[launchd-changes] [23488] trunk/launchd/src
source_changes at macosforge.org
source_changes at macosforge.org
Fri Jan 18 13:27:03 PST 2008
Revision: 23488
http://trac.macosforge.org/projects/launchd/changeset/23488
Author: zarzycki at apple.com
Date: 2008-01-18 13:27:01 -0800 (Fri, 18 Jan 2008)
Log Message:
-----------
<rdar://problem/5653227> work with Seatbelt to provide access control on spawn_via_launchd
Modified Paths:
--------------
trunk/launchd/src/launchd_core_logic.c
trunk/launchd/src/liblaunch_public.h
Modified: trunk/launchd/src/launchd_core_logic.c
===================================================================
--- trunk/launchd/src/launchd_core_logic.c 2008-01-18 21:24:30 UTC (rev 23487)
+++ trunk/launchd/src/launchd_core_logic.c 2008-01-18 21:27:01 UTC (rev 23488)
@@ -365,7 +365,7 @@
currently_ignored:1, forced_peers_to_demand_mode:1, setnice:1, hopefully_exits_last:1, removal_pending:1,
legacy_LS_job:1, sent_sigkill:1, debug_before_kill:1, weird_bootstrap:1, start_on_mount:1,
per_user:1, hopefully_exits_first:1, deny_unknown_mslookups:1, unload_at_mig_return:1, abandon_pg:1,
- poll_for_vfs_changes:1, can_kickstart:1, __junk:11;
+ poll_for_vfs_changes:1, deny_job_creation:1, __junk:11;
mode_t mask;
const char label[0];
};
@@ -1643,10 +1643,10 @@
bool found_key = false;
switch (key[0]) {
- case 'c':
- case 'C':
- if (strcasecmp(key, LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS) == 0) {
- j->can_kickstart = launch_data_get_bool(obj);
+ case 'd':
+ case 'D':
+ if (strcasecmp(key, LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS) == 0) {
+ j->deny_job_creation = launch_data_get_bool(obj);
found_key = true;
}
break;
@@ -5296,6 +5296,10 @@
return BOOTSTRAP_NO_MEMORY;
}
+ if (unlikely(j->deny_job_creation)) {
+ return BOOTSTRAP_NOT_PRIVILEGED;
+ }
+
runtime_get_caller_creds(&ldc);
job_log(j, LOG_DEBUG, "Server create attempt: %s", server_cmd);
@@ -6582,16 +6586,21 @@
return BOOTSTRAP_NO_MEMORY;
}
+ if (unlikely(!(otherj = job_find(targetlabel)))) {
+ return BOOTSTRAP_UNKNOWN_SERVICE;
+ }
+
runtime_get_caller_creds(&ldc);
- if (!j->can_kickstart || (ldc.euid != 0 && ldc.euid != geteuid())) {
+ if (ldc.euid != 0 && ldc.euid != geteuid()
+#if TARGET_OS_EMBEDDED
+ && j->username && otherj->username
+ && strcmp(j->username, otherj->username) != 0
+#endif
+ ) {
return BOOTSTRAP_NOT_PRIVILEGED;
}
- if (unlikely(!(otherj = job_find(targetlabel)))) {
- return BOOTSTRAP_UNKNOWN_SERVICE;
- }
-
otherj = job_dispatch(otherj, true);
if (!job_assumes(j, otherj && otherj->p)) {
@@ -6690,6 +6699,10 @@
return BOOTSTRAP_NO_MEMORY;
}
+ if (unlikely(j->deny_job_creation)) {
+ return BOOTSTRAP_NOT_PRIVILEGED;
+ }
+
if (unlikely(pid1_magic && ldc.euid && ldc.uid)) {
job_log(j, LOG_DEBUG, "Punting spawn to per-user-context");
return VPROC_ERR_TRY_PER_USER;
Modified: trunk/launchd/src/liblaunch_public.h
===================================================================
--- trunk/launchd/src/liblaunch_public.h 2008-01-18 21:24:30 UTC (rev 23487)
+++ trunk/launchd/src/liblaunch_public.h 2008-01-18 21:27:01 UTC (rev 23488)
@@ -102,7 +102,7 @@
#define LAUNCH_JOBKEY_ABANDONPROCESSGROUP "AbandonProcessGroup"
#define LAUNCH_JOBKEY_POLICIES "Policies"
-#define LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS "CanKickStartOtherJobs"
+#define LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS "DenyCreatingOtherJobs"
#define LAUNCH_JOBINETDCOMPATIBILITY_WAIT "Wait"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080118/413189e2/attachment.html
More information about the launchd-changes
mailing list