SMJobBlessApp/SMJobBlessAppController.m
/* |
File: SMJobBlessAppController.m |
Abstract: The main application controller. When the application has finished |
launching, the helper tool will be installed. |
Version: 1.5 |
Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple |
Inc. ("Apple") in consideration of your agreement to the following |
terms, and your use, installation, modification or redistribution of |
this Apple software constitutes acceptance of these terms. If you do |
not agree with these terms, please do not use, install, modify or |
redistribute this Apple software. |
In consideration of your agreement to abide by the following terms, and |
subject to these terms, Apple grants you a personal, non-exclusive |
license, under Apple's copyrights in this original Apple software (the |
"Apple Software"), to use, reproduce, modify and redistribute the Apple |
Software, with or without modifications, in source and/or binary forms; |
provided that if you redistribute the Apple Software in its entirety and |
without modifications, you must retain this notice and the following |
text and disclaimers in all such redistributions of the Apple Software. |
Neither the name, trademarks, service marks or logos of Apple Inc. may |
be used to endorse or promote products derived from the Apple Software |
without specific prior written permission from Apple. Except as |
expressly stated in this notice, no other rights or licenses, express or |
implied, are granted by Apple herein, including but not limited to any |
patent rights that may be infringed by your derivative works or by other |
works in which the Apple Software may be incorporated. |
The Apple Software is provided by Apple on an "AS IS" basis. APPLE |
MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION |
THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS |
FOR A PARTICULAR PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND |
OPERATION ALONE OR IN COMBINATION WITH YOUR PRODUCTS. |
IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
INTERRUPTION) ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, |
MODIFICATION AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED |
AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE), |
STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE |
POSSIBILITY OF SUCH DAMAGE. |
Copyright (C) 2013 Apple Inc. All Rights Reserved. |
*/ |
#import "SMJobBlessAppController.h" |
#import <ServiceManagement/ServiceManagement.h> |
#import <Security/Authorization.h> |
@implementation SMJobBlessAppController |
- (void)applicationDidFinishLaunching:(NSNotification *)notification |
{ |
#pragma unused(notification) |
NSError *error = nil; |
OSStatus status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &self->_authRef); |
if (status != errAuthorizationSuccess) { |
/* AuthorizationCreate really shouldn't fail. */ |
assert(NO); |
self->_authRef = NULL; |
} |
if (![self blessHelperWithLabel:@"com.apple.bsd.SMJobBlessHelper" error:&error]) { |
NSLog(@"Something went wrong! %@ / %d", [error domain], (int) [error code]); |
} else { |
/* At this point, the job is available. However, this is a very |
* simple sample, and there is no IPC infrastructure set up to |
* make it launch-on-demand. You would normally achieve this by |
* using XPC (via a MachServices dictionary in your launchd.plist). |
*/ |
NSLog(@"Job is available!"); |
[self->_textField setHidden:false]; |
} |
} |
- (BOOL)applicationShouldTerminateAfterLastWindowClosed:(NSApplication *)sender |
{ |
#pragma unused(sender) |
return YES; |
} |
- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)errorPtr; |
{ |
BOOL result = NO; |
NSError * error = nil; |
AuthorizationItem authItem = { kSMRightBlessPrivilegedHelper, 0, NULL, 0 }; |
AuthorizationRights authRights = { 1, &authItem }; |
AuthorizationFlags flags = kAuthorizationFlagDefaults | |
kAuthorizationFlagInteractionAllowed | |
kAuthorizationFlagPreAuthorize | |
kAuthorizationFlagExtendRights; |
/* Obtain the right to install our privileged helper tool (kSMRightBlessPrivilegedHelper). */ |
OSStatus status = AuthorizationCopyRights(self->_authRef, &authRights, kAuthorizationEmptyEnvironment, flags, NULL); |
if (status != errAuthorizationSuccess) { |
error = [NSError errorWithDomain:NSOSStatusErrorDomain code:status userInfo:nil]; |
} else { |
CFErrorRef cfError; |
/* This does all the work of verifying the helper tool against the application |
* and vice-versa. Once verification has passed, the embedded launchd.plist |
* is extracted and placed in /Library/LaunchDaemons and then loaded. The |
* executable is placed in /Library/PrivilegedHelperTools. |
*/ |
result = (BOOL) SMJobBless(kSMDomainSystemLaunchd, (CFStringRef)label, self->_authRef, &cfError); |
if (!result) { |
error = CFBridgingRelease(cfError); |
} |
} |
if ( ! result && (errorPtr != NULL) ) { |
assert(error != nil); |
*errorPtr = error; |
} |
return result; |
} |
@end |
Copyright © 2013 Apple Inc. All Rights Reserved. Terms of Use | Privacy Policy | Updated: 2013-09-17