[launchd-changes] [23487] branches/SULeopard/launchd/src

source_changes at macosforge.org source_changes at macosforge.org
Fri Jan 18 13:24:32 PST 2008


Revision: 23487
          http://trac.macosforge.org/projects/launchd/changeset/23487
Author:   zarzycki at apple.com
Date:     2008-01-18 13:24:30 -0800 (Fri, 18 Jan 2008)

Log Message:
-----------
<rdar://problem/5653227> work with Seatbelt to provide access control on spawn_via_launchd

Modified Paths:
--------------
    branches/SULeopard/launchd/src/launchd_core_logic.c
    branches/SULeopard/launchd/src/liblaunch_public.h

Modified: branches/SULeopard/launchd/src/launchd_core_logic.c
===================================================================
--- branches/SULeopard/launchd/src/launchd_core_logic.c	2008-01-18 17:50:12 UTC (rev 23486)
+++ branches/SULeopard/launchd/src/launchd_core_logic.c	2008-01-18 21:24:30 UTC (rev 23487)
@@ -361,7 +361,7 @@
 		     currently_ignored:1, forced_peers_to_demand_mode:1, setnice:1, hopefully_exits_last:1, removal_pending:1,
 		     wait4pipe_eof:1, sent_sigkill:1, debug_before_kill:1, weird_bootstrap:1, start_on_mount:1,
 		     per_user:1, hopefully_exits_first:1, deny_unknown_mslookups:1, unload_at_mig_return:1, abandon_pg:1,
-		     poll_for_vfs_changes:1, internal_exc_handler:1, can_kickstart:1;
+		     poll_for_vfs_changes:1, internal_exc_handler:1, deny_job_creation:1;
 	const char label[0];
 };
 
@@ -1575,10 +1575,10 @@
 	bool found_key = false;
 
 	switch (key[0]) {
-	case 'c':
-	case 'C':
-		if (strcasecmp(key, LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS) == 0) {
-			j->can_kickstart = launch_data_get_bool(obj);
+	case 'd':
+	case 'D':
+		if (strcasecmp(key, LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS) == 0) {
+			j->deny_job_creation = launch_data_get_bool(obj);
 			found_key = true;
 		}
 		break;
@@ -5140,6 +5140,10 @@
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
+	if (unlikely(j->deny_job_creation)) {
+		return BOOTSTRAP_NOT_PRIVILEGED;
+	}
+
 	runtime_get_caller_creds(&ldc);
 
 	job_log(j, LOG_DEBUG, "Server create attempt: %s", server_cmd);
@@ -6424,16 +6428,21 @@
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
+	if (unlikely(!(otherj = job_find(targetlabel)))) {
+		return BOOTSTRAP_UNKNOWN_SERVICE;
+	}
+
 	runtime_get_caller_creds(&ldc);
 
-	if (!j->can_kickstart || (ldc.euid != 0 && ldc.euid != geteuid())) {
+	if (ldc.euid != 0 && ldc.euid != geteuid()
+#if TARGET_OS_EMBEDDED
+			&& j->username && otherj->username
+			&& strcmp(j->username, otherj->username) != 0
+#endif
+			) {
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-	if (unlikely(!(otherj = job_find(targetlabel)))) {
-		return BOOTSTRAP_UNKNOWN_SERVICE;
-	}
-
 	otherj = job_dispatch(otherj, true);
 
 	if (!job_assumes(j, otherj && otherj->p)) {
@@ -6522,6 +6531,10 @@
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
+	if (unlikely(j->deny_job_creation)) {
+		return BOOTSTRAP_NOT_PRIVILEGED;
+	}
+
 	if (getpid() == 1 && ldc.euid && ldc.uid) {
 		job_log(j, LOG_DEBUG, "Punting spawn to per-user-context");
 		return VPROC_ERR_TRY_PER_USER;

Modified: branches/SULeopard/launchd/src/liblaunch_public.h
===================================================================
--- branches/SULeopard/launchd/src/liblaunch_public.h	2008-01-18 17:50:12 UTC (rev 23486)
+++ branches/SULeopard/launchd/src/liblaunch_public.h	2008-01-18 21:24:30 UTC (rev 23487)
@@ -101,7 +101,7 @@
 #define LAUNCH_JOBKEY_ABANDONPROCESSGROUP	"AbandonProcessGroup"
 #define LAUNCH_JOBKEY_POLICIES			"Policies"
 
-#define LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS	"CanKickStartOtherJobs"
+#define LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS	"DenyCreatingOtherJobs"
 
 #define LAUNCH_JOBINETDCOMPATIBILITY_WAIT	"Wait"
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080118/ce7ca106/attachment.html


More information about the launchd-changes mailing list