j, LOG_DEBUG, "Server create attempt: %s", server_cmd); @@ -6424,16 +6428,21 @@ return BOOTSTRAP_NO_MEMORY; } + if (unlikely(!(otherj = job_find(targetlabel)))) { + return BOOTSTRAP_UNKNOWN_SERVICE; + } + runtime_get_caller_creds(&ldc); - if (!j->can_kickstart || (ldc.euid != 0 && ldc.euid != geteuid())) { + if (ldc.euid != 0 && ldc.euid != geteuid() +#if TARGET_OS_EMBEDDED + && j->username && otherj->username + && strcmp(j->username, otherj->username) != 0 +#endif + ) { return BOOTSTRAP_NOT_PRIVILEGED; } - if (unlikely(!(otherj = job_find(targetlabel)))) { - return BOOTSTRAP_UNKNOWN_SERVICE; - } - otherj = job_dispatch(otherj, true); if (!job_assumes(j, otherj && otherj->p)) { @@ -6522,6 +6531,10 @@ return BOOTSTRAP_NO_MEMORY; } + if (unlikely(j->deny_job_creation)) { + return BOOTSTRAP_NOT_PRIVILEGED; + } + if (getpid() == 1 && ldc.euid && ldc.uid) { job_log(j, LOG_DEBUG, "Punting spawn to per-user-context"); return VPROC_ERR_TRY_PER_USER; Modified: branches/SULeopard/launchd/src/liblaunch_public.h =================================================================== --- branches/SULeopard/launchd/src/liblaunch_public.h 2008-01-18 17:50:12 UTC (rev 23486) +++ branches/SULeopard/launchd/src/liblaunch_public.h 2008-01-18 21:24:30 UTC (rev 23487) @@ -101,7 +101,7 @@ #define LAUNCH_JOBKEY_ABANDONPROCESSGROUP "AbandonProcessGroup" #define LAUNCH_JOBKEY_POLICIES "Policies" -#define LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS "CanKickStartOtherJobs" +#define LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS "DenyCreatingOtherJobs" #define LAUNCH_JOBINETDCOMPATIBILITY_WAIT "Wait"