* @APPLE_APACHE_LICENSE_HEADER_END@
*/
-static const char *const __rcs_file_version__ = "$Revision: 23585 $";
+static const char *const __rcs_file_version__ = "$Revision: 23646 $";
#include "config.h"
#include "launchd_core_logic.h"
static bool job_setup_machport(job_t j);
static void job_setup_fd(job_t j, int target_fd, const char *path, int flags);
static void job_postfork_become_user(job_t j);
+static void job_enable_audit_for_user(job_t j, uid_t u, char *name);
static void job_find_and_blame_pids_with_weird_uids(job_t j);
static void job_force_sampletool(job_t j);
static void job_setup_exception_port(job_t j, task_t target_task);
}
j->last_exit_status = status;
j->sent_sigkill = false;
+ j->lastlookup = NULL;
+ j->lastlookup_gennum = 0;
j->p = 0;
/*
if (!j->legacy_mach_job) {
sipc = (!SLIST_EMPTY(&j->sockets) || !SLIST_EMPTY(&j->machservices));
+#if TARGET_OS_EMBEDDED
+ if (j->username && strcmp(j->username, "mobile") == 0 && strncmp(j->label, "com.apple.", strlen("com.apple.")) != 0) {
+ sipc = false;
+ }
+#endif
}
j->checkedin = false;
free(kp);
}
+void
+job_enable_audit_for_user(job_t j, uid_t u, char *name)
+{
+ auditinfo_t auinfo = {
+ .ai_auid = u,
+ .ai_asid = j->p,
+ };
+ long au_cond;
+
+ if (!job_assumes(j, auditon(A_GETCOND, &au_cond, sizeof(long)) == 0)) {
+ _exit(EXIT_FAILURE);
+ }
+
+ if (au_cond != AUC_NOAUDIT) {
+ if (!job_assumes(j, au_user_mask(name, &auinfo.ai_mask) == 0)) {
+ _exit(EXIT_FAILURE);
+ } else if (!job_assumes(j, setaudit(&auinfo) == 0)) {
+ _exit(EXIT_FAILURE);
+ }
+ }
+}
+
void
job_postfork_become_user(job_t j)
{
desired_gid = gre->gr_gid;
}
+ job_enable_audit_for_user(j, desired_uid, loginname);
+
if (!job_assumes(j, setlogin(loginname) != -1)) {
_exit(EXIT_FAILURE);
}
struct ldcred ldc;
job_t js;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
struct ldcred ldc;
job_t ji;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
ms = jobmgr_lookup_service(j->mgr, servicename, true, 0);
}
- if (ms && machservice_hidden(ms) && !job_active(machservice_job(ms))) {
+ if (ms && machservice_hidden(ms) && !machservice_active(ms)) {
ms = NULL;
} else if (ms && ms->per_user_hack) {
ms = NULL;
jobmgr_t jm;
job_t ji;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
struct ldcred ldc;
jobmgr_t jmr = NULL;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
jobmgr_t jm;
job_t ji;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
kern_return_t
job_mig_set_service_policy(job_t j, pid_t target_pid, uint64_t flags, name_t target_service)
{
+ struct ldcred ldc;
job_t target_j;
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
+ runtime_get_caller_creds(&ldc);
+
+#if TARGET_OS_EMBEDDED
+ if (ldc.euid) {
+#else
+ if (ldc.euid && (ldc.euid != getuid())) {
+#endif
+ return BOOTSTRAP_NOT_PRIVILEGED;
+ }
+
if (!job_assumes(j, (target_j = jobmgr_find_by_pid(j->mgr, target_pid, true)) != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
struct ldcred ldc;
job_t jr;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
runtime_get_caller_creds(&ldc);
if (!launchd_assumes(j != NULL)) {
projects / apple / launchd.git / blobdiff