Skip to content

[app] Support running in a jailed state #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tesaguri wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[app] Support running in a jailed state #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c20239a
[common] Always spawn `login` command as the super user
tesaguri Oct 9, 2023
333d1fc
[app] Add entitlements to let spawned commands access other containers
tesaguri Oct 10, 2023
f385299
[common] Spawn `login` as `mobile` when `loginIsShell` is `true`
tesaguri Oct 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions App/entitlements.plist
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@
<true/>
<key>com.apple.private.security.no-container</key>
<true/>
<key>com.apple.private.security.storage.AppDataContainers</key>
<true/>
<key>com.apple.private.security.storage-exempt.heritable</key>
<true/>
<key>com.apple.private.persona-mgmt</key>
<true/>
<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>IOUserClient</string>
Expand Down
15 changes: 14 additions & 1 deletion Common/Controllers/SubProcess.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,19 @@ class SubProcess {
posix_spawn_file_actions_adddup2(&actions, fds.replica, STDERR_FILENO)
defer { posix_spawn_file_actions_destroy(&actions) }

var attr: posix_spawnattr_t!
posix_spawnattr_init(&attr)
defer { posix_spawnattr_destroy(&attr) }
#if !(targetEnvironment(simulator) || targetEnvironment(macCatalyst))
if !Self.loginIsShell {
// Spawn `login` as the super user even in a jailed state, where the rootfs has the
// nosuid option set.
posix_spawnattr_set_persona_np(&attr, 99, POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE)
posix_spawnattr_set_persona_uid_np(&attr, 0)
posix_spawnattr_set_persona_gid_np(&attr, 0)
}
#endif

// TODO: At some point, come up with some way to keep track of working directory changes.
// When opening a new tab, we can switch straight to the previous tab’s working directory.
let argv: [UnsafeMutablePointer<CChar>?]
Expand All @@ -189,7 +202,7 @@ class SubProcess {
}

var pid = pid_t()
let result = ie_posix_spawn(&pid, Self.login, &actions, nil, argv, envp)
let result = ie_posix_spawn(&pid, Self.login, &actions, &attr, argv, envp)
close(fds.replica)
if result != 0 {
// Fork failed.
Expand Down
7 changes: 7 additions & 0 deletions Common/Supporting Files/NewTermCommon.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,11 @@ static inline int ie_posix_spawn(pid_t *pid, const char *path, const posix_spawn
#else
extern int ie_getpwuid_r(uid_t uid, struct passwd *pw, char *buf, size_t buflen, struct passwd **pwretp);
extern int ie_posix_spawn(pid_t *pid, const char *path, const posix_spawn_file_actions_t *file_actions, const posix_spawnattr_t *attrp, char *const argv[], char *const envp[]);

#define POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE ((uint32_t) 1)

// https://github.com/apple-oss-distributions/xnu/blob/1031c584a5e37aff177559b9f69dbd3c8c3fd30a/libsyscall/wrappers/spawn/spawn_private.h#L87-L89
extern int posix_spawnattr_set_persona_np(const posix_spawnattr_t *attr, uid_t persona_id, uint32_t flags);
extern int posix_spawnattr_set_persona_uid_np(const posix_spawnattr_t *attr, uid_t uid);
extern int posix_spawnattr_set_persona_gid_np(const posix_spawnattr_t *attr, gid_t gid);
#endif