src/launchd.c

/*
 * Copyright (c) 2005 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_APACHE_LICENSE_HEADER_START@
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * @APPLE_APACHE_LICENSE_HEADER_END@
 */

#include "config.h"
#include "launchd.h"

#include <sys/types.h>
#include <sys/queue.h>
#include <sys/event.h>
#include <sys/stat.h>
#include <sys/ucred.h>
#include <sys/fcntl.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <sys/sysctl.h>
#include <sys/sockio.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/kern_event.h>
#include <sys/reboot.h>
#include <sys/socket.h>
#include <sys/syscall.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <netinet6/nd6.h>
#include <ifaddrs.h>
#include <unistd.h>
#include <signal.h>
#include <errno.h>
#include <libgen.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <stdbool.h>
#include <paths.h>
#include <pwd.h>
#include <grp.h>
#include <ttyent.h>
#include <dlfcn.h>
#include <dirent.h>
#include <string.h>
#include <setjmp.h>
#include <spawn.h>
#include <sched.h>
#include <pthread.h>
#include <util.h>
#include <os/assumes.h>

#if HAVE_LIBAUDITD
#include <bsm/auditd_lib.h>
#include <bsm/audit_session.h>
#endif

#include "bootstrap.h"
#include "vproc.h"
#include "vproc_priv.h"
#include "vproc_internal.h"
#include "launch.h"
#include "launch_internal.h"

#include "runtime.h"
#include "core.h"
#include "ipc.h"

#define LAUNCHD_CONF ".launchd.conf"

extern char **environ;

static void pfsystem_callback(void *, struct kevent *);

static kq_callback kqpfsystem_callback = pfsystem_callback;

static void pid1_magic_init(void);

static void testfd_or_openfd(int fd, const char *path, int flags);
static bool get_network_state(void);
static void monitor_networking_state(void);
static void fatal_signal_handler(int sig, siginfo_t *si, void *uap);
static void handle_pid1_crashes_separately(void);
static void do_pid1_crash_diagnosis_mode(const char *msg);
static int basic_fork(void);
static bool do_pid1_crash_diagnosis_mode2(const char *msg);

static void *update_thread(void *nothing);

static void *crash_addr;
static pid_t crash_pid;

char *_launchd_database_dir;
char *_launchd_log_dir;

bool launchd_shutting_down;
bool network_up;
uid_t launchd_uid;
FILE *launchd_console = NULL;
int32_t launchd_sync_frequency = 30;

int
main(int argc, char *const *argv)
{
	bool sflag = false;
	int ch;

	/* This needs to be cleaned up. Currently, we risk tripping assumes() macros
	 * before we've properly set things like launchd's log database paths, the
	 * global launchd label for syslog messages and the like. Luckily, these are
	 * operations that will probably never fail, like test_of_openfd(), the
	 * stuff in launchd_runtime_init() and the stuff in
	 * handle_pid1_crashes_separately().
	 */
	testfd_or_openfd(STDIN_FILENO, _PATH_DEVNULL, O_RDONLY);
	testfd_or_openfd(STDOUT_FILENO, _PATH_DEVNULL, O_WRONLY);
	testfd_or_openfd(STDERR_FILENO, _PATH_DEVNULL, O_WRONLY);

	if (launchd_use_gmalloc) {
		if (!getenv("DYLD_INSERT_LIBRARIES")) {
			setenv("DYLD_INSERT_LIBRARIES", "/usr/lib/libgmalloc.dylib", 1);
			setenv("MALLOC_STRICT_SIZE", "1", 1);
			execv(argv[0], argv);
		} else {
			unsetenv("DYLD_INSERT_LIBRARIES");
			unsetenv("MALLOC_STRICT_SIZE");
		}
	} else if (launchd_malloc_log_stacks) {
		if (!getenv("MallocStackLogging")) {
			setenv("MallocStackLogging", "1", 1);
			execv(argv[0], argv);
		} else {
			unsetenv("MallocStackLogging");
		}
	}

	while ((ch = getopt(argc, argv, "s")) != -1) {
		switch (ch) {
		case 's': sflag = true; break;	/* single user */
		case '?': /* we should do something with the global optopt variable here */
		default:
			fprintf(stderr, "%s: ignoring unknown arguments\n", getprogname());
			break;
		}
	}

	if (getpid() != 1 && getppid() != 1) {
		fprintf(stderr, "%s: This program is not meant to be run directly.\n", getprogname());
		exit(EXIT_FAILURE);
	}

	launchd_runtime_init();

	if (NULL == getenv("PATH")) {
		setenv("PATH", _PATH_STDPATH, 1);
	}

	if (pid1_magic) {
		pid1_magic_init();

		int cfd = -1;
		if ((cfd = open(_PATH_CONSOLE, O_WRONLY | O_NOCTTY)) != -1) {
			_fd(cfd);
			if (!(launchd_console = fdopen(cfd, "w"))) {
				(void)close(cfd);
			}
		}

		char *extra = "";
		if (launchd_osinstaller) {
			extra = " in the OS Installer";
		} else if (sflag) {
			extra = " in single-user mode";
		}

		launchd_syslog(LOG_NOTICE | LOG_CONSOLE, "*** launchd[1] has started up%s. ***", extra);
		if (launchd_use_gmalloc) {
			launchd_syslog(LOG_NOTICE | LOG_CONSOLE, "*** Using libgmalloc. ***");
		}

		if (launchd_verbose_boot) {
			launchd_syslog(LOG_NOTICE | LOG_CONSOLE, "*** Verbose boot, will log to /dev/console. ***");
		}

		if (launchd_shutdown_debugging) {
			launchd_syslog(LOG_NOTICE | LOG_CONSOLE, "*** Shutdown debugging is enabled. ***");
		}

		if (launchd_log_shutdown) {
			launchd_syslog(LOG_NOTICE | LOG_CONSOLE, "*** Shutdown logging is enabled. ***");
		}

		if (launchd_log_perf) {
			launchd_syslog(LOG_NOTICE | LOG_CONSOLE, "*** Performance logging is enabled. ***");
		}

		if (launchd_log_debug) {
			launchd_syslog(LOG_NOTICE | LOG_CONSOLE, "*** Debug logging is enabled. ***");
		}

		handle_pid1_crashes_separately();

		/* Start the update thread.
		 *
		 * <rdar://problem/5039559&6153301>
		 */
		pthread_t t = NULL;
		(void)os_assumes_zero(pthread_create(&t, NULL, update_thread, NULL));
		(void)os_assumes_zero(pthread_detach(t));

		/* PID 1 doesn't have a flat namespace. */
		launchd_flat_mach_namespace = false;
		fflush(launchd_console);
	} else {
		launchd_uid = getuid();
		launchd_var_available = true;
		if (asprintf(&launchd_label, "com.apple.launchd.peruser.%u", launchd_uid) == 0) {
			launchd_label = "com.apple.launchd.peruser.unknown";
		}

		struct passwd *pwent = getpwuid(launchd_uid);
		if (pwent) {
			launchd_username = strdup(pwent->pw_name);
		} else {
			launchd_username = "(unknown)";
		}

		if (asprintf(&_launchd_database_dir, LAUNCHD_DB_PREFIX "/com.apple.launchd.peruser.%u", launchd_uid) == 0) {
			_launchd_database_dir = "";
		}

		if (asprintf(&_launchd_log_dir, LAUNCHD_LOG_PREFIX "/com.apple.launchd.peruser.%u", launchd_uid) == 0) {
			_launchd_log_dir = "";
		}

		if (launchd_allow_global_dyld_envvars) {
			launchd_syslog(LOG_WARNING, "Per-user launchd will allow DYLD_* environment variables in the global environment.");
		}

		ipc_server_init();
		launchd_log_push();

		auditinfo_addr_t auinfo;
		if (posix_assumes_zero(getaudit_addr(&auinfo, sizeof(auinfo))) != -1) {
			launchd_audit_session = auinfo.ai_asid;
			launchd_syslog(LOG_DEBUG, "Our audit session ID is %i", launchd_audit_session);
		}

		launchd_audit_port = _audit_session_self();

		vproc_transaction_begin(NULL);
		vproc_transaction_end(NULL, NULL);

		launchd_syslog(LOG_DEBUG, "Per-user launchd started (UID/username): %u/%s.", launchd_uid, launchd_username);
	}

	monitor_networking_state();
	jobmgr_init(sflag);

	launchd_runtime_init2();
	launchd_runtime();
}

void
handle_pid1_crashes_separately(void)
{
	struct sigaction fsa;

	fsa.sa_sigaction = fatal_signal_handler;
	fsa.sa_flags = SA_SIGINFO;
	sigemptyset(&fsa.sa_mask);

	(void)posix_assumes_zero(sigaction(SIGILL, &fsa, NULL));
	(void)posix_assumes_zero(sigaction(SIGFPE, &fsa, NULL));
	(void)posix_assumes_zero(sigaction(SIGBUS, &fsa, NULL));
	(void)posix_assumes_zero(sigaction(SIGTRAP, &fsa, NULL));
	(void)posix_assumes_zero(sigaction(SIGABRT, &fsa, NULL));
	(void)posix_assumes_zero(sigaction(SIGSEGV, &fsa, NULL));
}

void *
update_thread(void *nothing __attribute__((unused)))
{
	(void)posix_assumes_zero(setiopolicy_np(IOPOL_TYPE_DISK, IOPOL_SCOPE_THREAD, IOPOL_THROTTLE));

	while (launchd_sync_frequency) {
		sync();
		sleep(launchd_sync_frequency);
	}

	launchd_syslog(LOG_DEBUG, "Update thread exiting.");
	return NULL;
}

#define PID1_CRASH_LOGFILE "/var/log/launchd-pid1.crash"

/* This hack forces the dynamic linker to resolve these symbols ASAP */
static __attribute__((unused)) typeof(sync) *__junk_dyld_trick1 = sync;
static __attribute__((unused)) typeof(sleep) *__junk_dyld_trick2 = sleep;
static __attribute__((unused)) typeof(reboot) *__junk_dyld_trick3 = reboot;

void
do_pid1_crash_diagnosis_mode(const char *msg)
{
	if (launchd_wsp) {
		kill(launchd_wsp, SIGKILL);
		sleep(3);
		launchd_wsp = 0;
	}

	while (launchd_shutdown_debugging && !do_pid1_crash_diagnosis_mode2(msg)) {
		sleep(1);
	}
}

int
basic_fork(void)
{
	int wstatus = 0;
	pid_t p;

	switch ((p = fork())) {
	case -1:
		launchd_syslog(LOG_ERR | LOG_CONSOLE, "Can't fork PID 1 copy for crash debugging: %m");
		return p;
	case 0:
		return p;
	default:
		do {
			(void)waitpid(p, &wstatus, 0);
		} while(!WIFEXITED(wstatus));

		fprintf(stdout, "PID 1 copy: exit status: %d\n", WEXITSTATUS(wstatus));

		return 1;
	}

	return -1;
}

bool
do_pid1_crash_diagnosis_mode2(const char *msg)
{
	if (basic_fork() == 0) {
		/* Neuter our bootstrap port so that the shell doesn't try talking to us
		 * while we're blocked waiting on it.
		 */
		if (launchd_console) {
			fflush(launchd_console);
		}

		task_set_bootstrap_port(mach_task_self(), MACH_PORT_NULL);
		if (basic_fork() != 0) {
			if (launchd_console) {
				fflush(launchd_console);
			}

			return true;
		}
	} else {
		return true;
	}

	int fd;
	revoke(_PATH_CONSOLE);
	if ((fd = open(_PATH_CONSOLE, O_RDWR)) == -1) {
		_exit(2);
	}
	if (login_tty(fd) == -1) {
		_exit(3);
	}

	setenv("TERM", "vt100", 1);
	fprintf(stdout, "\n");
	fprintf(stdout, "Entering launchd PID 1 debugging mode...\n");
	fprintf(stdout, "The PID 1 launchd has crashed %s.\n", msg);
	fprintf(stdout, "It has fork(2)ed itself for debugging.\n");
	fprintf(stdout, "To debug the crashing thread of PID 1:\n");
	fprintf(stdout, "    gdb attach %d\n", getppid());
	fprintf(stdout, "To exit this shell and shut down:\n");
	fprintf(stdout, "    kill -9 1\n");
	fprintf(stdout, "A sample of PID 1 has been written to %s\n", PID1_CRASH_LOGFILE);
	fprintf(stdout, "\n");
	fflush(stdout);

	execl(_PATH_BSHELL, "-sh", NULL);
	syslog(LOG_ERR, "can't exec %s for PID 1 crash debugging: %m", _PATH_BSHELL);
	_exit(EXIT_FAILURE);
}

void
fatal_signal_handler(int sig, siginfo_t *si, void *uap __attribute__((unused)))
{
	const char *doom_why = "at instruction";
	char msg[128];
#if 0
	char *sample_args[] = { "/usr/bin/sample", "1", "1", "-file", PID1_CRASH_LOGFILE, NULL };
	pid_t sample_p;
	int wstatus;
#endif

	crash_addr = si->si_addr;
	crash_pid = si->si_pid;
#if 0
	setenv("XPC_SERVICES_UNAVAILABLE", "1", 0);
	unlink(PID1_CRASH_LOGFILE);

	switch ((sample_p = vfork())) {
	case 0:
		execve(sample_args[0], sample_args, environ);
		_exit(EXIT_FAILURE);
		break;
	default:
		waitpid(sample_p, &wstatus, 0);
		break;
	case -1:
		break;
	}
#endif
	switch (sig) {
	default:
	case 0:
		break;
	case SIGBUS:
	case SIGSEGV:
		doom_why = "trying to read/write";
	case SIGILL:
	case SIGFPE:
	case SIGTRAP:
		snprintf(msg, sizeof(msg), "%s: %p (%s sent by PID %u)", doom_why, crash_addr, strsignal(sig), crash_pid);
		sync();
		do_pid1_crash_diagnosis_mode(msg);
		sleep(3);
		reboot(0);
		break;
	}
}

void
pid1_magic_init(void)
{
	launchd_label = "com.apple.launchd";
	launchd_username = "system";

	_launchd_database_dir = LAUNCHD_DB_PREFIX "/com.apple.launchd";
	_launchd_log_dir = LAUNCHD_LOG_PREFIX "/com.apple.launchd";

	(void)posix_assumes_zero(setsid());
	(void)posix_assumes_zero(chdir("/"));
	(void)posix_assumes_zero(setlogin("root"));

#if !TARGET_OS_EMBEDDED
	auditinfo_addr_t auinfo = {
		.ai_termid = {
			.at_type = AU_IPv4
		},
		.ai_asid = AU_ASSIGN_ASID,
		.ai_auid = AU_DEFAUDITID,
		.ai_flags = AU_SESSION_FLAG_IS_INITIAL,
	};

	if (setaudit_addr(&auinfo, sizeof(auinfo)) == -1) {
		launchd_syslog(LOG_WARNING | LOG_CONSOLE, "Could not set audit session: %d: %s.", errno, strerror(errno));
		_exit(EXIT_FAILURE);
	}

	launchd_audit_session = auinfo.ai_asid;
	launchd_syslog(LOG_DEBUG, "Audit Session ID: %i", launchd_audit_session);

	launchd_audit_port = _audit_session_self();
#endif // !TARGET_OS_EMBEDDED
}

char *
launchd_copy_persistent_store(int type, const char *file)
{
	char *result = NULL;
	if (!file) {
		file = "";
	}

	switch (type) {
	case LAUNCHD_PERSISTENT_STORE_DB:
		(void)asprintf(&result, "%s/%s", _launchd_database_dir, file);
		break;
	case LAUNCHD_PERSISTENT_STORE_LOGS:
		(void)asprintf(&result, "%s/%s", _launchd_log_dir, file);
		break;
	default:
		break;
	}

	return result;
}

int
_fd(int fd)
{
	if (fd >= 0) {
		(void)posix_assumes_zero(fcntl(fd, F_SETFD, 1));
	}
	return fd;
}

void
launchd_shutdown(void)
{
	int64_t now;

	if (launchd_shutting_down) {
		return;
	}

	runtime_ktrace0(RTKT_LAUNCHD_EXITING);

	launchd_shutting_down = true;
	launchd_log_push();

	now = runtime_get_wall_time();

	char *term_who = pid1_magic ? "System shutdown" : "Per-user launchd termination for ";
	launchd_syslog(LOG_INFO, "%s%s began", term_who, pid1_magic ? "" : launchd_username);

	os_assert(jobmgr_shutdown(root_jobmgr) != NULL);

#if HAVE_LIBAUDITD
	if (pid1_magic) {
		(void)os_assumes_zero(audit_quick_stop());
	}
#endif
}

void
launchd_SessionCreate(void)
{
#if !TARGET_OS_EMBEDDED
	auditinfo_addr_t auinfo = {
		.ai_termid = { .at_type = AU_IPv4 },
		.ai_asid = AU_ASSIGN_ASID,
		.ai_auid = getuid(),
		.ai_flags = 0,
	};
	if (setaudit_addr(&auinfo, sizeof(auinfo)) == 0) {
		char session[16];
		snprintf(session, sizeof(session), "%x", auinfo.ai_asid);
		setenv("SECURITYSESSIONID", session, 1);
	} else {
		launchd_syslog(LOG_WARNING, "Could not set audit session: %d: %s.", errno, strerror(errno));
	}
#endif // !TARGET_OS_EMBEDDED
}

void
testfd_or_openfd(int fd, const char *path, int flags)
{
	int tmpfd;

	if (-1 != (tmpfd = dup(fd))) {
		(void)posix_assumes_zero(runtime_close(tmpfd));
	} else {
		if (-1 == (tmpfd = open(path, flags | O_NOCTTY, DEFFILEMODE))) {
			launchd_syslog(LOG_ERR, "open(\"%s\", ...): %m", path);
		} else if (tmpfd != fd) {
			(void)posix_assumes_zero(dup2(tmpfd, fd));
			(void)posix_assumes_zero(runtime_close(tmpfd));
		}
	}
}

bool
get_network_state(void)
{
	struct ifaddrs *ifa, *ifai;
	bool up = false;
	int r;

	/* Workaround 4978696: getifaddrs() reports false ENOMEM */
	while ((r = getifaddrs(&ifa)) == -1 && errno == ENOMEM) {
		launchd_syslog(LOG_DEBUG, "Worked around bug: 4978696");
		(void)posix_assumes_zero(sched_yield());
	}

	if (posix_assumes_zero(r) == -1) {
		return network_up;
	}

	for (ifai = ifa; ifai; ifai = ifai->ifa_next) {
		if (!(ifai->ifa_flags & IFF_UP)) {
			continue;
		}
		if (ifai->ifa_flags & IFF_LOOPBACK) {
			continue;
		}
		if (ifai->ifa_addr->sa_family != AF_INET && ifai->ifa_addr->sa_family != AF_INET6) {
			continue;
		}
		up = true;
		break;
	}

	freeifaddrs(ifa);

	return up;
}

void
monitor_networking_state(void)
{
	int pfs = _fd(socket(PF_SYSTEM, SOCK_RAW, SYSPROTO_EVENT));
	struct kev_request kev_req;

	network_up = get_network_state();

	if (pfs == -1) {
		(void)os_assumes_zero(errno);
		return;
	}

	memset(&kev_req, 0, sizeof(kev_req));
	kev_req.vendor_code = KEV_VENDOR_APPLE;
	kev_req.kev_class = KEV_NETWORK_CLASS;

	if (posix_assumes_zero(ioctl(pfs, SIOCSKEVFILT, &kev_req)) == -1) {
		runtime_close(pfs);
		return;
	}

	(void)posix_assumes_zero(kevent_mod(pfs, EVFILT_READ, EV_ADD, 0, 0, &kqpfsystem_callback));
}

void
pfsystem_callback(void *obj __attribute__((unused)), struct kevent *kev)
{
	bool new_networking_state;
	char buf[1024];

	(void)posix_assumes_zero(read((int)kev->ident, &buf, sizeof(buf)));

	new_networking_state = get_network_state();

	if (new_networking_state != network_up) {
		network_up = new_networking_state;
		jobmgr_dispatch_all_semaphores(root_jobmgr);
	}
}
Commit	Line	Data
	1	/*
	2	* Copyright (c) 2005 Apple Computer, Inc. All rights reserved.
	3	*
	4	* @APPLE_APACHE_LICENSE_HEADER_START@
	5	*
	6	* Licensed under the Apache License, Version 2.0 (the "License");
	7	* you may not use this file except in compliance with the License.
	8	* You may obtain a copy of the License at
	9	*
	10	* http://www.apache.org/licenses/LICENSE-2.0
	11	*
	12	* Unless required by applicable law or agreed to in writing, software
	13	* distributed under the License is distributed on an "AS IS" BASIS,
	14	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	15	* See the License for the specific language governing permissions and
	16	* limitations under the License.
	17	*
	18	* @APPLE_APACHE_LICENSE_HEADER_END@
	19	*/
	20
	21	#include "config.h"
	22	#include "launchd.h"
	23
	24	#include <sys/types.h>
	25	#include <sys/queue.h>
	26	#include <sys/event.h>
	27	#include <sys/stat.h>
	28	#include <sys/ucred.h>
	29	#include <sys/fcntl.h>
	30	#include <sys/un.h>
	31	#include <sys/wait.h>
	32	#include <sys/sysctl.h>
	33	#include <sys/sockio.h>
	34	#include <sys/time.h>
	35	#include <sys/resource.h>
	36	#include <sys/ioctl.h>
	37	#include <sys/mount.h>
	38	#include <sys/kern_event.h>
	39	#include <sys/reboot.h>
	40	#include <sys/socket.h>
	41	#include <sys/syscall.h>
	42	#include <net/if.h>
	43	#include <netinet/in.h>
	44	#include <netinet/in_var.h>
	45	#include <netinet6/nd6.h>
	46	#include <ifaddrs.h>
	47	#include <unistd.h>
	48	#include <signal.h>
	49	#include <errno.h>
	50	#include <libgen.h>
	51	#include <stdio.h>
	52	#include <stdlib.h>
	53	#include <stdarg.h>
	54	#include <stdbool.h>
	55	#include <paths.h>
	56	#include <pwd.h>
	57	#include <grp.h>
	58	#include <ttyent.h>
	59	#include <dlfcn.h>
	60	#include <dirent.h>
	61	#include <string.h>
	62	#include <setjmp.h>
	63	#include <spawn.h>
	64	#include <sched.h>
	65	#include <pthread.h>
	66	#include <util.h>
	67	#include <os/assumes.h>
	68
	69	#if HAVE_LIBAUDITD
	70	#include <bsm/auditd_lib.h>
	71	#include <bsm/audit_session.h>
	72	#endif
	73
	74	#include "bootstrap.h"
	75	#include "vproc.h"
	76	#include "vproc_priv.h"
	77	#include "vproc_internal.h"
	78	#include "launch.h"
	79	#include "launch_internal.h"
	80
	81	#include "runtime.h"
	82	#include "core.h"
	83	#include "ipc.h"
	84
	85	#define LAUNCHD_CONF ".launchd.conf"
	86
	87	extern char **environ;
	88
	89	static void pfsystem_callback(void , struct kevent );
	90
	91	static kq_callback kqpfsystem_callback = pfsystem_callback;
	92
	93	static void pid1_magic_init(void);
	94
	95	static void testfd_or_openfd(int fd, const char *path, int flags);
	96	static bool get_network_state(void);
	97	static void monitor_networking_state(void);
	98	static void fatal_signal_handler(int sig, siginfo_t si, void uap);
	99	static void handle_pid1_crashes_separately(void);
	100	static void do_pid1_crash_diagnosis_mode(const char *msg);
	101	static int basic_fork(void);
	102	static bool do_pid1_crash_diagnosis_mode2(const char *msg);
	103
	104	static void update_thread(void nothing);
	105
	106	static void *crash_addr;
	107	static pid_t crash_pid;
	108
	109	char *_launchd_database_dir;
	110	char *_launchd_log_dir;
	111
	112	bool launchd_shutting_down;
	113	bool network_up;
	114	uid_t launchd_uid;
	115	FILE *launchd_console = NULL;
	116	int32_t launchd_sync_frequency = 30;
	117
	118	int
	119	main(int argc, char const argv)
	120	{
	121	bool sflag = false;
	122	int ch;
	123
	124	/* This needs to be cleaned up. Currently, we risk tripping assumes() macros
	125	* before we've properly set things like launchd's log database paths, the
	126	* global launchd label for syslog messages and the like. Luckily, these are
	127	* operations that will probably never fail, like test_of_openfd(), the
	128	* stuff in launchd_runtime_init() and the stuff in
	129	* handle_pid1_crashes_separately().
	130	*/
	131	testfd_or_openfd(STDIN_FILENO, _PATH_DEVNULL, O_RDONLY);
	132	testfd_or_openfd(STDOUT_FILENO, _PATH_DEVNULL, O_WRONLY);
	133	testfd_or_openfd(STDERR_FILENO, _PATH_DEVNULL, O_WRONLY);
	134
	135	if (launchd_use_gmalloc) {
	136	if (!getenv("DYLD_INSERT_LIBRARIES")) {
	137	setenv("DYLD_INSERT_LIBRARIES", "/usr/lib/libgmalloc.dylib", 1);
	138	setenv("MALLOC_STRICT_SIZE", "1", 1);
	139	execv(argv[0], argv);
	140	} else {
	141	unsetenv("DYLD_INSERT_LIBRARIES");
	142	unsetenv("MALLOC_STRICT_SIZE");
	143	}
	144	} else if (launchd_malloc_log_stacks) {
	145	if (!getenv("MallocStackLogging")) {
	146	setenv("MallocStackLogging", "1", 1);
	147	execv(argv[0], argv);
	148	} else {
	149	unsetenv("MallocStackLogging");
	150	}
	151	}
	152
	153	while ((ch = getopt(argc, argv, "s")) != -1) {
	154	switch (ch) {
	155	case 's': sflag = true; break; /* single user */
	156	case '?': /* we should do something with the global optopt variable here */
	157	default:
	158	fprintf(stderr, "%s: ignoring unknown arguments\n", getprogname());
	159	break;
	160	}
	161	}
	162
	163	if (getpid() != 1 && getppid() != 1) {
	164	fprintf(stderr, "%s: This program is not meant to be run directly.\n", getprogname());
	165	exit(EXIT_FAILURE);
	166	}
	167
	168	launchd_runtime_init();
	169
	170	if (NULL == getenv("PATH")) {
	171	setenv("PATH", _PATH_STDPATH, 1);
	172	}
	173
	174	if (pid1_magic) {
	175	pid1_magic_init();
	176
	177	int cfd = -1;
	178	if ((cfd = open(_PATH_CONSOLE, O_WRONLY \| O_NOCTTY)) != -1) {
	179	_fd(cfd);
	180	if (!(launchd_console = fdopen(cfd, "w"))) {
	181	(void)close(cfd);
	182	}
	183	}
	184
	185	char *extra = "";
	186	if (launchd_osinstaller) {
	187	extra = " in the OS Installer";
	188	} else if (sflag) {
	189	extra = " in single-user mode";
	190	}
	191
	192	launchd_syslog(LOG_NOTICE \| LOG_CONSOLE, "* launchd[1] has started up%s. *", extra);
	193	if (launchd_use_gmalloc) {
	194	launchd_syslog(LOG_NOTICE \| LOG_CONSOLE, "* Using libgmalloc. *");
	195	}
	196
	197	if (launchd_verbose_boot) {
	198	launchd_syslog(LOG_NOTICE \| LOG_CONSOLE, "* Verbose boot, will log to /dev/console. *");
	199	}
	200
	201	if (launchd_shutdown_debugging) {
	202	launchd_syslog(LOG_NOTICE \| LOG_CONSOLE, "* Shutdown debugging is enabled. *");
	203	}
	204
	205	if (launchd_log_shutdown) {
	206	launchd_syslog(LOG_NOTICE \| LOG_CONSOLE, "* Shutdown logging is enabled. *");
	207	}
	208
	209	if (launchd_log_perf) {
	210	launchd_syslog(LOG_NOTICE \| LOG_CONSOLE, "* Performance logging is enabled. *");
	211	}
	212
	213	if (launchd_log_debug) {
	214	launchd_syslog(LOG_NOTICE \| LOG_CONSOLE, "* Debug logging is enabled. *");
	215	}
	216
	217	handle_pid1_crashes_separately();
	218
	219	/* Start the update thread.
	220	*
	221	* <rdar://problem/5039559&6153301>
	222	*/
	223	pthread_t t = NULL;
	224	(void)os_assumes_zero(pthread_create(&t, NULL, update_thread, NULL));
	225	(void)os_assumes_zero(pthread_detach(t));
	226
	227	/* PID 1 doesn't have a flat namespace. */
	228	launchd_flat_mach_namespace = false;
	229	fflush(launchd_console);
	230	} else {
	231	launchd_uid = getuid();
	232	launchd_var_available = true;
	233	if (asprintf(&launchd_label, "com.apple.launchd.peruser.%u", launchd_uid) == 0) {
	234	launchd_label = "com.apple.launchd.peruser.unknown";
	235	}
	236
	237	struct passwd *pwent = getpwuid(launchd_uid);
	238	if (pwent) {
	239	launchd_username = strdup(pwent->pw_name);
	240	} else {
	241	launchd_username = "(unknown)";
	242	}
	243
	244	if (asprintf(&_launchd_database_dir, LAUNCHD_DB_PREFIX "/com.apple.launchd.peruser.%u", launchd_uid) == 0) {
	245	_launchd_database_dir = "";
	246	}
	247
	248	if (asprintf(&_launchd_log_dir, LAUNCHD_LOG_PREFIX "/com.apple.launchd.peruser.%u", launchd_uid) == 0) {
	249	_launchd_log_dir = "";
	250	}
	251
	252	if (launchd_allow_global_dyld_envvars) {
	253	launchd_syslog(LOG_WARNING, "Per-user launchd will allow DYLD_* environment variables in the global environment.");
	254	}
	255
	256	ipc_server_init();
	257	launchd_log_push();
	258
	259	auditinfo_addr_t auinfo;
	260	if (posix_assumes_zero(getaudit_addr(&auinfo, sizeof(auinfo))) != -1) {
	261	launchd_audit_session = auinfo.ai_asid;
	262	launchd_syslog(LOG_DEBUG, "Our audit session ID is %i", launchd_audit_session);
	263	}
	264
	265	launchd_audit_port = _audit_session_self();
	266
	267	vproc_transaction_begin(NULL);
	268	vproc_transaction_end(NULL, NULL);
	269
	270	launchd_syslog(LOG_DEBUG, "Per-user launchd started (UID/username): %u/%s.", launchd_uid, launchd_username);
	271	}
	272
	273	monitor_networking_state();
	274	jobmgr_init(sflag);
	275
	276	launchd_runtime_init2();
	277	launchd_runtime();
	278	}
	279
	280	void
	281	handle_pid1_crashes_separately(void)
	282	{
	283	struct sigaction fsa;
	284
	285	fsa.sa_sigaction = fatal_signal_handler;
	286	fsa.sa_flags = SA_SIGINFO;
	287	sigemptyset(&fsa.sa_mask);
	288
	289	(void)posix_assumes_zero(sigaction(SIGILL, &fsa, NULL));
	290	(void)posix_assumes_zero(sigaction(SIGFPE, &fsa, NULL));
	291	(void)posix_assumes_zero(sigaction(SIGBUS, &fsa, NULL));
	292	(void)posix_assumes_zero(sigaction(SIGTRAP, &fsa, NULL));
	293	(void)posix_assumes_zero(sigaction(SIGABRT, &fsa, NULL));
	294	(void)posix_assumes_zero(sigaction(SIGSEGV, &fsa, NULL));
	295	}
	296
	297	void *
	298	update_thread(void *nothing __attribute__((unused)))
	299	{
	300	(void)posix_assumes_zero(setiopolicy_np(IOPOL_TYPE_DISK, IOPOL_SCOPE_THREAD, IOPOL_THROTTLE));
	301
	302	while (launchd_sync_frequency) {
	303	sync();
	304	sleep(launchd_sync_frequency);
	305	}
	306
	307	launchd_syslog(LOG_DEBUG, "Update thread exiting.");
	308	return NULL;
	309	}
	310
	311	#define PID1_CRASH_LOGFILE "/var/log/launchd-pid1.crash"
	312
	313	/* This hack forces the dynamic linker to resolve these symbols ASAP */
	314	static __attribute__((unused)) typeof(sync) *__junk_dyld_trick1 = sync;
	315	static __attribute__((unused)) typeof(sleep) *__junk_dyld_trick2 = sleep;
	316	static __attribute__((unused)) typeof(reboot) *__junk_dyld_trick3 = reboot;
	317
	318	void
	319	do_pid1_crash_diagnosis_mode(const char *msg)
	320	{
	321	if (launchd_wsp) {
	322	kill(launchd_wsp, SIGKILL);
	323	sleep(3);
	324	launchd_wsp = 0;
	325	}
	326
	327	while (launchd_shutdown_debugging && !do_pid1_crash_diagnosis_mode2(msg)) {
	328	sleep(1);
	329	}
	330	}
	331
	332	int
	333	basic_fork(void)
	334	{
	335	int wstatus = 0;
	336	pid_t p;
	337
	338	switch ((p = fork())) {
	339	case -1:
	340	launchd_syslog(LOG_ERR \| LOG_CONSOLE, "Can't fork PID 1 copy for crash debugging: %m");
	341	return p;
	342	case 0:
	343	return p;
	344	default:
	345	do {
	346	(void)waitpid(p, &wstatus, 0);
	347	} while(!WIFEXITED(wstatus));
	348
	349	fprintf(stdout, "PID 1 copy: exit status: %d\n", WEXITSTATUS(wstatus));
	350
	351	return 1;
	352	}
	353
	354	return -1;
	355	}
	356
	357	bool
	358	do_pid1_crash_diagnosis_mode2(const char *msg)
	359	{
	360	if (basic_fork() == 0) {
	361	/* Neuter our bootstrap port so that the shell doesn't try talking to us
	362	* while we're blocked waiting on it.
	363	*/
	364	if (launchd_console) {
	365	fflush(launchd_console);
	366	}
	367
	368	task_set_bootstrap_port(mach_task_self(), MACH_PORT_NULL);
	369	if (basic_fork() != 0) {
	370	if (launchd_console) {
	371	fflush(launchd_console);
	372	}
	373
	374	return true;
	375	}
	376	} else {
	377	return true;
	378	}
	379
	380	int fd;
	381	revoke(_PATH_CONSOLE);
	382	if ((fd = open(_PATH_CONSOLE, O_RDWR)) == -1) {
	383	_exit(2);
	384	}
	385	if (login_tty(fd) == -1) {
	386	_exit(3);
	387	}
	388
	389	setenv("TERM", "vt100", 1);
	390	fprintf(stdout, "\n");
	391	fprintf(stdout, "Entering launchd PID 1 debugging mode...\n");
	392	fprintf(stdout, "The PID 1 launchd has crashed %s.\n", msg);
	393	fprintf(stdout, "It has fork(2)ed itself for debugging.\n");
	394	fprintf(stdout, "To debug the crashing thread of PID 1:\n");
	395	fprintf(stdout, " gdb attach %d\n", getppid());
	396	fprintf(stdout, "To exit this shell and shut down:\n");
	397	fprintf(stdout, " kill -9 1\n");
	398	fprintf(stdout, "A sample of PID 1 has been written to %s\n", PID1_CRASH_LOGFILE);
	399	fprintf(stdout, "\n");
	400	fflush(stdout);
	401
	402	execl(_PATH_BSHELL, "-sh", NULL);
	403	syslog(LOG_ERR, "can't exec %s for PID 1 crash debugging: %m", _PATH_BSHELL);
	404	_exit(EXIT_FAILURE);
	405	}
	406
	407	void
	408	fatal_signal_handler(int sig, siginfo_t si, void uap __attribute__((unused)))
	409	{
	410	const char *doom_why = "at instruction";
	411	char msg[128];
	412	#if 0
	413	char *sample_args[] = { "/usr/bin/sample", "1", "1", "-file", PID1_CRASH_LOGFILE, NULL };
	414	pid_t sample_p;
	415	int wstatus;
	416	#endif
	417
	418	crash_addr = si->si_addr;
	419	crash_pid = si->si_pid;
	420	#if 0
	421	setenv("XPC_SERVICES_UNAVAILABLE", "1", 0);
	422	unlink(PID1_CRASH_LOGFILE);
	423
	424	switch ((sample_p = vfork())) {
	425	case 0:
	426	execve(sample_args[0], sample_args, environ);
	427	_exit(EXIT_FAILURE);
	428	break;
	429	default:
	430	waitpid(sample_p, &wstatus, 0);
	431	break;
	432	case -1:
	433	break;
	434	}
	435	#endif
	436	switch (sig) {
	437	default:
	438	case 0:
	439	break;
	440	case SIGBUS:
	441	case SIGSEGV:
	442	doom_why = "trying to read/write";
	443	case SIGILL:
	444	case SIGFPE:
	445	case SIGTRAP:
	446	snprintf(msg, sizeof(msg), "%s: %p (%s sent by PID %u)", doom_why, crash_addr, strsignal(sig), crash_pid);
	447	sync();
	448	do_pid1_crash_diagnosis_mode(msg);
	449	sleep(3);
	450	reboot(0);
	451	break;
	452	}
	453	}
	454
	455	void
	456	pid1_magic_init(void)
	457	{
	458	launchd_label = "com.apple.launchd";
	459	launchd_username = "system";
	460
	461	_launchd_database_dir = LAUNCHD_DB_PREFIX "/com.apple.launchd";
	462	_launchd_log_dir = LAUNCHD_LOG_PREFIX "/com.apple.launchd";
	463
	464	(void)posix_assumes_zero(setsid());
	465	(void)posix_assumes_zero(chdir("/"));
	466	(void)posix_assumes_zero(setlogin("root"));
	467
	468	#if !TARGET_OS_EMBEDDED
	469	auditinfo_addr_t auinfo = {
	470	.ai_termid = {
	471	.at_type = AU_IPv4
	472	},
	473	.ai_asid = AU_ASSIGN_ASID,
	474	.ai_auid = AU_DEFAUDITID,
	475	.ai_flags = AU_SESSION_FLAG_IS_INITIAL,
	476	};
	477
	478	if (setaudit_addr(&auinfo, sizeof(auinfo)) == -1) {
	479	launchd_syslog(LOG_WARNING \| LOG_CONSOLE, "Could not set audit session: %d: %s.", errno, strerror(errno));
	480	_exit(EXIT_FAILURE);
	481	}
	482
	483	launchd_audit_session = auinfo.ai_asid;
	484	launchd_syslog(LOG_DEBUG, "Audit Session ID: %i", launchd_audit_session);
	485
	486	launchd_audit_port = _audit_session_self();
	487	#endif // !TARGET_OS_EMBEDDED
	488	}
	489
	490	char *
	491	launchd_copy_persistent_store(int type, const char *file)
	492	{
	493	char *result = NULL;
	494	if (!file) {
	495	file = "";
	496	}
	497
	498	switch (type) {
	499	case LAUNCHD_PERSISTENT_STORE_DB:
	500	(void)asprintf(&result, "%s/%s", _launchd_database_dir, file);
	501	break;
	502	case LAUNCHD_PERSISTENT_STORE_LOGS:
	503	(void)asprintf(&result, "%s/%s", _launchd_log_dir, file);
	504	break;
	505	default:
	506	break;
	507	}
	508
	509	return result;
	510	}
	511
	512	int
	513	_fd(int fd)
	514	{
	515	if (fd >= 0) {
	516	(void)posix_assumes_zero(fcntl(fd, F_SETFD, 1));
	517	}
	518	return fd;
	519	}
	520
	521	void
	522	launchd_shutdown(void)
	523	{
	524	int64_t now;
	525
	526	if (launchd_shutting_down) {
	527	return;
	528	}
	529
	530	runtime_ktrace0(RTKT_LAUNCHD_EXITING);
	531
	532	launchd_shutting_down = true;
	533	launchd_log_push();
	534
	535	now = runtime_get_wall_time();
	536
	537	char *term_who = pid1_magic ? "System shutdown" : "Per-user launchd termination for ";
	538	launchd_syslog(LOG_INFO, "%s%s began", term_who, pid1_magic ? "" : launchd_username);
	539
	540	os_assert(jobmgr_shutdown(root_jobmgr) != NULL);
	541
	542	#if HAVE_LIBAUDITD
	543	if (pid1_magic) {
	544	(void)os_assumes_zero(audit_quick_stop());
	545	}
	546	#endif
	547	}
	548
	549	void
	550	launchd_SessionCreate(void)
	551	{
	552	#if !TARGET_OS_EMBEDDED
	553	auditinfo_addr_t auinfo = {
	554	.ai_termid = { .at_type = AU_IPv4 },
	555	.ai_asid = AU_ASSIGN_ASID,
	556	.ai_auid = getuid(),
	557	.ai_flags = 0,
	558	};
	559	if (setaudit_addr(&auinfo, sizeof(auinfo)) == 0) {
	560	char session[16];
	561	snprintf(session, sizeof(session), "%x", auinfo.ai_asid);
	562	setenv("SECURITYSESSIONID", session, 1);
	563	} else {
	564	launchd_syslog(LOG_WARNING, "Could not set audit session: %d: %s.", errno, strerror(errno));
	565	}
	566	#endif // !TARGET_OS_EMBEDDED
	567	}
	568
	569	void
	570	testfd_or_openfd(int fd, const char *path, int flags)
	571	{
	572	int tmpfd;
	573
	574	if (-1 != (tmpfd = dup(fd))) {
	575	(void)posix_assumes_zero(runtime_close(tmpfd));
	576	} else {
	577	if (-1 == (tmpfd = open(path, flags \| O_NOCTTY, DEFFILEMODE))) {
	578	launchd_syslog(LOG_ERR, "open(\"%s\", ...): %m", path);
	579	} else if (tmpfd != fd) {
	580	(void)posix_assumes_zero(dup2(tmpfd, fd));
	581	(void)posix_assumes_zero(runtime_close(tmpfd));
	582	}
	583	}
	584	}
	585
	586	bool
	587	get_network_state(void)
	588	{
	589	struct ifaddrs ifa, ifai;
	590	bool up = false;
	591	int r;
	592
	593	/* Workaround 4978696: getifaddrs() reports false ENOMEM */
	594	while ((r = getifaddrs(&ifa)) == -1 && errno == ENOMEM) {
	595	launchd_syslog(LOG_DEBUG, "Worked around bug: 4978696");
	596	(void)posix_assumes_zero(sched_yield());
	597	}
	598
	599	if (posix_assumes_zero(r) == -1) {
	600	return network_up;
	601	}
	602
	603	for (ifai = ifa; ifai; ifai = ifai->ifa_next) {
	604	if (!(ifai->ifa_flags & IFF_UP)) {
	605	continue;
	606	}
	607	if (ifai->ifa_flags & IFF_LOOPBACK) {
	608	continue;
	609	}
	610	if (ifai->ifa_addr->sa_family != AF_INET && ifai->ifa_addr->sa_family != AF_INET6) {
	611	continue;
	612	}
	613	up = true;
	614	break;
	615	}
	616
	617	freeifaddrs(ifa);
	618
	619	return up;
	620	}
	621
	622	void
	623	monitor_networking_state(void)
	624	{
	625	int pfs = _fd(socket(PF_SYSTEM, SOCK_RAW, SYSPROTO_EVENT));
	626	struct kev_request kev_req;
	627
	628	network_up = get_network_state();
	629
	630	if (pfs == -1) {
	631	(void)os_assumes_zero(errno);
	632	return;
	633	}
	634
	635	memset(&kev_req, 0, sizeof(kev_req));
	636	kev_req.vendor_code = KEV_VENDOR_APPLE;
	637	kev_req.kev_class = KEV_NETWORK_CLASS;
	638
	639	if (posix_assumes_zero(ioctl(pfs, SIOCSKEVFILT, &kev_req)) == -1) {
	640	runtime_close(pfs);
	641	return;
	642	}
	643
	644	(void)posix_assumes_zero(kevent_mod(pfs, EVFILT_READ, EV_ADD, 0, 0, &kqpfsystem_callback));
	645	}
	646
	647	void
	648	pfsystem_callback(void obj __attribute__((unused)), struct kevent kev)
	649	{
	650	bool new_networking_state;
	651	char buf[1024];
	652
	653	(void)posix_assumes_zero(read((int)kev->ident, &buf, sizeof(buf)));
	654
	655	new_networking_state = get_network_state();
	656
	657	if (new_networking_state != network_up) {
	658	network_up = new_networking_state;
	659	jobmgr_dispatch_all_semaphores(root_jobmgr);
	660	}
	661	}