b9c53daa55
On Lion, because the rights initially doesn't exist in /etc/authorization, if an admin user logs in and uses lldb within the first 5 minutes, it is possible to do AuthorizationCopyRights on LaunchUsingXPCRightName and get the rights back. As another security measure, we make sure that the LaunchUsingXPCRightName rights actually exists. Removed Xcode as the user of the XPC service to shrink the security surface area. llvm-svn: 156424
51 lines
2.1 KiB
Plaintext
51 lines
2.1 KiB
Plaintext
#include <AvailabilityMacros.h>
|
|
|
|
#if !defined(MAC_OS_X_VERSION_10_7) || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_7
|
|
#define BUILDING_ON_SNOW_LEOPARD 1
|
|
#endif
|
|
|
|
#if !BUILDING_ON_SNOW_LEOPARD
|
|
#define __XPC_PRIVATE_H__
|
|
#include <xpc/xpc.h>
|
|
#include <Security/Security.h>
|
|
#include "LauncherXPCService.h"
|
|
|
|
// Returns 0 if successful.
|
|
int _validate_authorization(xpc_object_t message)
|
|
{
|
|
size_t data_length = 0ul;
|
|
const char *data_bytes = (const char *)xpc_dictionary_get_data(message, LauncherXPCServiceAuthKey, &data_length);
|
|
|
|
AuthorizationExternalForm extAuth;
|
|
if (data_length < sizeof(extAuth.bytes))
|
|
return 1;
|
|
|
|
memcpy(extAuth.bytes, data_bytes, sizeof(extAuth.bytes));
|
|
AuthorizationRef authRef;
|
|
if (AuthorizationCreateFromExternalForm(&extAuth, &authRef) != errAuthorizationSuccess)
|
|
return 2;
|
|
|
|
AuthorizationItem item1 = { LaunchUsingXPCRightName, 0, NULL, 0 };
|
|
AuthorizationItem items[] = {item1};
|
|
AuthorizationRights requestedRights = {1, items };
|
|
AuthorizationRights *outAuthorizedRights = NULL;
|
|
OSStatus status = AuthorizationCopyRights(authRef, &requestedRights, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &outAuthorizedRights);
|
|
|
|
// Given a set of rights, return the subset that is currently authorized by the AuthorizationRef given; count(subset) > 0 -> success.
|
|
bool auth_success = (status == errAuthorizationSuccess && outAuthorizedRights && outAuthorizedRights->count > 0) ? true : false;
|
|
if (outAuthorizedRights) AuthorizationFreeItemSet(outAuthorizedRights);
|
|
if (!auth_success)
|
|
return 3;
|
|
|
|
// On Lion, because the rights initially doesn't exist in /etc/authorization, if an admin user logs in and uses lldb within the first 5 minutes,
|
|
// it is possible to do AuthorizationCopyRights on LaunchUsingXPCRightName and get the rights back.
|
|
// As another security measure, we make sure that the LaunchUsingXPCRightName rights actually exists.
|
|
status = AuthorizationRightGet(LaunchUsingXPCRightName, NULL);
|
|
if (status == errAuthorizationSuccess)
|
|
return 0;
|
|
else
|
|
return 4;
|
|
}
|
|
|
|
#endif
|