Changeset 23487

Timestamp:

2008-01-18 13:24:30 (9 months ago)

Author:

zarzycki@…

Message:

<rdar://problem/5653227> work with Seatbelt to provide access control on spawn_via_launchd

Location:

branches/SULeopard/launchd/src

Files:

• launchd_core_logic.c (modified) (5 diffs)
• liblaunch_public.h (modified) (1 diff)

branches/SULeopard/launchd/src/launchd_core_logic.c

@@ -362 +362 @@
                      wait4pipe_eof:1, sent_sigkill:1, debug_before_kill:1, weird_bootstrap:1, start_on_mount:1,
                      per_user:1, hopefully_exits_first:1, deny_unknown_mslookups:1, unload_at_mig_return:1, abandon_pg:1,
-                     poll_for_vfs_changes:1, internal_exc_handler:1, can_kickstart:1;
+                     poll_for_vfs_changes:1, internal_exc_handler:1, deny_job_creation:1;
         const char label[0];
 };
@@ -1576 +1576 @@
 
         switch (key[0]) {
-        case 'c':
-        case 'C':
-                if (strcasecmp(key, LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS) == 0) {
-                        j->can_kickstart = launch_data_get_bool(obj);
+        case 'd':
+        case 'D':
+                if (strcasecmp(key, LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS) == 0) {
+                        j->deny_job_creation = launch_data_get_bool(obj);
                         found_key = true;
                 }
@@ -5141 +5141 @@
         }
 
+        if (unlikely(j->deny_job_creation)) {
+                return BOOTSTRAP_NOT_PRIVILEGED;
+        }
+
         runtime_get_caller_creds(&ldc);
 
@@ -6425 +6429 @@
         }
 
-        runtime_get_caller_creds(&ldc);
-
-        if (!j->can_kickstart || (ldc.euid != 0 && ldc.euid != geteuid())) {
-                return BOOTSTRAP_NOT_PRIVILEGED;
-        }
-
         if (unlikely(!(otherj = job_find(targetlabel)))) {
                 return BOOTSTRAP_UNKNOWN_SERVICE;
+        }
+
+        runtime_get_caller_creds(&ldc);
+
+        if (ldc.euid != 0 && ldc.euid != geteuid()
+#if TARGET_OS_EMBEDDED
+                        && j->username && otherj->username
+                        && strcmp(j->username, otherj->username) != 0
+#endif
+                        ) {
+                return BOOTSTRAP_NOT_PRIVILEGED;
         }
 
@@ -6521 +6530 @@
         if (!launchd_assumes(j != NULL)) {
                 return BOOTSTRAP_NO_MEMORY;
+        }
+
+        if (unlikely(j->deny_job_creation)) {
+                return BOOTSTRAP_NOT_PRIVILEGED;
         }
 

branches/SULeopard/launchd/src/liblaunch_public.h

@@ -102 +102 @@
 #define LAUNCH_JOBKEY_POLICIES                  "Policies"
 
-#define LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS  "CanKickStartOtherJobs"
+#define LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS  "DenyCreatingOtherJobs"
 
 #define LAUNCH_JOBINETDCOMPATIBILITY_WAIT       "Wait"