* @APPLE_APACHE_LICENSE_HEADER_END@
*/
-static const char *const __rcs_file_version__ = "$Revision: 23566 $";
+static const char *const __rcs_file_version__ = "$Revision: 23642 $";
#include "liblaunch_public.h"
#include "liblaunch_private.h"
#include <readline/history.h>
#include <dns_sd.h>
#include <paths.h>
-#include <utmp.h>
#include <utmpx.h>
#include <bootfiles.h>
#include <sysexits.h>
#if TARGET_OS_EMBEDDED
if (path_check("/etc/fstab")) {
const char *mount_tool[] = { "mount", "-vat", "nonfs", NULL };
- assumes(fwexec(mount_tool, true) != -1);
+ if (!assumes(fwexec(mount_tool, true) != -1)) {
+ assumes(fwexec(nvram_tool, true) != -1);
+ assumes(reboot(RB_AUTOBOOT) != -1);
+ }
} else
#endif
{
* @APPLE_APACHE_LICENSE_HEADER_END@
*/
-static const char *const __rcs_file_version__ = "$Revision: 23585 $";
+static const char *const __rcs_file_version__ = "$Revision: 23646 $";
#include "config.h"
#include "launchd_core_logic.h"
static bool job_setup_machport(job_t j);
static void job_setup_fd(job_t j, int target_fd, const char *path, int flags);
static void job_postfork_become_user(job_t j);
+static void job_enable_audit_for_user(job_t j, uid_t u, char *name);
static void job_find_and_blame_pids_with_weird_uids(job_t j);
static void job_force_sampletool(job_t j);
static void job_setup_exception_port(job_t j, task_t target_task);
}
j->last_exit_status = status;
j->sent_sigkill = false;
+ j->lastlookup = NULL;
+ j->lastlookup_gennum = 0;
j->p = 0;
/*
if (!j->legacy_mach_job) {
sipc = (!SLIST_EMPTY(&j->sockets) || !SLIST_EMPTY(&j->machservices));
+#if TARGET_OS_EMBEDDED
+ if (j->username && strcmp(j->username, "mobile") == 0 && strncmp(j->label, "com.apple.", strlen("com.apple.")) != 0) {
+ sipc = false;
+ }
+#endif
}
j->checkedin = false;
free(kp);
}
+void
+job_enable_audit_for_user(job_t j, uid_t u, char *name)
+{
+ auditinfo_t auinfo = {
+ .ai_auid = u,
+ .ai_asid = j->p,
+ };
+ long au_cond;
+
+ if (!job_assumes(j, auditon(A_GETCOND, &au_cond, sizeof(long)) == 0)) {
+ _exit(EXIT_FAILURE);
+ }
+
+ if (au_cond != AUC_NOAUDIT) {
+ if (!job_assumes(j, au_user_mask(name, &auinfo.ai_mask) == 0)) {
+ _exit(EXIT_FAILURE);
+ } else if (!job_assumes(j, setaudit(&auinfo) == 0)) {
+ _exit(EXIT_FAILURE);
+ }
+ }
+}
+
void
job_postfork_become_user(job_t j)
{
desired_gid = gre->gr_gid;
}
+ job_enable_audit_for_user(j, desired_uid, loginname);
+
if (!job_assumes(j, setlogin(loginname) != -1)) {
_exit(EXIT_FAILURE);
}
struct ldcred ldc;
job_t js;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
struct ldcred ldc;
job_t ji;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
ms = jobmgr_lookup_service(j->mgr, servicename, true, 0);
}
- if (ms && machservice_hidden(ms) && !job_active(machservice_job(ms))) {
+ if (ms && machservice_hidden(ms) && !machservice_active(ms)) {
ms = NULL;
} else if (ms && ms->per_user_hack) {
ms = NULL;
jobmgr_t jm;
job_t ji;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
struct ldcred ldc;
jobmgr_t jmr = NULL;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
jobmgr_t jm;
job_t ji;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
kern_return_t
job_mig_set_service_policy(job_t j, pid_t target_pid, uint64_t flags, name_t target_service)
{
+ struct ldcred ldc;
job_t target_j;
if (!launchd_assumes(j != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
+ runtime_get_caller_creds(&ldc);
+
+#if TARGET_OS_EMBEDDED
+ if (ldc.euid) {
+#else
+ if (ldc.euid && (ldc.euid != getuid())) {
+#endif
+ return BOOTSTRAP_NOT_PRIVILEGED;
+ }
+
if (!job_assumes(j, (target_j = jobmgr_find_by_pid(j->mgr, target_pid, true)) != NULL)) {
return BOOTSTRAP_NO_MEMORY;
}
struct ldcred ldc;
job_t jr;
+#if TARGET_OS_EMBEDDED
+ return BOOTSTRAP_NOT_PRIVILEGED;
+#endif
+
runtime_get_caller_creds(&ldc);
if (!launchd_assumes(j != NULL)) {
* @APPLE_APACHE_LICENSE_HEADER_END@
*/
-#if !defined(__LP64__) && !defined(__arm__)
-#define _NONSTD_SOURCE 1
-#define old_kill(x, y) kill(x, y)
-#define old_killpg(x, y) killpg(x, y)
-#else
-/* ??? No blessed way to get the old behavior */
-extern int __kill(int, int, int);
-#define old_kill(x, y) __kill(x, y, 0)
-#define old_killpg(x, y) __kill(-(x), y, 0)
-#endif
+#include <sys/syscall.h>
+#include <unistd.h>
#include <signal.h>
#include "launchd_runtime_kill.h"
-/*
- * POSIX defines consistency over correctness, and consequently kill/killpg now
- * returns EPERM instead of ESRCH.
- *
- * I've filed 5487498 to get a non-portable kill() variant, but for now,
- * defining _NONSTD_SOURCE gets us the old behavior.
- */
-
int
runtime_kill(pid_t pid, int sig)
{
- return old_kill(pid, sig);
+ /*
+ * POSIX defines consistency over correctness, and consequently
+ * kill/killpg now returns EPERM instead of ESRCH.
+ *
+ * I've filed 5487498 to get a non-portable kill().
+ * We'll regretfully take advantage of implementation details for now.
+ */
+ return syscall(SYS_kill, pid, sig, 0);
}
int
runtime_killpg(pid_t pgrp, int sig)
{
- return old_killpg(pgrp, sig);
+ return runtime_kill(-pgrp, sig);
}
projects / apple / launchd.git / commitdiff
