From: Apple Date: Wed, 2 Apr 2008 20:18:49 +0000 (+0000) Subject: launchd-258.12.tar.gz X-Git-Tag: mac-os-x-1053^0 X-Git-Url: https://git.saurik.com/apple/launchd.git/commitdiff_plain/f36da7255a20425f2d20e60b928ac991b21835df launchd-258.12.tar.gz --- diff --git a/Makefile b/Makefile index 17244dd..30024bf 100644 --- a/Makefile +++ b/Makefile @@ -1,26 +1,36 @@ +ifndef SDKROOT +export SDKROOT = / +endif + Project = launchd Extra_Configure_Flags = --sbindir=/sbin --bindir=/bin --sysconfdir=/private/etc GnuAfterInstall = launchd_after_install include $(MAKEFILEPATH)/CoreOS/ReleaseControl/GNUSource.make Install_Flags = DESTDIR=$(DSTROOT) +ifeq ($(shell tconf --test TARGET_OS_EMBEDDED),YES) +Extra_Configure_Flags += --host=none-apple-darwin +endif + launchd_after_install:: ifeq ($(RC_ProjectName),launchd_libs) -find -d $(DSTROOT) -type f | grep -v /usr/local/lib/system | xargs rm -find -d $(DSTROOT) -type l | grep -v /usr/local/lib/system | xargs rm -find -d $(DSTROOT) -type d | grep -v /usr/local/lib/system | xargs rmdir else +ifeq ($(shell tconf --test TARGET_OS_EMBEDDED),NO) mkdir -p $(DSTROOT)/Library/StartupItems chmod 755 $(DSTROOT)/Library/StartupItems mkdir -p $(DSTROOT)/System/Library/StartupItems chmod 755 $(DSTROOT)/System/Library/StartupItems +endif rm -rf $(DSTROOT)/usr/local/lib/system cp $(OBJROOT)/src/launchd $(SYMROOT) cp $(OBJROOT)/src/launchctl $(SYMROOT) cp $(OBJROOT)/src/launchproxy $(SYMROOT) - dsymutil $(SYMROOT)/launchd - dsymutil $(SYMROOT)/launchctl - dsymutil $(SYMROOT)/launchproxy + -dsymutil $(SYMROOT)/launchd + -dsymutil $(SYMROOT)/launchctl + -dsymutil $(SYMROOT)/launchproxy endif launchd_libs:: install diff --git a/launchd/Makefile.in b/launchd/Makefile.in index 8e37b95..43956c2 100644 --- a/launchd/Makefile.in +++ b/launchd/Makefile.in @@ -97,6 +97,7 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ +LIBS_SECURITY = @LIBS_SECURITY@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ @@ -113,6 +114,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +WEAKLIBS_SECURITY = @WEAKLIBS_SECURITY@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ diff --git a/launchd/aclocal.m4 b/launchd/aclocal.m4 index d898164..b6d1f15 100644 --- a/launchd/aclocal.m4 +++ b/launchd/aclocal.m4 @@ -365,18 +365,6 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 -# Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 8 - -# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS. -AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)]) - # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, diff --git a/launchd/configure b/launchd/configure index 029a88c..ff73aa0 100755 --- a/launchd/configure +++ b/launchd/configure @@ -698,8 +698,12 @@ GREP EGREP ALLOCA LIBOBJS +LIBS_SECURITY +WEAKLIBS_SECURITY LIBS_ONLY_TRUE LIBS_ONLY_FALSE +DO_EMBEDDED_MAGIC_TRUE +DO_EMBEDDED_MAGIC_FALSE LTLIBOBJS' ac_subst_files='' ac_precious_vars='build_alias @@ -6575,241 +6579,6 @@ esac fi -for ac_header in stdlib.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## -------------------------------------------------- ## -## Report this to launchd-bug-reports@group.apple.com ## -## -------------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -{ echo "$as_me:$LINENO: checking for GNU libc compatible malloc" >&5 -echo $ECHO_N "checking for GNU libc compatible malloc... $ECHO_C" >&6; } -if test "${ac_cv_func_malloc_0_nonnull+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "$cross_compiling" = yes; then - ac_cv_func_malloc_0_nonnull=no -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#if defined STDC_HEADERS || defined HAVE_STDLIB_H -# include -#else -char *malloc (); -#endif - -int -main () -{ -return ! malloc (0); - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_malloc_0_nonnull=yes -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_malloc_0_nonnull=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_malloc_0_nonnull" >&5 -echo "${ECHO_T}$ac_cv_func_malloc_0_nonnull" >&6; } -if test $ac_cv_func_malloc_0_nonnull = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_MALLOC 1 -_ACEOF - -else - cat >>confdefs.h <<\_ACEOF -#define HAVE_MALLOC 0 -_ACEOF - - case " $LIBOBJS " in - *" malloc.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS malloc.$ac_objext" - ;; -esac - - -cat >>confdefs.h <<\_ACEOF -#define malloc rpl_malloc -_ACEOF - -fi - - - - @@ -7324,7 +7093,7 @@ fi -for ac_header in stdlib.h unistd.h +for ac_header in sys/select.h sys/socket.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then @@ -7468,687 +7237,26 @@ fi done - -for ac_func in getpagesize -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then +{ echo "$as_me:$LINENO: checking types of arguments for select" >&5 +echo $ECHO_N "checking types of arguments for select... $ECHO_C" >&6; } +if test "${ac_cv_func_select_args+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat >conftest.$ac_ext <<_ACEOF + for ac_arg234 in 'fd_set *' 'int *' 'void *'; do + for ac_arg1 in 'int' 'size_t' 'unsigned long int' 'unsigned int'; do + for ac_arg5 in 'struct timeval *' 'const struct timeval *'; do + cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include +$ac_includes_default +#ifdef HAVE_SYS_SELECT_H +# include #endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -{ echo "$as_me:$LINENO: checking for working mmap" >&5 -echo $ECHO_N "checking for working mmap... $ECHO_C" >&6; } -if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "$cross_compiling" = yes; then - ac_cv_func_mmap_fixed_mapped=no -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -/* malloc might have been renamed as rpl_malloc. */ -#undef malloc - -/* Thanks to Mike Haertel and Jim Avera for this test. - Here is a matrix of mmap possibilities: - mmap private not fixed - mmap private fixed at somewhere currently unmapped - mmap private fixed at somewhere already mapped - mmap shared not fixed - mmap shared fixed at somewhere currently unmapped - mmap shared fixed at somewhere already mapped - For private mappings, we should verify that changes cannot be read() - back from the file, nor mmap's back from the file at a different - address. (There have been systems where private was not correctly - implemented like the infamous i386 svr4.0, and systems where the - VM page cache was not coherent with the file system buffer cache - like early versions of FreeBSD and possibly contemporary NetBSD.) - For shared mappings, we should conversely verify that changes get - propagated back to all the places they're supposed to be. - - Grep wants private fixed already mapped. - The main things grep needs to know about mmap are: - * does it exist and is it safe to write into the mmap'd area - * how to use it (BSD variants) */ - -#include -#include - -#if !defined STDC_HEADERS && !defined HAVE_STDLIB_H -char *malloc (); -#endif - -/* This mess was copied from the GNU getpagesize.h. */ -#ifndef HAVE_GETPAGESIZE -/* Assume that all systems that can run configure have sys/param.h. */ -# ifndef HAVE_SYS_PARAM_H -# define HAVE_SYS_PARAM_H 1 -# endif - -# ifdef _SC_PAGESIZE -# define getpagesize() sysconf(_SC_PAGESIZE) -# else /* no _SC_PAGESIZE */ -# ifdef HAVE_SYS_PARAM_H -# include -# ifdef EXEC_PAGESIZE -# define getpagesize() EXEC_PAGESIZE -# else /* no EXEC_PAGESIZE */ -# ifdef NBPG -# define getpagesize() NBPG * CLSIZE -# ifndef CLSIZE -# define CLSIZE 1 -# endif /* no CLSIZE */ -# else /* no NBPG */ -# ifdef NBPC -# define getpagesize() NBPC -# else /* no NBPC */ -# ifdef PAGESIZE -# define getpagesize() PAGESIZE -# endif /* PAGESIZE */ -# endif /* no NBPC */ -# endif /* no NBPG */ -# endif /* no EXEC_PAGESIZE */ -# else /* no HAVE_SYS_PARAM_H */ -# define getpagesize() 8192 /* punt totally */ -# endif /* no HAVE_SYS_PARAM_H */ -# endif /* no _SC_PAGESIZE */ - -#endif /* no HAVE_GETPAGESIZE */ - -int -main () -{ - char *data, *data2, *data3; - int i, pagesize; - int fd; - - pagesize = getpagesize (); - - /* First, make a file with some known garbage in it. */ - data = (char *) malloc (pagesize); - if (!data) - return 1; - for (i = 0; i < pagesize; ++i) - *(data + i) = rand (); - umask (0); - fd = creat ("conftest.mmap", 0600); - if (fd < 0) - return 1; - if (write (fd, data, pagesize) != pagesize) - return 1; - close (fd); - - /* Next, try to mmap the file at a fixed address which already has - something else allocated at it. If we can, also make sure that - we see the same garbage. */ - fd = open ("conftest.mmap", O_RDWR); - if (fd < 0) - return 1; - data2 = (char *) malloc (2 * pagesize); - if (!data2) - return 1; - data2 += (pagesize - ((long int) data2 & (pagesize - 1))) & (pagesize - 1); - if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE, - MAP_PRIVATE | MAP_FIXED, fd, 0L)) - return 1; - for (i = 0; i < pagesize; ++i) - if (*(data + i) != *(data2 + i)) - return 1; - - /* Finally, make sure that changes to the mapped area do not - percolate back to the file as seen by read(). (This is a bug on - some variants of i386 svr4.0.) */ - for (i = 0; i < pagesize; ++i) - *(data2 + i) = *(data2 + i) + 1; - data3 = (char *) malloc (pagesize); - if (!data3) - return 1; - if (read (fd, data3, pagesize) != pagesize) - return 1; - for (i = 0; i < pagesize; ++i) - if (*(data + i) != *(data3 + i)) - return 1; - close (fd); - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_mmap_fixed_mapped=yes -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_mmap_fixed_mapped=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5 -echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6; } -if test $ac_cv_func_mmap_fixed_mapped = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_MMAP 1 -_ACEOF - -fi -rm -f conftest.mmap - - -for ac_header in stdlib.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## -------------------------------------------------- ## -## Report this to launchd-bug-reports@group.apple.com ## -## -------------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -{ echo "$as_me:$LINENO: checking for GNU libc compatible realloc" >&5 -echo $ECHO_N "checking for GNU libc compatible realloc... $ECHO_C" >&6; } -if test "${ac_cv_func_realloc_0_nonnull+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "$cross_compiling" = yes; then - ac_cv_func_realloc_0_nonnull=no -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#if defined STDC_HEADERS || defined HAVE_STDLIB_H -# include -#else -char *realloc (); -#endif - -int -main () -{ -return ! realloc (0, 0); - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_realloc_0_nonnull=yes -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_realloc_0_nonnull=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_realloc_0_nonnull" >&5 -echo "${ECHO_T}$ac_cv_func_realloc_0_nonnull" >&6; } -if test $ac_cv_func_realloc_0_nonnull = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_REALLOC 1 -_ACEOF - -else - cat >>confdefs.h <<\_ACEOF -#define HAVE_REALLOC 0 -_ACEOF - - case " $LIBOBJS " in - *" realloc.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS realloc.$ac_objext" - ;; -esac - - -cat >>confdefs.h <<\_ACEOF -#define realloc rpl_realloc -_ACEOF - -fi - - - - - -for ac_header in sys/select.h sys/socket.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## -------------------------------------------------- ## -## Report this to launchd-bug-reports@group.apple.com ## -## -------------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -{ echo "$as_me:$LINENO: checking types of arguments for select" >&5 -echo $ECHO_N "checking types of arguments for select... $ECHO_C" >&6; } -if test "${ac_cv_func_select_args+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - for ac_arg234 in 'fd_set *' 'int *' 'void *'; do - for ac_arg1 in 'int' 'size_t' 'unsigned long int' 'unsigned int'; do - for ac_arg5 in 'struct timeval *' 'const struct timeval *'; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#ifdef HAVE_SYS_SELECT_H -# include -#endif -#ifdef HAVE_SYS_SOCKET_H -# include +#ifdef HAVE_SYS_SOCKET_H +# include #endif int @@ -8367,7 +7475,10 @@ fi -for ac_func in atexit dup2 gethostname gettimeofday memmove memset mkdir munmap rmdir select setenv socket strcasecmp strchr strdup strerror strrchr strstr strtol + + + +for ac_func in atexit dup2 gethostname gettimeofday malloc mmap memmove memset mkdir munmap realloc rmdir select setenv socket strcasecmp strchr strdup strerror strrchr strstr strtol do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -8461,6 +7572,286 @@ fi done +# check for a Security framework that includes session support +ac_func_search_save_LIBS=$LIBS +LIBS="-framework Security $ac_func_search_save_LIBS" +{ echo "$as_me:$LINENO: checking for SessionCreate" >&5 +echo $ECHO_N "checking for SessionCreate... $ECHO_C" >&6; } +if test "${ac_cv_func_SessionCreate+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define SessionCreate to an innocuous variant, in case declares SessionCreate. + For example, HP-UX 11i declares gettimeofday. */ +#define SessionCreate innocuous_SessionCreate + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char SessionCreate (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef SessionCreate + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char SessionCreate (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_SessionCreate || defined __stub___SessionCreate +choke me +#endif + +int +main () +{ +return SessionCreate (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_func_SessionCreate=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_func_SessionCreate=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_func_SessionCreate" >&5 +echo "${ECHO_T}$ac_cv_func_SessionCreate" >&6; } +if test $ac_cv_func_SessionCreate = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_SECURITY 1 +_ACEOF + + LIBS_SECURITY="-framework Security" + + WEAKLIBS_SECURITY="-weak_framework Security" + +fi + +LIBS=$ac_func_search_save_LIBS + +# check for seatbelt +{ echo "$as_me:$LINENO: checking for sandbox_init" >&5 +echo $ECHO_N "checking for sandbox_init... $ECHO_C" >&6; } +if test "${ac_cv_func_sandbox_init+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define sandbox_init to an innocuous variant, in case declares sandbox_init. + For example, HP-UX 11i declares gettimeofday. */ +#define sandbox_init innocuous_sandbox_init + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char sandbox_init (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef sandbox_init + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sandbox_init (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_sandbox_init || defined __stub___sandbox_init +choke me +#endif + +int +main () +{ +return sandbox_init (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_func_sandbox_init=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_func_sandbox_init=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_func_sandbox_init" >&5 +echo "${ECHO_T}$ac_cv_func_sandbox_init" >&6; } +if test $ac_cv_func_sandbox_init = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_SANDBOX 1 +_ACEOF + +fi + + +# check for quarantine +{ echo "$as_me:$LINENO: checking for _qtn_proc_init_with_data" >&5 +echo $ECHO_N "checking for _qtn_proc_init_with_data... $ECHO_C" >&6; } +if test "${ac_cv_func__qtn_proc_init_with_data+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define _qtn_proc_init_with_data to an innocuous variant, in case declares _qtn_proc_init_with_data. + For example, HP-UX 11i declares gettimeofday. */ +#define _qtn_proc_init_with_data innocuous__qtn_proc_init_with_data + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char _qtn_proc_init_with_data (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef _qtn_proc_init_with_data + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char _qtn_proc_init_with_data (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub__qtn_proc_init_with_data || defined __stub____qtn_proc_init_with_data +choke me +#endif + +int +main () +{ +return _qtn_proc_init_with_data (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_func__qtn_proc_init_with_data=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_func__qtn_proc_init_with_data=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_func__qtn_proc_init_with_data" >&5 +echo "${ECHO_T}$ac_cv_func__qtn_proc_init_with_data" >&6; } +if test $ac_cv_func__qtn_proc_init_with_data = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_QUARANTINE 1 +_ACEOF + +fi + + ac_config_files="$ac_config_files Makefile src/Makefile" @@ -8472,6 +7863,15 @@ else LIBS_ONLY_FALSE= fi + if test $(tconf --test TARGET_OS_EMBEDDED) = YES; then + DO_EMBEDDED_MAGIC_TRUE= + DO_EMBEDDED_MAGIC_FALSE='#' +else + DO_EMBEDDED_MAGIC_TRUE='#' + DO_EMBEDDED_MAGIC_FALSE= +fi + + cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -8590,6 +7990,13 @@ echo "$as_me: error: conditional \"LIBS_ONLY\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${DO_EMBEDDED_MAGIC_TRUE}" && test -z "${DO_EMBEDDED_MAGIC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"DO_EMBEDDED_MAGIC\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"DO_EMBEDDED_MAGIC\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files @@ -9204,12 +8611,16 @@ GREP!$GREP$ac_delim EGREP!$EGREP$ac_delim ALLOCA!$ALLOCA$ac_delim LIBOBJS!$LIBOBJS$ac_delim +LIBS_SECURITY!$LIBS_SECURITY$ac_delim +WEAKLIBS_SECURITY!$WEAKLIBS_SECURITY$ac_delim LIBS_ONLY_TRUE!$LIBS_ONLY_TRUE$ac_delim LIBS_ONLY_FALSE!$LIBS_ONLY_FALSE$ac_delim +DO_EMBEDDED_MAGIC_TRUE!$DO_EMBEDDED_MAGIC_TRUE$ac_delim +DO_EMBEDDED_MAGIC_FALSE!$DO_EMBEDDED_MAGIC_FALSE$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 84; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 88; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff --git a/launchd/configure.ac b/launchd/configure.ac index 69f4e00..bc8b29f 100644 --- a/launchd/configure.ac +++ b/launchd/configure.ac @@ -1,12 +1,12 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_PREREQ(2.59) +AC_PREREQ(2.61) AC_INIT([launchd],[1.0],[launchd-bug-reports@group.apple.com]) AC_CONFIG_SRCDIR([src/launchd.c]) AM_INIT_AUTOMAKE -AM_CONFIG_HEADER([src/config.h]) +AC_CONFIG_HEADERS([src/config.h]) # Checks for programs. AC_PROG_CC @@ -37,18 +37,32 @@ AC_FUNC_FORK AC_PROG_GCC_TRADITIONAL AC_FUNC_LSTAT AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK -AC_FUNC_MALLOC AC_FUNC_MKTIME -AC_FUNC_MMAP -AC_FUNC_REALLOC AC_FUNC_SELECT_ARGTYPES AC_TYPE_SIGNAL AC_FUNC_STAT -AC_CHECK_FUNCS([atexit dup2 gethostname gettimeofday memmove memset mkdir munmap rmdir select setenv socket strcasecmp strchr strdup strerror strrchr strstr strtol]) +AC_CHECK_FUNCS([atexit dup2 gethostname gettimeofday malloc mmap memmove memset mkdir munmap realloc rmdir select setenv socket strcasecmp strchr strdup strerror strrchr strstr strtol]) + +# check for a Security framework that includes session support +ac_func_search_save_LIBS=$LIBS +LIBS="-framework Security $ac_func_search_save_LIBS" +AC_CHECK_FUNC([SessionCreate], + [AC_DEFINE(HAVE_SECURITY, 1, [Define to 1 if you have the Security framework]) + AC_SUBST(LIBS_SECURITY,"-framework Security") + AC_SUBST(WEAKLIBS_SECURITY,"-weak_framework Security")]) +LIBS=$ac_func_search_save_LIBS + +# check for seatbelt +AC_CHECK_FUNC([sandbox_init],[AC_DEFINE(HAVE_SANDBOX, 1, [Define to 1 if you have the sandbox library])]) + +# check for quarantine +AC_CHECK_FUNC([_qtn_proc_init_with_data],[AC_DEFINE(HAVE_QUARANTINE, 1, [Define to 1 if you have the quarantine library])]) AC_CONFIG_FILES([Makefile src/Makefile]) AM_CONDITIONAL(LIBS_ONLY, test "$RC_ProjectName" = launchd_libs) +AM_CONDITIONAL(DO_EMBEDDED_MAGIC, test $(tconf --test TARGET_OS_EMBEDDED) = YES) + AC_OUTPUT diff --git a/launchd/src/Makefile.am b/launchd/src/Makefile.am index dc9af96..b676f43 100644 --- a/launchd/src/Makefile.am +++ b/launchd/src/Makefile.am @@ -1,4 +1,6 @@ -AM_CFLAGS = -no-cpp-precomp -F/System/Library/PrivateFrameworks -Wall -Wextra -Waggregate-return -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -D__MigTypeCheck=1 -fvisibility=hidden -Dmig_external=__private_extern__ +AM_CFLAGS = -no-cpp-precomp -isysroot $(SDKROOT) -F$(SDKROOT)/System/Library/PrivateFrameworks -Wall -Wextra -Waggregate-return -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -D__MigTypeCheck=1 -fvisibility=hidden -Dmig_external=__private_extern__ + +AM_LDFLAGS = -Wl,-syslibroot,$(SDKROOT) CLEANFILES = protocol_vproc.h protocol_vprocServer.c protocol_vprocUser.c protocol_vprocServer.h \ launchd_internal.h launchd_internalServer.h launchd_internalServer.c launchd_internalUser.c \ @@ -34,26 +36,33 @@ install-data-hook: else bin_PROGRAMS = launchctl wait4path +if DO_EMBEDDED_MAGIC +sbin_PROGRAMS = launchd +else sbin_PROGRAMS = launchd SystemStarter +endif libexec_PROGRAMS = launchproxy sysconf_DATA = hostconfig rc.common rc.netboot -launchctl_CFLAGS = $(AM_CFLAGS) -I/System/Library/Frameworks/System.framework/PrivateHeaders -launchctl_LDFLAGS = -framework CoreFoundation -framework IOKit -framework Security -weak_library /usr/lib/libedit.dylib +launchctl_CFLAGS = $(AM_CFLAGS) -I$(SDKROOT)/System/Library/Frameworks/System.framework/PrivateHeaders +launchctl_LDFLAGS = $(AM_LDFLAGS) -framework CoreFoundation -framework IOKit $(LIBS_SECURITY) -weak_library /usr/lib/libedit.dylib +if DO_EMBEDDED_MAGIC +else SystemStarter_CFLAGS = -mdynamic-no-pic $(AM_CFLAGS) -SystemStarter_LDFLAGS = -framework CoreFoundation -framework IOKit +SystemStarter_LDFLAGS = $(AM_LDFLAGS) -framework CoreFoundation -framework IOKit SystemStarter_SOURCES = StartupItems.c IPC.c SystemStarter.c +endif launchd_CFLAGS = -mdynamic-no-pic $(AM_CFLAGS) -Wno-unused-parameter -launchd_LDFLAGS = -lbsm +launchd_LDFLAGS = $(AM_LDFLAGS) -lbsm launchd_SOURCES = launchd.c launchd_core_logic.c launchd_unix_ipc.c protocol_vprocServer.c notifyServer.c launchd_internalUser.c launchd_internalServer.c job_replyUser.c launchd_runtime.c launchd_runtime_kill.c mach_excServer.c launchd_runtime.c:: notifyServer.h launchd_internal.h mach_excServer.h launchd_core_logic.c:: protocol_vproc.h job_reply.h protocol_vprocServer.h -launchproxy_LDFLAGS = -weak_framework Security +launchproxy_LDFLAGS = $(AM_LDFLAGS) $(WEAKLIBS_SECURITY) notifyServer.c notifyServer.h: /usr/include/mach/notify.defs mig $(MIGFLAGS) -header /dev/null -user /dev/null -sheader notifyServer.h /usr/include/mach/notify.defs @@ -72,7 +81,11 @@ man1_MANS = wait4path.1 launchctl.1 man5_MANS = launchd.plist.5 launchd.conf.5 +if DO_EMBEDDED_MAGIC +man8_MANS = launchd.8 launchproxy.8 +else man8_MANS = StartupItemContext.8 SystemStarter.8 rc.8 launchd.8 launchproxy.8 +endif install-data-hook: mkdir -p $(DESTDIR)/usr/libexec @@ -85,7 +98,6 @@ install-data-hook: mkdir -p $(DESTDIR)/Library/LaunchAgents mkdir -p $(DESTDIR)/System/Library/LaunchAgents mkdir -p $(DESTDIR)/System/Library/LaunchDaemons - cp $(srcdir)/StartupItemContext $(DESTDIR)/usr/libexec cp $(srcdir)/liblaunch_public.h $(DESTDIR)/usr/include/launch.h cp $(srcdir)/libvproc_public.h $(DESTDIR)/usr/include/vproc.h cp $(srcdir)/libbootstrap_public.h $(DESTDIR)/usr/include/servers/bootstrap.h @@ -94,6 +106,10 @@ install-data-hook: cp $(srcdir)/liblaunch_private.h $(DESTDIR)/usr/local/include/launch_priv.h cp $(srcdir)/libvproc_private.h $(DESTDIR)/usr/local/include/vproc_priv.h cp $(srcdir)/reboot2.h $(DESTDIR)/usr/local/include/reboot2.h +if DO_EMBEDDED_MAGIC +else + cp $(srcdir)/StartupItemContext $(DESTDIR)/usr/libexec cp $(srcdir)/com.apple.SystemStarter.plist $(DESTDIR)/System/Library/LaunchDaemons +endif endif diff --git a/launchd/src/Makefile.in b/launchd/src/Makefile.in index 6a4b01c..3350ffe 100644 --- a/launchd/src/Makefile.in +++ b/launchd/src/Makefile.in @@ -33,8 +33,11 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : @LIBS_ONLY_FALSE@bin_PROGRAMS = launchctl$(EXEEXT) wait4path$(EXEEXT) -@LIBS_ONLY_FALSE@sbin_PROGRAMS = launchd$(EXEEXT) \ -@LIBS_ONLY_FALSE@ SystemStarter$(EXEEXT) +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@sbin_PROGRAMS = \ +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@ launchd$(EXEEXT) \ +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@ SystemStarter$(EXEEXT) +@DO_EMBEDDED_MAGIC_TRUE@@LIBS_ONLY_FALSE@sbin_PROGRAMS = \ +@DO_EMBEDDED_MAGIC_TRUE@@LIBS_ONLY_FALSE@ launchd$(EXEEXT) @LIBS_ONLY_FALSE@libexec_PROGRAMS = launchproxy$(EXEEXT) subdir = src DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ @@ -80,10 +83,9 @@ libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(sbin_PROGRAMS) am__SystemStarter_SOURCES_DIST = StartupItems.c IPC.c SystemStarter.c -@LIBS_ONLY_FALSE@am_SystemStarter_OBJECTS = \ -@LIBS_ONLY_FALSE@ SystemStarter-StartupItems.$(OBJEXT) \ -@LIBS_ONLY_FALSE@ SystemStarter-IPC.$(OBJEXT) \ -@LIBS_ONLY_FALSE@ SystemStarter-SystemStarter.$(OBJEXT) +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@am_SystemStarter_OBJECTS = SystemStarter-StartupItems.$(OBJEXT) \ +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@ SystemStarter-IPC.$(OBJEXT) \ +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@ SystemStarter-SystemStarter.$(OBJEXT) SystemStarter_OBJECTS = $(am_SystemStarter_OBJECTS) SystemStarter_LDADD = $(LDADD) SystemStarter_LINK = $(CCLD) $(SystemStarter_CFLAGS) $(CFLAGS) \ @@ -180,6 +182,7 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ +LIBS_SECURITY = @LIBS_SECURITY@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ @@ -196,6 +199,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +WEAKLIBS_SECURITY = @WEAKLIBS_SECURITY@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -237,7 +241,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -AM_CFLAGS = -no-cpp-precomp -F/System/Library/PrivateFrameworks -Wall -Wextra -Waggregate-return -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -D__MigTypeCheck=1 -fvisibility=hidden -Dmig_external=__private_extern__ +AM_CFLAGS = -no-cpp-precomp -isysroot $(SDKROOT) -F$(SDKROOT)/System/Library/PrivateFrameworks -Wall -Wextra -Waggregate-return -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -D__MigTypeCheck=1 -fvisibility=hidden -Dmig_external=__private_extern__ +AM_LDFLAGS = -Wl,-syslibroot,$(SDKROOT) CLEANFILES = protocol_vproc.h protocol_vprocServer.c protocol_vprocUser.c protocol_vprocServer.h \ launchd_internal.h launchd_internalServer.h launchd_internalServer.c launchd_internalUser.c \ notifyServer.c notifyServer.h job_replyUser.c job_reply.h __version.c mach_excServer.c mach_excServer.h @@ -248,18 +253,19 @@ CLEANFILES = protocol_vproc.h protocol_vprocServer.c protocol_vprocUser.c protoc @LIBS_ONLY_TRUE@liblaunch_profile_a_CFLAGS = -pg -D__DARWIN_NON_CANCELABLE=1 $(AM_CFLAGS) @LIBS_ONLY_TRUE@liblaunch_profile_a_SOURCES = liblaunch.c libvproc.c libbootstrap.c protocol_vprocUser.c __version.c @LIBS_ONLY_FALSE@sysconf_DATA = hostconfig rc.common rc.netboot -@LIBS_ONLY_FALSE@launchctl_CFLAGS = $(AM_CFLAGS) -I/System/Library/Frameworks/System.framework/PrivateHeaders -@LIBS_ONLY_FALSE@launchctl_LDFLAGS = -framework CoreFoundation -framework IOKit -framework Security -weak_library /usr/lib/libedit.dylib -@LIBS_ONLY_FALSE@SystemStarter_CFLAGS = -mdynamic-no-pic $(AM_CFLAGS) -@LIBS_ONLY_FALSE@SystemStarter_LDFLAGS = -framework CoreFoundation -framework IOKit -@LIBS_ONLY_FALSE@SystemStarter_SOURCES = StartupItems.c IPC.c SystemStarter.c +@LIBS_ONLY_FALSE@launchctl_CFLAGS = $(AM_CFLAGS) -I$(SDKROOT)/System/Library/Frameworks/System.framework/PrivateHeaders +@LIBS_ONLY_FALSE@launchctl_LDFLAGS = $(AM_LDFLAGS) -framework CoreFoundation -framework IOKit $(LIBS_SECURITY) -weak_library /usr/lib/libedit.dylib +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@SystemStarter_CFLAGS = -mdynamic-no-pic $(AM_CFLAGS) +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@SystemStarter_LDFLAGS = $(AM_LDFLAGS) -framework CoreFoundation -framework IOKit +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@SystemStarter_SOURCES = StartupItems.c IPC.c SystemStarter.c @LIBS_ONLY_FALSE@launchd_CFLAGS = -mdynamic-no-pic $(AM_CFLAGS) -Wno-unused-parameter -@LIBS_ONLY_FALSE@launchd_LDFLAGS = -lbsm +@LIBS_ONLY_FALSE@launchd_LDFLAGS = $(AM_LDFLAGS) -lbsm @LIBS_ONLY_FALSE@launchd_SOURCES = launchd.c launchd_core_logic.c launchd_unix_ipc.c protocol_vprocServer.c notifyServer.c launchd_internalUser.c launchd_internalServer.c job_replyUser.c launchd_runtime.c launchd_runtime_kill.c mach_excServer.c -@LIBS_ONLY_FALSE@launchproxy_LDFLAGS = -weak_framework Security +@LIBS_ONLY_FALSE@launchproxy_LDFLAGS = $(AM_LDFLAGS) $(WEAKLIBS_SECURITY) @LIBS_ONLY_FALSE@man1_MANS = wait4path.1 launchctl.1 @LIBS_ONLY_FALSE@man5_MANS = launchd.plist.5 launchd.conf.5 -@LIBS_ONLY_FALSE@man8_MANS = StartupItemContext.8 SystemStarter.8 rc.8 launchd.8 launchproxy.8 +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@man8_MANS = StartupItemContext.8 SystemStarter.8 rc.8 launchd.8 launchproxy.8 +@DO_EMBEDDED_MAGIC_TRUE@@LIBS_ONLY_FALSE@man8_MANS = launchd.8 launchproxy.8 all: config.h $(MAKE) $(AM_MAKEFLAGS) all-am @@ -1191,7 +1197,6 @@ protocol_vproc.h protocol_vprocServer.c protocol_vprocUser.c protocol_vprocServe @LIBS_ONLY_FALSE@ mkdir -p $(DESTDIR)/Library/LaunchAgents @LIBS_ONLY_FALSE@ mkdir -p $(DESTDIR)/System/Library/LaunchAgents @LIBS_ONLY_FALSE@ mkdir -p $(DESTDIR)/System/Library/LaunchDaemons -@LIBS_ONLY_FALSE@ cp $(srcdir)/StartupItemContext $(DESTDIR)/usr/libexec @LIBS_ONLY_FALSE@ cp $(srcdir)/liblaunch_public.h $(DESTDIR)/usr/include/launch.h @LIBS_ONLY_FALSE@ cp $(srcdir)/libvproc_public.h $(DESTDIR)/usr/include/vproc.h @LIBS_ONLY_FALSE@ cp $(srcdir)/libbootstrap_public.h $(DESTDIR)/usr/include/servers/bootstrap.h @@ -1200,7 +1205,8 @@ protocol_vproc.h protocol_vprocServer.c protocol_vprocUser.c protocol_vprocServe @LIBS_ONLY_FALSE@ cp $(srcdir)/liblaunch_private.h $(DESTDIR)/usr/local/include/launch_priv.h @LIBS_ONLY_FALSE@ cp $(srcdir)/libvproc_private.h $(DESTDIR)/usr/local/include/vproc_priv.h @LIBS_ONLY_FALSE@ cp $(srcdir)/reboot2.h $(DESTDIR)/usr/local/include/reboot2.h -@LIBS_ONLY_FALSE@ cp $(srcdir)/com.apple.SystemStarter.plist $(DESTDIR)/System/Library/LaunchDaemons +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@ cp $(srcdir)/StartupItemContext $(DESTDIR)/usr/libexec +@DO_EMBEDDED_MAGIC_FALSE@@LIBS_ONLY_FALSE@ cp $(srcdir)/com.apple.SystemStarter.plist $(DESTDIR)/System/Library/LaunchDaemons # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/launchd/src/config.h.in b/launchd/src/config.h.in index a71db1a..c8c83cc 100644 --- a/launchd/src/config.h.in +++ b/launchd/src/config.h.in @@ -3,18 +3,45 @@ /* Define to 1 if the `closedir' function returns void instead of `int'. */ #undef CLOSEDIR_VOID +/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP + systems. This function is required for `alloca.c' support on those systems. + */ +#undef CRAY_STACKSEG_END + +/* Define to 1 if using `alloca.c'. */ +#undef C_ALLOCA + +/* Define to 1 if you have the `alarm' function. */ +#undef HAVE_ALARM + +/* Define to 1 if you have `alloca', as a function or macro. */ +#undef HAVE_ALLOCA + +/* Define to 1 if you have and it should be used (not on Ultrix). + */ +#undef HAVE_ALLOCA_H + +/* Define to 1 if you have the `atexit' function. */ +#undef HAVE_ATEXIT + /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_DIRENT_H +/* Define to 1 if you have the `dup2' function. */ +#undef HAVE_DUP2 + /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H /* Define to 1 if you have the `fork' function. */ #undef HAVE_FORK -/* Define to 1 if you have the `getpagesize' function. */ -#undef HAVE_GETPAGESIZE +/* Define to 1 if you have the `gethostname' function. */ +#undef HAVE_GETHOSTNAME + +/* Define to 1 if you have the `gettimeofday' function. */ +#undef HAVE_GETTIMEOFDAY /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H @@ -22,11 +49,14 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H +/* Define to 1 if `lstat' has the bug that it succeeds when given the + zero-length file name argument. */ +#undef HAVE_LSTAT_EMPTY_STRING_BUG + /* Define to 1 if you have the header file. */ #undef HAVE_MACH_MACH_H -/* Define to 1 if your system has a GNU libc compatible `malloc' function, and - to 0 otherwise. */ +/* Define to 1 if you have the `malloc' function. */ #undef HAVE_MALLOC /* Define to 1 if you have the `memmove' function. */ @@ -35,7 +65,13 @@ /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H -/* Define to 1 if you have a working `mmap' system call. */ +/* Define to 1 if you have the `memset' function. */ +#undef HAVE_MEMSET + +/* Define to 1 if you have the `mkdir' function. */ +#undef HAVE_MKDIR + +/* Define to 1 if you have the `mmap' function. */ #undef HAVE_MMAP /* Define to 1 if you have the `munmap' function. */ @@ -44,6 +80,39 @@ /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_NDIR_H +/* Define to 1 if you have the header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETINET_IN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_PATHS_H + +/* Define to 1 if you have the quarantine library */ +#undef HAVE_QUARANTINE + +/* Define to 1 if you have the `realloc' function. */ +#undef HAVE_REALLOC + +/* Define to 1 if you have the `rmdir' function. */ +#undef HAVE_RMDIR + +/* Define to 1 if you have the sandbox library */ +#undef HAVE_SANDBOX + +/* Define to 1 if you have the Security framework */ +#undef HAVE_SECURITY + +/* Define to 1 if you have the `select' function. */ +#undef HAVE_SELECT + +/* Define to 1 if you have the `setenv' function. */ +#undef HAVE_SETENV + +/* Define to 1 if you have the `socket' function. */ +#undef HAVE_SOCKET + /* Define to 1 if `stat' has the bug that it succeeds when given the zero-length file name argument. */ #undef HAVE_STAT_EMPTY_STRING_BUG @@ -51,12 +120,24 @@ /* Define to 1 if stdbool.h conforms to C99. */ #undef HAVE_STDBOOL_H +/* Define to 1 if you have the header file. */ +#undef HAVE_STDDEF_H + /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H +/* Define to 1 if you have the `strcasecmp' function. */ +#undef HAVE_STRCASECMP + +/* Define to 1 if you have the `strchr' function. */ +#undef HAVE_STRCHR + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + /* Define to 1 if you have the `strerror' function. */ #undef HAVE_STRERROR @@ -66,6 +147,15 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H +/* Define to 1 if you have the `strrchr' function. */ +#undef HAVE_STRRCHR + +/* Define to 1 if you have the `strstr' function. */ +#undef HAVE_STRSTR + +/* Define to 1 if you have the `strtol' function. */ +#undef HAVE_STRTOL + /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H @@ -73,19 +163,40 @@ */ #undef HAVE_SYS_DIR_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MOUNT_H + /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_NDIR_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PARAM_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TIME_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_TERMIOS_H + /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H @@ -108,6 +219,9 @@ slash. */ #undef LSTAT_FOLLOWS_SLASHED_SYMLINK +/* Define to 1 if your C compiler doesn't accept -c and -o together. */ +#undef NO_MINUS_C_MINUS_O + /* Name of package */ #undef PACKAGE @@ -129,9 +243,32 @@ /* Define as the return type of signal handlers (`int' or `void'). */ #undef RETSIGTYPE +/* Define to the type of arg 1 for `select'. */ +#undef SELECT_TYPE_ARG1 + +/* Define to the type of args 2, 3 and 4 for `select'. */ +#undef SELECT_TYPE_ARG234 + +/* Define to the type of arg 5 for `select'. */ +#undef SELECT_TYPE_ARG5 + +/* If using the C implementation of alloca, define if you know the + direction of stack growth for your system; otherwise it will be + automatically deduced at runtime. + STACK_DIRECTION > 0 => grows toward higher addresses + STACK_DIRECTION < 0 => grows toward lower addresses + STACK_DIRECTION = 0 => direction of growth unknown */ +#undef STACK_DIRECTION + /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS +/* Define to 1 if you can safely include both and . */ +#undef TIME_WITH_SYS_TIME + +/* Define to 1 if your declares `struct tm'. */ +#undef TM_IN_SYS_TIME + /* Version number of package */ #undef VERSION @@ -141,19 +278,16 @@ /* Define to `int' if doesn't define. */ #undef gid_t -/* Define to rpl_malloc if the replacement function should be used. */ -#undef malloc - /* Define to `int' if does not define. */ #undef mode_t -/* Define to `long' if does not define. */ +/* Define to `long int' if does not define. */ #undef off_t /* Define to `int' if does not define. */ #undef pid_t -/* Define to `unsigned' if does not define. */ +/* Define to `unsigned int' if does not define. */ #undef size_t /* Define to `int' if doesn't define. */ diff --git a/launchd/src/launchctl.c b/launchd/src/launchctl.c index 6b5efa3..f62bfb8 100644 --- a/launchd/src/launchctl.c +++ b/launchd/src/launchctl.c @@ -18,7 +18,7 @@ * @APPLE_APACHE_LICENSE_HEADER_END@ */ -static const char *const __rcs_file_version__ = "$Revision: 23457 $"; +static const char *const __rcs_file_version__ = "$Revision: 23566 $"; #include "liblaunch_public.h" #include "liblaunch_private.h" @@ -30,7 +30,7 @@ static const char *const __rcs_file_version__ = "$Revision: 23457 $"; #include #include #include -#if !TARGET_OS_EMBEDDED +#if HAVE_SECURITY #include #include #endif @@ -313,10 +313,17 @@ void read_launchd_conf(void) { char s[1000], *c, *av[100]; + const char *file; size_t len, i; FILE *f; - if (!(f = fopen("/etc/launchd.conf", "r"))) { + if (getppid() == 1) { + file = "/etc/launchd.conf"; + } else { + file = "/etc/launchd-user.conf"; + } + + if (!(f = fopen(file, "r"))) { return; } @@ -1431,10 +1438,12 @@ system_specific_bootstrap(bool sflag) assumes(acct("/var/account/acct") != -1); } +#if !TARGET_OS_EMBEDDED if (path_check("/etc/fstab")) { const char *mount_tool[] = { "mount", "-vat", "nonfs", NULL }; assumes(fwexec(mount_tool, true) != -1); } +#endif if (path_check("/etc/rc.installer_cleanup")) { const char *rccleanup_tool[] = { _PATH_BSHELL, "/etc/rc.installer_cleanup", "multiuser", NULL }; @@ -1464,7 +1473,11 @@ system_specific_bootstrap(bool sflag) _vproc_set_global_on_demand(true); - char *load_launchd_items[] = { "load", "-D", "all", "/etc/mach_init.d", NULL }; + char *load_launchd_items[] = { "load", "-D", "all", "/etc/mach_init.d", +#if TARGET_OS_EMBEDDED + "/var/mobile/Library/LaunchAgents", +#endif + NULL }; if (is_safeboot()) { load_launchd_items[2] = "system"; @@ -1533,9 +1546,9 @@ system_specific_bootstrap(bool sflag) void do_BootCache_magic(BootCache_action_t what) { - const char *bcc_tool[] = { "BootCacheControl", "-f", "/var/db/BootCache.playlist", NULL, NULL }; + const char *bcc_tool[] = { "/usr/sbin/BootCacheControl", "-f", "/var/db/BootCache.playlist", NULL, NULL }; - if (is_safeboot()) { + if (is_safeboot() || !path_check(bcc_tool[0])) { return; } @@ -1612,11 +1625,12 @@ bootstrap_cmd(int argc, char *const argv[]) the_argc += 1; } -#if !TARGET_OS_EMBEDDED if (strcasecmp(session_type, VPROCMGR_SESSION_BACKGROUND) == 0) { + read_launchd_conf(); +#if HAVE_SECURITY assumes(SessionCreate(sessionKeepCurrentBootstrap, 0) == 0); - } #endif + } return load_and_unload_cmd(the_argc, load_launchd_items); } @@ -2768,7 +2782,13 @@ do_potential_fsck(void) fprintf(stderr, "fsck failed!\n"); /* someday, we should keep booting read-only, but as of today, other sub-systems cannot handle that scenario */ +#if TARGET_OS_EMBEDDED + const char *nvram_tool[] = { "/usr/sbin/nvram", "auto-boot=false", NULL }; + assumes(fwexec(nvram_tool, true) != -1); + assumes(reboot(RB_AUTOBOOT) != -1); +#else assumes(reboot(RB_HALT) != -1); +#endif return; out: @@ -2782,7 +2802,15 @@ out: * assumes(mount(sfs.f_fstypename, "/", MNT_UPDATE, NULL) != -1); */ - assumes(fwexec(remount_tool, true) != -1); +#if TARGET_OS_EMBEDDED + if (path_check("/etc/fstab")) { + const char *mount_tool[] = { "mount", "-vat", "nonfs", NULL }; + assumes(fwexec(mount_tool, true) != -1); + } else +#endif + { + assumes(fwexec(remount_tool, true) != -1); + } fix_bogus_file_metadata(); } diff --git a/launchd/src/launchd.c b/launchd/src/launchd.c index 955bdd0..37bca50 100644 --- a/launchd/src/launchd.c +++ b/launchd/src/launchd.c @@ -18,14 +18,16 @@ * @APPLE_APACHE_LICENSE_HEADER_END@ */ -static const char *const __rcs_file_version__ = "$Revision: 23408 $"; +static const char *const __rcs_file_version__ = "$Revision: 23506 $"; #include "config.h" #include "launchd.h" +#if HAVE_SECURITY #include #include #include +#endif #include #include #include @@ -283,6 +285,7 @@ launchd_single_user(void) void launchd_SessionCreate(void) { +#if HAVE_SECURITY OSStatus (*sescr)(SessionCreationFlags flags, SessionAttributeBits attributes); void *seclib; @@ -292,6 +295,7 @@ launchd_SessionCreate(void) } launchd_assumes(dlclose(seclib) != -1); } +#endif } void diff --git a/launchd/src/launchd_core_logic.c b/launchd/src/launchd_core_logic.c index cdbbde2..ea6f608 100644 --- a/launchd/src/launchd_core_logic.c +++ b/launchd/src/launchd_core_logic.c @@ -16,11 +16,12 @@ * @APPLE_APACHE_LICENSE_HEADER_END@ */ -static const char *const __rcs_file_version__ = "$Revision: 23459 $"; +static const char *const __rcs_file_version__ = "$Revision: 23585 $"; #include "config.h" #include "launchd_core_logic.h" +#include #include #include #include @@ -73,7 +74,12 @@ static const char *const __rcs_file_version__ = "$Revision: 23459 $"; #include #include #include +#if HAVE_SANDBOX #include +#endif +#if HAVE_QUARANTINE +#include +#endif #include "liblaunch_public.h" #include "liblaunch_private.h" @@ -164,7 +170,10 @@ struct socketgroup { SLIST_ENTRY(socketgroup) sle; int *fds; unsigned int junkfds:1, fd_cnt:31; - char name[0]; + union { + const char name[0]; + char name_init[0]; + }; }; static bool socketgroup_new(job_t j, const char *name, int *fds, unsigned int fd_cnt, bool junkfds); @@ -196,7 +205,10 @@ static void calendarinterval_sanity_check(void); struct envitem { SLIST_ENTRY(envitem) sle; char *value; - char key[0]; + union { + const char key[0]; + char key_init[0]; + }; }; static bool envitem_new(job_t j, const char *k, const char *v, bool global); @@ -212,7 +224,9 @@ struct limititem { static bool limititem_update(job_t j, int w, rlim_t r); static void limititem_delete(job_t j, struct limititem *li); static void limititem_setup(launch_data_t obj, const char *key, void *context); +#if HAVE_SANDBOX static void seatbelt_setup_flags(launch_data_t obj, const char *key, void *context); +#endif typedef enum { NETWORK_UP = 1, @@ -234,7 +248,10 @@ struct semaphoreitem { SLIST_ENTRY(semaphoreitem) sle; semaphore_reason_t why; int fd; - char what[0]; + union { + const char what[0]; + char what_init[0]; + }; }; struct semaphoreitem_dict_iter_context { @@ -271,7 +288,10 @@ struct jobmgr_s { unsigned int hopefully_first_cnt; unsigned int normal_active_cnt; unsigned int sent_stop_to_normal_jobs:1, sent_stop_to_hopefully_last_jobs:1, shutting_down:1, session_initialized:1; - char name[0]; + union { + const char name[0]; + char name_init[0]; + }; }; #define jobmgr_assumes(jm, e) \ @@ -281,6 +301,7 @@ static jobmgr_t jobmgr_new(jobmgr_t jm, mach_port_t requestorport, mach_port_t t static job_t jobmgr_import2(jobmgr_t jm, launch_data_t pload); static jobmgr_t jobmgr_parent(jobmgr_t jm); static jobmgr_t jobmgr_do_garbage_collection(jobmgr_t jm); +static bool jobmgr_label_test(jobmgr_t jm, const char *str); static void jobmgr_reap_bulk(jobmgr_t jm, struct kevent *kev); static void jobmgr_log_stray_children(jobmgr_t jm); static void jobmgr_remove(jobmgr_t jm); @@ -322,7 +343,7 @@ struct job_s { cpu_type_t *j_binpref; size_t j_binpref_cnt; mach_port_t j_port; - mach_port_t wait_reply_port; + mach_port_t wait_reply_port; /* we probably should switch to a list of waiters */ uid_t mach_uid; jobmgr_t mgr; char **argv; @@ -336,10 +357,14 @@ struct job_s { char *alt_exc_handler; struct machservice *lastlookup; unsigned int lastlookup_gennum; +#if HAVE_SANDBOX char *seatbelt_profile; uint64_t seatbelt_flags; +#endif +#if HAVE_QUARANTINE void *quarantine_data; size_t quarantine_data_sz; +#endif pid_t p; int argc; int last_exit_status; @@ -361,7 +386,7 @@ struct job_s { currently_ignored:1, forced_peers_to_demand_mode:1, setnice:1, hopefully_exits_last:1, removal_pending:1, wait4pipe_eof:1, sent_sigkill:1, debug_before_kill:1, weird_bootstrap:1, start_on_mount:1, per_user:1, hopefully_exits_first:1, deny_unknown_mslookups:1, unload_at_mig_return:1, abandon_pg:1, - poll_for_vfs_changes:1, internal_exc_handler:1; + poll_for_vfs_changes:1, internal_exc_handler:1, deny_job_creation:1; const char label[0]; }; @@ -450,9 +475,11 @@ static char **mach_cmd2argv(const char *string); static size_t our_strhash(const char *s) __attribute__((pure)); static void extract_rcsid_substr(const char *i, char *o, size_t osz); static void do_first_per_user_launchd_hack(void); +static size_t get_kern_max_proc(void); static void do_file_init(void) __attribute__((constructor)); /* file local globals */ +static bool do_apple_internal_magic; static size_t total_children; static size_t total_anon_children; static mach_port_t the_exception_server; @@ -865,12 +892,16 @@ job_remove(job_t j) if (j->alt_exc_handler) { free(j->alt_exc_handler); } +#if HAVE_SANDBOX if (j->seatbelt_profile) { free(j->seatbelt_profile); } +#endif +#if HAVE_QUARANTINE if (j->quarantine_data) { free(j->quarantine_data); } +#endif if (j->j_binpref) { free(j->j_binpref); } @@ -1458,8 +1489,10 @@ job_import_string(job_t j, const char *key, const char *value) where2put = &j->stdoutpath; } else if (strcasecmp(key, LAUNCH_JOBKEY_STANDARDERRORPATH) == 0) { where2put = &j->stderrpath; +#if HAVE_SANDBOX } else if (strcasecmp(key, LAUNCH_JOBKEY_SANDBOXPROFILE) == 0) { where2put = &j->seatbelt_profile; +#endif } break; default: @@ -1537,8 +1570,10 @@ job_import_integer(job_t j, const char *key, long long value) job_assumes(j, kevent_mod((uintptr_t)&j->start_interval, EVFILT_TIMER, EV_ADD, NOTE_SECONDS, value, j) != -1); } +#if HAVE_SANDBOX } else if (strcasecmp(key, LAUNCH_JOBKEY_SANDBOXFLAGS) == 0) { j->seatbelt_flags = value; +#endif } break; @@ -1554,6 +1589,7 @@ job_import_opaque(job_t j, const char *key, launch_data_t value) switch (key[0]) { case 'q': case 'Q': +#if HAVE_QUARANTINE if (strcasecmp(key, LAUNCH_JOBKEY_QUARANTINEDATA) == 0) { size_t tmpsz = launch_data_get_opaque_size(value); @@ -1562,18 +1598,48 @@ job_import_opaque(job_t j, const char *key, launch_data_t value) j->quarantine_data_sz = tmpsz; } } +#endif break; default: break; } } +static void +policy_setup(launch_data_t obj, const char *key, void *context) +{ + job_t j = context; + bool found_key = false; + + switch (key[0]) { + case 'd': + case 'D': + if (strcasecmp(key, LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS) == 0) { + j->deny_job_creation = launch_data_get_bool(obj); + found_key = true; + } + break; + default: + break; + } + + if (unlikely(!found_key)) { + job_log(j, LOG_WARNING, "Unknown policy: %s", key); + } +} + void job_import_dictionary(job_t j, const char *key, launch_data_t value) { launch_data_t tmp; switch (key[0]) { + case 'p': + case 'P': + if (strcasecmp(key, LAUNCH_JOBKEY_POLICIES) == 0) { + launch_data_dict_iterate(value, policy_setup, j); + } + break; case 'k': case 'K': if (strcasecmp(key, LAUNCH_JOBKEY_KEEPALIVE) == 0) { @@ -1612,8 +1678,10 @@ job_import_dictionary(job_t j, const char *key, launch_data_t value) calendarinterval_new_from_obj(j, value); } else if (strcasecmp(key, LAUNCH_JOBKEY_SOFTRESOURCELIMITS) == 0) { launch_data_dict_iterate(value, limititem_setup, j); +#if HAVE_SANDBOX } else if (strcasecmp(key, LAUNCH_JOBKEY_SANDBOXFLAGS) == 0) { launch_data_dict_iterate(value, seatbelt_setup_flags, j); +#endif } break; case 'h': @@ -1816,10 +1884,7 @@ jobmgr_import2(jobmgr_t jm, launch_data_t pload) if ((j = job_find(label)) != NULL) { errno = EEXIST; return NULL; - } else if (label[0] == '\0' || (strncasecmp(label, "", strlen("com.apple.launchd")) == 0) || - (strtol(label, NULL, 10) != 0)) { - jobmgr_log(jm, LOG_ERR, "Somebody attempted to use a reserved prefix for a label: %s", label); - /* the empty string, com.apple.launchd and number prefixes for labels are reserved */ + } else if (!jobmgr_label_test(jm, label)) { errno = EINVAL; return NULL; } @@ -1831,6 +1896,40 @@ jobmgr_import2(jobmgr_t jm, launch_data_t pload) return j; } +bool +jobmgr_label_test(jobmgr_t jm, const char *str) +{ + char *endstr = NULL; + const char *ptr; + + if (str[0] == '\0') { + jobmgr_log(jm, LOG_ERR, "Empty job labels are not allowed"); + return false; + } + + for (ptr = str; *ptr; ptr++) { + if (iscntrl(*ptr)) { + jobmgr_log(jm, LOG_ERR, "ASCII control characters are not allowed in job labels. Index: %td Value: 0x%hhx", ptr - str, *ptr); + return false; + } + } + + strtoll(str, &endstr, 0); + + if (str != endstr) { + jobmgr_log(jm, LOG_ERR, "Job labels are not allowed to begin with numbers: %s", str); + return false; + } + + if ((strncasecmp(str, "com.apple.launchd", strlen("com.apple.launchd")) == 0) || + (strncasecmp(str, "com.apple.launchctl", strlen("com.apple.launchctl")) == 0)) { + jobmgr_log(jm, LOG_ERR, "Job labels are not allowed to use a reserved prefix: %s", str); + return false; + } + + return true; +} + job_t job_find(const char *label) { @@ -1993,9 +2092,15 @@ void job_log_stray_pg(job_t j) { int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PGRP, j->p }; - size_t i, kp_cnt, len = 10*1024*1024; + size_t i, kp_cnt, len = sizeof(struct kinfo_proc) * get_kern_max_proc(); struct kinfo_proc *kp; +#if TARGET_OS_EMBEDDED + if (!do_apple_internal_magic) { + return; + } +#endif + if (!job_assumes(j, (kp = malloc(len)) != NULL)) { return; } @@ -2680,6 +2785,7 @@ job_start_child(job_t j) job_assumes(j, binpref_out_cnt == j->j_binpref_cnt); } +#if HAVE_QUARANTINE if (j->quarantine_data) { qtn_proc_t qp; @@ -2689,7 +2795,9 @@ job_start_child(job_t j) } } } +#endif +#if HAVE_SANDBOX if (j->seatbelt_profile) { char *seatbelt_err_buf = NULL; @@ -2700,6 +2808,7 @@ job_start_child(job_t j) goto out_bad; } } +#endif if (j->prog) { errno = posix_spawn(&junk_pid, j->inetcompat ? file2exec : j->prog, NULL, &spattr, (char *const*)argv, environ); @@ -2764,10 +2873,17 @@ void job_find_and_blame_pids_with_weird_uids(job_t j) { int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_ALL }; - size_t i, kp_cnt, len = 10*1024*1024; - struct kinfo_proc *kp = malloc(len); + size_t i, kp_cnt, len = sizeof(struct kinfo_proc) * get_kern_max_proc(); + struct kinfo_proc *kp; uid_t u = j->mach_uid; +#if TARGET_OS_EMBEDDED + if (!do_apple_internal_magic) { + return; + } +#endif + kp = malloc(len); + if (!job_assumes(j, kp != NULL)) { return; } @@ -3262,11 +3378,10 @@ semaphoreitem_ignore(job_t j, struct semaphoreitem *si) void semaphoreitem_watch(job_t j, struct semaphoreitem *si) { - char parentdir_path[PATH_MAX], *which_path = si->what; + char *parentdir, tmp_path[PATH_MAX]; + const char *which_path = si->what; int saved_errno = 0; int fflags = 0; - - strlcpy(parentdir_path, dirname(si->what), sizeof(parentdir_path)); switch (si->why) { case PATH_EXISTS: @@ -3283,11 +3398,18 @@ semaphoreitem_watch(job_t j, struct semaphoreitem *si) return; } + /* dirname() may modify tmp_path */ + strlcpy(tmp_path, si->what, sizeof(tmp_path)); + + if (!job_assumes(j, (parentdir = dirname(tmp_path)))) { + return; + } + /* See 5321044 for why we do the do-while loop and 5415523 for why ENOENT is checked */ do { if (si->fd == -1) { if ((si->fd = _fd(open(which_path, O_EVTONLY|O_NOCTTY))) == -1) { - which_path = parentdir_path; + which_path = parentdir; si->fd = _fd(open(which_path, O_EVTONLY|O_NOCTTY)); } } @@ -3528,7 +3650,7 @@ socketgroup_new(job_t j, const char *name, int *fds, unsigned int fd_cnt, bool j } memcpy(sg->fds, fds, fd_cnt * sizeof(int)); - strcpy(sg->name, name); + strcpy(sg->name_init, name); SLIST_INSERT_HEAD(&j->sockets, sg, sle); @@ -3620,8 +3742,8 @@ envitem_new(job_t j, const char *k, const char *v, bool global) return false; } - strcpy(ei->key, k); - ei->value = ei->key + strlen(k) + 1; + strcpy(ei->key_init, k); + ei->value = ei->key_init + strlen(k) + 1; strcpy(ei->value, v); if (global) { @@ -3701,6 +3823,7 @@ limititem_delete(job_t j, struct limititem *li) free(li); } +#if HAVE_SANDBOX void seatbelt_setup_flags(launch_data_t obj, const char *key, void *context) { @@ -3719,6 +3842,7 @@ seatbelt_setup_flags(launch_data_t obj, const char *key, void *context) j->seatbelt_flags |= SANDBOX_NAMED; } } +#endif void limititem_setup(launch_data_t obj, const char *key, void *context) @@ -3760,7 +3884,7 @@ job_useless(job_t j) } else if (j->removal_pending) { job_log(j, LOG_DEBUG, "Exited while removal was pending."); return true; - } else if (j->mgr->shutting_down) { + } else if (j->mgr->shutting_down && (j->hopefully_exits_first || j->mgr->hopefully_first_cnt == 0)) { job_log(j, LOG_DEBUG, "Exited while shutdown in progress. Processes remaining: %lu/%lu", total_children, total_anon_children); return true; } else if (j->legacy_mach_job) { @@ -3786,6 +3910,10 @@ job_keepalive(job_t j) struct stat sb; bool good_exit = (WIFEXITED(j->last_exit_status) && WEXITSTATUS(j->last_exit_status) == 0); + if (j->mgr->shutting_down) { + return false; + } + /* * 5066316 * @@ -4040,6 +4168,10 @@ job_setup_exception_port(job_t j, task_t target_task) f = PPC_THREAD_STATE64; #elif defined(__i386__) f = x86_THREAD_STATE; +#elif defined(__arm__) + f = ARM_THREAD_STATE; +#else +#error "unknown architecture" #endif if (target_task) { @@ -4239,9 +4371,14 @@ void jobmgr_log_stray_children(jobmgr_t jm) { int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_ALL }; - size_t i, kp_cnt, len = 10*1024*1024; + size_t i, kp_cnt, len = sizeof(struct kinfo_proc) * get_kern_max_proc(); struct kinfo_proc *kp; +#if TARGET_OS_EMBEDDED + if (!do_apple_internal_magic) { + return; + } +#endif if (jm->parentmgr || getpid() != 1) { return; } @@ -4318,7 +4455,7 @@ jobmgr_new(jobmgr_t jm, mach_port_t requestorport, mach_port_t transfer_port, bo } jmr->kqjobmgr_callback = jobmgr_callback; - strcpy(jmr->name, name ? name : "Under construction"); + strcpy(jmr->name_init, name ? name : "Under construction"); jmr->req_port = requestorport; @@ -4366,7 +4503,7 @@ jobmgr_new(jobmgr_t jm, mach_port_t requestorport, mach_port_t transfer_port, bo } if (!name) { - sprintf(jmr->name, "%u", MACH_PORT_INDEX(jmr->jm_port)); + sprintf(jmr->name_init, "%u", MACH_PORT_INDEX(jmr->jm_port)); } /* Sigh... at the moment, MIG has maxsize == sizeof(reply union) */ @@ -4806,7 +4943,7 @@ semaphoreitem_new(job_t j, semaphore_reason_t why, const char *what) si->why = why; if (what) { - strcpy(si->what, what); + strcpy(si->what_init, what); } SLIST_INSERT_HEAD(&j->semaphores, si, sle); @@ -5111,6 +5248,10 @@ job_mig_create_server(job_t j, cmd_t server_cmd, uid_t server_uid, boolean_t on_ return BOOTSTRAP_NO_MEMORY; } + if (unlikely(j->deny_job_creation)) { + return BOOTSTRAP_NOT_PRIVILEGED; + } + runtime_get_caller_creds(&ldc); job_log(j, LOG_DEBUG, "Server create attempt: %s", server_cmd); @@ -5729,6 +5870,8 @@ job_mig_register2(job_t j, name_t servicename, mach_port_t serviceport, uint64_t job_log(j, LOG_DEBUG, "%sMach service registration attempt: %s", flags & BOOTSTRAP_PER_PID_SERVICE ? "Per PID " : "", servicename); + /* 5641783 for the embedded hack */ +#if !TARGET_OS_EMBEDDED /* * From a per-user/session launchd's perspective, SecurityAgent (UID * 92) is a rogue application (not our UID, not root and not a child of @@ -5741,6 +5884,7 @@ job_mig_register2(job_t j, name_t servicename, mach_port_t serviceport, uint64_t return BOOTSTRAP_NOT_PRIVILEGED; } } +#endif ms = jobmgr_lookup_service(j->mgr, servicename, false, flags & BOOTSTRAP_PER_PID_SERVICE ? ldc.pid : 0); @@ -5780,9 +5924,12 @@ job_mig_look_up2(job_t j, name_t servicename, mach_port_t *serviceportp, mach_ms runtime_get_caller_creds(&ldc); + /* 5641783 for the embedded hack */ +#if !TARGET_OS_EMBEDDED if (getpid() == 1 && j->anonymous && job_get_bs(j)->parentmgr == NULL && ldc.uid != 0 && ldc.euid != 0) { return VPROC_ERR_TRY_PER_USER; } +#endif if (!mspolicy_check(j, servicename, flags & BOOTSTRAP_PER_PID_SERVICE)) { job_log(j, LOG_NOTICE, "Policy denied Mach service lookup: %s", servicename); @@ -6075,7 +6222,7 @@ job_mig_move_subset(job_t j, mach_port_t target_subset, name_t session_type) } jobmgr_log(j->mgr, LOG_DEBUG, "Renaming to: %s", session_type); - strcpy(j->mgr->name, session_type); + strcpy(j->mgr->name_init, session_type); if (job_assumes(j, (j2 = jobmgr_init_session(j->mgr, session_type, false)))) { job_assumes(j, job_dispatch(j2, true)); @@ -6092,7 +6239,7 @@ job_mig_move_subset(job_t j, mach_port_t target_subset, name_t session_type) job_log(j, LOG_DEBUG, "Move subset attempt: 0x%x", target_subset); - kr = _vproc_grab_subset(target_subset, &reqport, &rcvright, &out_obj_array, &l2l_ports, &l2l_port_cnt); + errno = kr = _vproc_grab_subset(target_subset, &reqport, &rcvright, &out_obj_array, &l2l_ports, &l2l_port_cnt); if (!job_assumes(j, kr == 0)) { goto out; @@ -6366,6 +6513,66 @@ out_bad: return BOOTSTRAP_NO_MEMORY; } +kern_return_t +job_mig_embedded_wait(job_t j, name_t targetlabel, integer_t *waitstatus) +{ + job_t otherj; + + if (!launchd_assumes(j != NULL)) { + return BOOTSTRAP_NO_MEMORY; + } + + if (unlikely(!(otherj = job_find(targetlabel)))) { + return BOOTSTRAP_UNKNOWN_SERVICE; + } + + *waitstatus = j->last_exit_status; + + return 0; +} + +kern_return_t +job_mig_embedded_kickstart(job_t j, name_t targetlabel, pid_t *out_pid, mach_port_t *out_name_port) +{ + struct ldcred ldc; + kern_return_t kr; + job_t otherj; + + if (!launchd_assumes(j != NULL)) { + return BOOTSTRAP_NO_MEMORY; + } + + if (unlikely(!(otherj = job_find(targetlabel)))) { + return BOOTSTRAP_UNKNOWN_SERVICE; + } + + runtime_get_caller_creds(&ldc); + + if (ldc.euid != 0 && ldc.euid != geteuid() +#if TARGET_OS_EMBEDDED + && j->username && otherj->username + && strcmp(j->username, otherj->username) != 0 +#endif + ) { + return BOOTSTRAP_NOT_PRIVILEGED; + } + + otherj = job_dispatch(otherj, true); + + if (!job_assumes(j, otherj && otherj->p)) { + return BOOTSTRAP_NO_MEMORY; + } + + kr = task_name_for_pid(mach_task_self(), otherj->p, out_name_port); + if (!job_assumes(j, kr == 0)) { + return kr; + } + + *out_pid = otherj->p; + + return 0; +} + kern_return_t job_mig_wait(job_t j, mach_port_t srp, integer_t *waitstatus) { @@ -6415,6 +6622,7 @@ job_mig_set_service_policy(job_t j, pid_t target_pid, uint64_t flags, name_t tar job_assumes(j, mspolicy_new(target_j, target_service, flags & BOOTSTRAP_ALLOW_LOOKUP, flags & BOOTSTRAP_PER_PID_SERVICE, false)); } else { target_j->deny_unknown_mslookups = !(flags & BOOTSTRAP_ALLOW_LOOKUP); + target_j->deny_job_creation = (bool)(flags & BOOTSTRAP_DENY_JOB_CREATION); } } else { job_log(j, LOG_WARNING, "Jobs that have policies assigned to them may not set policies."); @@ -6438,6 +6646,10 @@ job_mig_spawn(job_t j, vm_offset_t indata, mach_msg_type_number_t indataCnt, pid return BOOTSTRAP_NO_MEMORY; } + if (unlikely(j->deny_job_creation)) { + return BOOTSTRAP_NOT_PRIVILEGED; + } + if (getpid() == 1 && ldc.euid && ldc.uid) { job_log(j, LOG_DEBUG, "Punting spawn to per-user-context"); return VPROC_ERR_TRY_PER_USER; @@ -6640,9 +6852,26 @@ waiting4removal_delete(job_t j, struct waiting_for_removal *w4r) free(w4r); } +size_t +get_kern_max_proc(void) +{ + int mib[] = { CTL_KERN, KERN_MAXPROC }; + int max = 100; + size_t max_sz = sizeof(max); + + launchd_assumes(sysctl(mib, 2, &max, &max_sz, NULL, 0) != -1); + + return max; +} + void do_file_init(void) { + struct stat sb; + launchd_assert(mach_timebase_info(&tbi) == 0); + if (stat("/AppleInternal", &sb) == 0) { + do_apple_internal_magic = true; + } } diff --git a/launchd/src/launchd_runtime.c b/launchd/src/launchd_runtime.c index 909473d..00bfcc0 100644 --- a/launchd/src/launchd_runtime.c +++ b/launchd/src/launchd_runtime.c @@ -18,7 +18,7 @@ * @APPLE_APACHE_LICENSE_HEADER_END@ */ -static const char *const __rcs_file_version__ = "$Revision: 23459 $"; +static const char *const __rcs_file_version__ = "$Revision: 23528 $"; #include "config.h" #include "launchd_runtime.h" @@ -275,7 +275,6 @@ reboot_flags_to_C_names(unsigned int flags) FLAGIF(RB_ASKNAME) else FLAGIF(RB_SINGLE) else FLAGIF(RB_NOSYNC) - else FLAGIF(RB_KDB) else FLAGIF(RB_HALT) else FLAGIF(RB_INITNAME) else FLAGIF(RB_DFLTROOT) diff --git a/launchd/src/launchd_runtime.h b/launchd/src/launchd_runtime.h index df875b6..904d147 100644 --- a/launchd/src/launchd_runtime.h +++ b/launchd/src/launchd_runtime.h @@ -50,6 +50,9 @@ struct ldcred { #define launchd_assert(e) if (__builtin_constant_p(e)) { char __compile_time_assert__[e ? 1 : -1] __attribute__((unused)); } else if (!launchd_assumes(e)) { abort(); } +#define likely(x) __builtin_expect((bool)(x), true) +#define unlikely(x) __builtin_expect((bool)(x), false) + void _log_launchd_bug(const char *rcs_rev, const char *path, unsigned int line, const char *test); typedef void (*kq_callback)(void *, struct kevent *); diff --git a/launchd/src/launchd_runtime_kill.c b/launchd/src/launchd_runtime_kill.c index 383c150..0907748 100644 --- a/launchd/src/launchd_runtime_kill.c +++ b/launchd/src/launchd_runtime_kill.c @@ -18,7 +18,16 @@ * @APPLE_APACHE_LICENSE_HEADER_END@ */ +#if !defined(__LP64__) && !defined(__arm__) #define _NONSTD_SOURCE 1 +#define old_kill(x, y) kill(x, y) +#define old_killpg(x, y) killpg(x, y) +#else +/* ??? No blessed way to get the old behavior */ +extern int __kill(int, int, int); +#define old_kill(x, y) __kill(x, y, 0) +#define old_killpg(x, y) __kill(-(x), y, 0) +#endif #include #include "launchd_runtime_kill.h" @@ -34,11 +43,11 @@ int runtime_kill(pid_t pid, int sig) { - return kill(pid, sig); + return old_kill(pid, sig); } int runtime_killpg(pid_t pgrp, int sig) { - return killpg(pgrp, sig); + return old_killpg(pgrp, sig); } diff --git a/launchd/src/launchproxy.c b/launchd/src/launchproxy.c index d0a07d0..2adb191 100644 --- a/launchd/src/launchproxy.c +++ b/launchd/src/launchproxy.c @@ -17,9 +17,12 @@ * * @APPLE_APACHE_LICENSE_HEADER_END@ */ +#include "config.h" +#if HAVE_SECURITY #include #include #include +#endif #include #include #include @@ -40,7 +43,7 @@ #include "launch.h" -#if __GNUC__ >= 4 +#if __GNUC__ >= 4 && HAVE_SECURITY OSStatus SessionCreate(SessionCreationFlags flags, SessionAttributeBits attributes) __attribute__((weak)); #endif @@ -184,6 +187,7 @@ int main(int argc __attribute__((unused)), char *argv[]) setpgid(0, 0); +#if HAVE_SECURITY if ((tmp = launch_data_dict_lookup(resp, LAUNCH_JOBKEY_SESSIONCREATE)) && launch_data_get_bool(tmp)) { if (SessionCreate) { OSStatus scr = SessionCreate(0, 0); @@ -193,6 +197,7 @@ int main(int argc __attribute__((unused)), char *argv[]) syslog(LOG_NOTICE, "%s: SessionCreate == NULL!", prog); } } +#endif fcntl(r, F_SETFL, 0); fcntl(r, F_SETFD, 1); dup2(r, STDIN_FILENO); diff --git a/launchd/src/libbootstrap_private.h b/launchd/src/libbootstrap_private.h index 1bcfdaa..2dcac7b 100644 --- a/launchd/src/libbootstrap_private.h +++ b/launchd/src/libbootstrap_private.h @@ -29,6 +29,7 @@ __BEGIN_DECLS #define BOOTSTRAP_PER_PID_SERVICE 0x1 #define BOOTSTRAP_ALLOW_LOOKUP 0x2 +#define BOOTSTRAP_DENY_JOB_CREATION 0x4 kern_return_t bootstrap_register2(mach_port_t bp, name_t service_name, mach_port_t sp, uint64_t flags); diff --git a/launchd/src/liblaunch.c b/launchd/src/liblaunch.c index cd36506..e9f46d3 100644 --- a/launchd/src/liblaunch.c +++ b/launchd/src/liblaunch.c @@ -147,6 +147,7 @@ static void launch_msg_getmsgs(launch_data_t m, void *context); static launch_data_t launch_msg_internal(launch_data_t d); static void launch_mach_checkin_service(launch_data_t obj, const char *key, void *context); +static launch_t in_flight_msg_recv_client; static pthread_once_t _lc_once = PTHREAD_ONCE_INIT; static struct _launch_client { @@ -562,6 +563,10 @@ out_bad: void launchd_close(launch_t lh, typeof(close) closefunc) { + if (in_flight_msg_recv_client == lh) { + in_flight_msg_recv_client = NULL; + } + if (lh->sendbuf) free(lh->sendbuf); if (lh->sendfds) @@ -1009,8 +1014,16 @@ int launchd_msg_recv(launch_t lh, void (*cb)(launch_data_t, void *), void *conte goto out_bad; } + in_flight_msg_recv_client = lh; + cb(rmsg, context); + /* launchd and only launchd can call launchd_close() as a part of the callback */ + if (in_flight_msg_recv_client == NULL) { + r = 0; + break; + } + lh->recvlen -= data_offset; if (lh->recvlen > 0) { memmove(lh->recvbuf, lh->recvbuf + data_offset, lh->recvlen); diff --git a/launchd/src/liblaunch_private.h b/launchd/src/liblaunch_private.h index 176dbdb..d073772 100644 --- a/launchd/src/liblaunch_private.h +++ b/launchd/src/liblaunch_private.h @@ -24,7 +24,6 @@ #include #include #include -#include #pragma GCC visibility push(default) @@ -67,7 +66,7 @@ typedef struct _launch *launch_t; launch_t launchd_fdopen(int); int launchd_getfd(launch_t); -void launchd_close(launch_t, typeof(close) closefunc); +void launchd_close(launch_t, __typeof__(close) closefunc); launch_data_t launch_data_new_errno(int); bool launch_data_set_errno(launch_data_t, int); @@ -114,7 +113,7 @@ struct spawn_via_launchd_attr { mach_port_t * spawn_observer_port; const cpu_type_t * spawn_binpref; size_t spawn_binpref_cnt; - qtn_proc_t spawn_quarantine; + void * spawn_quarantine; const char * spawn_seatbelt_profile; const uint64_t * spawn_seatbelt_flags; }; diff --git a/launchd/src/liblaunch_public.h b/launchd/src/liblaunch_public.h index ca12880..a7dc0c0 100644 --- a/launchd/src/liblaunch_public.h +++ b/launchd/src/liblaunch_public.h @@ -99,6 +99,9 @@ __BEGIN_DECLS #define LAUNCH_JOBKEY_THROTTLEINTERVAL "ThrottleInterval" #define LAUNCH_JOBKEY_LAUNCHONLYONCE "LaunchOnlyOnce" #define LAUNCH_JOBKEY_ABANDONPROCESSGROUP "AbandonProcessGroup" +#define LAUNCH_JOBKEY_POLICIES "Policies" + +#define LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS "DenyCreatingOtherJobs" #define LAUNCH_JOBINETDCOMPATIBILITY_WAIT "Wait" diff --git a/launchd/src/libvproc.c b/launchd/src/libvproc.c index c6b2199..ae53b3c 100644 --- a/launchd/src/libvproc.c +++ b/launchd/src/libvproc.c @@ -32,6 +32,9 @@ #include #include #include +#if HAVE_QUARANTINE +#include +#endif #include "liblaunch_public.h" #include "liblaunch_private.h" @@ -201,6 +204,7 @@ _spawn_via_launchd(const char *label, const char *const *argv, const struct spaw if (spawn_attrs) switch (struct_version) { case 2: +#if HAVE_QUARANTINE if (spawn_attrs->spawn_quarantine) { char qbuf[QTN_SERIALIZED_DATA_MAX]; size_t qbuf_sz = QTN_SERIALIZED_DATA_MAX; @@ -210,6 +214,7 @@ _spawn_via_launchd(const char *label, const char *const *argv, const struct spaw launch_data_dict_insert(in_obj, tmp, LAUNCH_JOBKEY_QUARANTINEDATA); } } +#endif if (spawn_attrs->spawn_seatbelt_profile) { tmp = launch_data_new_string(spawn_attrs->spawn_seatbelt_profile); @@ -552,6 +557,26 @@ reboot2(uint64_t flags) return reboot2; } +vproc_err_t +_vproc_kickstart_by_label(const char *label, pid_t *out_pid, mach_port_t *out_port_name) +{ + if (vproc_mig_embedded_kickstart(bootstrap_port, (char *)label, out_pid, out_port_name) == 0) { + return NULL; + } + + return (vproc_err_t)_vproc_kickstart_by_label; +} + +vproc_err_t +_vproc_wait_by_label(const char *label, int *out_wstatus) +{ + if (vproc_mig_embedded_wait(bootstrap_port, (char *)label, out_wstatus) == 0) { + return NULL; + } + + return (vproc_err_t)_vproc_wait_by_label; +} + vproc_err_t _vproc_set_global_on_demand(bool state) { diff --git a/launchd/src/libvproc_private.h b/launchd/src/libvproc_private.h index b303f5b..991ceb0 100644 --- a/launchd/src/libvproc_private.h +++ b/launchd/src/libvproc_private.h @@ -61,6 +61,8 @@ typedef void (*_vprocmgr_log_drain_callback_t)(struct timeval *when, pid_t from_ vproc_err_t _vprocmgr_log_drain(vproc_t vp, pthread_mutex_t *optional_mutex_around_callback, _vprocmgr_log_drain_callback_t func); vproc_err_t _vproc_send_signal_by_label(const char *label, int sig); +vproc_err_t _vproc_kickstart_by_label(const char *label, pid_t *out_pid, mach_port_t *out_port_name); +vproc_err_t _vproc_wait_by_label(const char *label, int *out_wstatus); void _vproc_log(int pri, const char *msg, ...) __attribute__((format(printf, 2, 3))); void _vproc_log_error(int pri, const char *msg, ...) __attribute__((format(printf, 2, 3))); diff --git a/launchd/src/protocol_job.defs b/launchd/src/protocol_job.defs index d709376..fef2208 100644 --- a/launchd/src/protocol_job.defs +++ b/launchd/src/protocol_job.defs @@ -166,3 +166,14 @@ routine log_drain( routine log_forward( __bs_port : job_t; __inval : pointer_t); + +routine embedded_kickstart( + __bs_port : job_t; + __label : name_t; + out __pid : pid_t; + out __name_port : mach_port_t); + +routine embedded_wait( + __bs_port : job_t; + __label : name_t; + out __waitval : integer_t);