[launchd-changes] [23499] branches/SULeopard/launchd/src

Mon Jan 28 10:38:38 PST 2008

Revision: 23499
          http://trac.macosforge.org/projects/launchd/changeset/23499
Author:   zarzycki at apple.com
Date:     2008-01-28 10:38:20 -0800 (Mon, 28 Jan 2008)

Log Message:
-----------
<rdar://problem/5653227> work with Seatbelt to provide access control on spawn_via_launchd

Modified Paths:
--------------
    branches/SULeopard/launchd/src/launchd_core_logic.c
    branches/SULeopard/launchd/src/libbootstrap_private.h

Modified: branches/SULeopard/launchd/src/launchd_core_logic.c
===================================================================

--- branches/SULeopard/launchd/src/launchd_core_logic.c	2008-01-28 18:20:19 UTC (rev 23498)
+++ branches/SULeopard/launchd/src/launchd_core_logic.c	2008-01-28 18:38:20 UTC (rev 23499)
@@ -6548,6 +6548,7 @@
 			job_assumes(j, mspolicy_new(target_j, target_service, flags & BOOTSTRAP_ALLOW_LOOKUP, flags & BOOTSTRAP_PER_PID_SERVICE, false));
 		} else {
 			target_j->deny_unknown_mslookups = !(flags & BOOTSTRAP_ALLOW_LOOKUP);
+			target_j->deny_job_creation = (bool)(flags & BOOTSTRAP_DENY_JOB_CREATION);
 		}
 	} else {
 		job_log(j, LOG_WARNING, "Jobs that have policies assigned to them may not set policies.");

Modified: branches/SULeopard/launchd/src/libbootstrap_private.h
===================================================================
--- branches/SULeopard/launchd/src/libbootstrap_private.h	2008-01-28 18:20:19 UTC (rev 23498)
+++ branches/SULeopard/launchd/src/libbootstrap_private.h	2008-01-28 18:38:20 UTC (rev 23499)
@@ -29,6 +29,7 @@
 
 #define BOOTSTRAP_PER_PID_SERVICE	0x1
 #define BOOTSTRAP_ALLOW_LOOKUP		0x2
+#define BOOTSTRAP_DENY_JOB_CREATION	0x4
 
 kern_return_t bootstrap_register2(mach_port_t bp, name_t service_name, mach_port_t sp, uint64_t flags);
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080128/f218e3b0/attachment.html
