Gaining Root Access w/ Elevated Helper & SMJobBless

587 views Asked by At

I'm working on something that needs to install files periodically into a folder in /Library.

I understand that in the past I could have used one of the Authenticate methods but those have since been deprecated in 10.7.

What I've understood from my reading so far:

I should create a helper that somehow gets authenticated and have that helper do all of the moving tasks. I've taken a look at some of the sample code, including some involving XPC and one called Elevator but I'm a bit confused.

A lot of it seems to deal with setting up some sort of client / server model but I'm not sure how this would translate into me actually installing my files into the correct directories. Most of the examples are just passing strings.

My question simply: How can I create my folder in /Library programmatically and periodically write files to it while only prompting the user for a password ONCE and never again? I'm really not sure how to approach this and there doesn't seem to be much documentation.

1

There are 1 answers

0
harrisg On

You are correct that there isn't much documentation for this. You'll basically write another app, the helper app, which will get installed with SMJobBless(). Not surprisingly, the tricky part here is the code signing. The least obvious part for me was that the SMAuthorizedClients and SMPrivilegedExecutables entries in the info plist files of each app are dependent on the identity/certificate that you used to sign the app with. There is also a trick with the compiler/linker to getting the info plist file compiled into the helper tool, which will be a single executable file, rather than a bundle.

Once you get the helper app up and running then you have to devise a way to communicate with it since these are two different processes. XPC is one option, perhaps the easiest. XPC is typically used with server processes, but what you are using here is the communication side of XPC only. Basically it passes dictionaries back and forth between the two apps. Create a standard format for the dictionary. I used @"action", @"source", and @"destination" with 3 different action values, @"filemove", @"filecopy", and @"makedirectory". Those are the 3 things that my helper app can do and I can easily add more if necessary.

The helper app will basically setup the XPC connection and event handler stuff and wait for a connection and commands. The commands will just be a dictionary so you check for the appropriate keys/values and do whatever.

I can provide more details and code if you need more help, but this question is 9 months old so I don't want to waste time giving you details you've already figured out.