1
/*
2
 * Copyright (c) 2005-2011 Apple Inc. All rights reserved.
3
 *
4
 * @APPLE_APACHE_LICENSE_HEADER_START@
5
 *
6
 * Licensed under the Apache License, Version 2.0 (the "License");
7
 * you may not use this file except in compliance with the License.
8
 * You may obtain a copy of the License at
9
 *
10
 *     http://www.apache.org/licenses/LICENSE-2.0
11
 *
12
 * Unless required by applicable law or agreed to in writing, software
13
 * distributed under the License is distributed on an "AS IS" BASIS,
14
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
 * See the License for the specific language governing permissions and
16
 * limitations under the License.
17
 *
18
 * @APPLE_APACHE_LICENSE_HEADER_END@
19
 */
20

21
#include "config.h"
22
#include "launch.h"
23
#include "launch_priv.h"
24
#include "bootstrap.h"
25
#include "vproc.h"
26
#include "vproc_priv.h"
27
#include "vproc_internal.h"
28
#include "bootstrap_priv.h"
29
#include "launch_internal.h"
30

31
#include <CoreFoundation/CoreFoundation.h>
32
#include <CoreFoundation/CFPriv.h>
33
#include <CoreFoundation/CFLogUtilities.h>
34
#include <TargetConditionals.h>
35
#include <IOKit/IOKitLib.h>
36
#include <NSSystemDirectories.h>
37
#include <mach/mach.h>
38
#include <mach-o/getsect.h>
39
#include <sys/types.h>
40
#include <sys/sysctl.h>
41
#include <sys/time.h>
42
#include <sys/sysctl.h>
43
#include <sys/stat.h>
44
#include <sys/socket.h>
45
#include <sys/un.h>
46
#include <sys/fcntl.h>
47
#include <sys/event.h>
48
#include <sys/resource.h>
49
#include <sys/param.h>
50
#include <sys/mount.h>
51
#include <sys/reboot.h>
52
#include <net/if.h>
53
#include <netinet/in.h>
54
#include <netinet/in_var.h>
55
#include <netinet6/nd6.h>
56
#include <unistd.h>
57
#include <dirent.h>
58
#include <libgen.h>
59
#include <libinfo.h>
60
#include <pwd.h>
61
#include <stdio.h>
62
#include <stdlib.h>
63
#include <pwd.h>
64
#include <grp.h>
65
#include <netdb.h>
66
#include <syslog.h>
67
#include <glob.h>
68
#include <readline/readline.h>
69
#include <readline/history.h>
70
#include <dns_sd.h>
71
#include <paths.h>
72
#include <utmpx.h>
73
#include <bootfiles.h>
74
#include <sysexits.h>
75
#include <util.h>
76
#include <spawn.h>
77
#include <sys/syslimits.h>
78
#include <fnmatch.h>
79
#include <os/assumes.h>
80
#include <dlfcn.h>
81
#if HAVE_SYSTEMSTATS
82
#include <systemstats/systemstats.h>
83
#endif
84

85
#if HAVE_LIBAUDITD
86
#include <bsm/auditd_lib.h>
87
#ifndef	AUDITD_PLIST_FILE
88
#define	AUDITD_PLIST_FILE "/System/Library/LaunchDaemons/com.apple.auditd.plist"
89
#endif
90
#endif
91

92
extern char **environ;
93

94
#define LAUNCH_SECDIR _PATH_TMP "launch-XXXXXX"
95
#define LAUNCH_ENV_KEEPCONTEXT	"LaunchKeepContext"
96
#define LAUNCH_ENV_BOOTSTRAPPINGSYSTEM "LaunchBootstrappingSystem"
97

98
#define CFTypeCheck(cf, type) (CFGetTypeID(cf) == type ## GetTypeID())
99
#define CFReleaseIfNotNULL(cf) if (cf) CFRelease(cf);
100

101
#if TARGET_OS_EMBEDDED
102
#include <sys/kern_memorystatus.h>
103

104
#define XPC_PLIST_CACHE "/System/Library/Caches/com.apple.xpcd/xpcd_cache.dylib"
105
#define XPC_PLIST_CACHE_KEY "LaunchDaemons"
106

107
#if JETSAM_PRIORITY_REVISION
108
#define READ_JETSAM_DEFAULTS 1
109
#define JETSAM_PROP_DIR "/System/Library/LaunchDaemons"
110
#define JETSAM_PROP_DIR_LENGTH (sizeof(JETSAM_PROP_DIR) - 1)
111
#define JETSAM_PROP_PREFIX "com.apple.jetsamproperties."
112
#define JETSAM_PROP_PREFIX_LENGTH (sizeof(JETSAM_PROP_PREFIX) - 1)
113
#define JETSAM_PROP_SUFFIX ".plist"
114
#define JETSAM_PROP_SUFFIX_LENGTH (sizeof(JETSAM_PROP_SUFFIX) - 1)
115
#endif
116
#endif
117

118
struct load_unload_state {
119
	launch_data_t pass1;
120
	char *session_type;
121
	bool editondisk:1, load:1, forceload:1;
122
};
123

124
static void launchctl_log(int level, const char *fmt, ...);
125
static void launchctl_log_CFString(int level, CFStringRef string);
126
static void myCFDictionaryApplyFunction(const void *key, const void *value, void *context);
127
static CFTypeRef CFTypeCreateFromLaunchData(launch_data_t obj);
128
static CFArrayRef CFArrayCreateFromLaunchArray(launch_data_t arr);
129
static CFDictionaryRef CFDictionaryCreateFromLaunchDictionary(launch_data_t dict);
130
static bool launch_data_array_append(launch_data_t a, launch_data_t o);
131
static void insert_event(launch_data_t, const char *, const char *, launch_data_t);
132
static void distill_jobs(launch_data_t);
133
static void distill_config_file(launch_data_t);
134
static void distill_fsevents(launch_data_t);
135
static void sock_dict_cb(launch_data_t what, const char *key, void *context);
136
static void sock_dict_edit_entry(launch_data_t tmp, const char *key, launch_data_t fdarray, launch_data_t thejob);
137
static launch_data_t CF2launch_data(CFTypeRef);
138
static launch_data_t read_plist_file(const char *file, bool editondisk, bool load);
139
#if TARGET_OS_EMBEDDED
140
static CFPropertyListRef GetPropertyListFromCache(void);
141
static CFPropertyListRef CreateMyPropertyListFromCachedFile(const char *posixfile);
142
static bool require_jobs_from_cache(void);
143
#endif
144
static CFPropertyListRef CreateMyPropertyListFromFile(const char *);
145
static CFPropertyListRef CFPropertyListCreateFromFile(CFURLRef plistURL);
146
static void WriteMyPropertyListToFile(CFPropertyListRef, const char *);
147
static bool path_goodness_check(const char *path, bool forceload);
148
static void readpath(const char *, struct load_unload_state *);
149
static void readfile(const char *, struct load_unload_state *);
150
static int _fd(int);
151
static int demux_cmd(int argc, char *const argv[]);
152
static void submit_job_pass(launch_data_t jobs);
153
static void do_mgroup_join(int fd, int family, int socktype, int protocol, const char *mgroup);
154
static mach_port_t str2bsport(const char *s);
155
static void print_jobs(launch_data_t j, const char *key, void *context);
156
static void print_obj(launch_data_t obj, const char *key, void *context);
157
static bool str2lim(const char *buf, rlim_t *res);
158
static const char *lim2str(rlim_t val, char *buf);
159
static const char *num2name(int n);
160
static ssize_t name2num(const char *n);
161
static void unloadjob(launch_data_t job);
162
static void print_key_value(launch_data_t obj, const char *key, void *context);
163
static void print_launchd_env(launch_data_t obj, const char *key, void *context);
164
static void loopback_setup_ipv4(void);
165
static void loopback_setup_ipv6(void);
166
static pid_t fwexec(const char *const *argv, int *wstatus);
167
static void do_potential_fsck(void);
168
static bool path_check(const char *path);
169
static bool is_safeboot(void);
170
static bool is_netboot(void);
171
static void apply_sysctls_from_file(const char *thefile);
172
static void empty_dir(const char *thedir, struct stat *psb);
173
static int touch_file(const char *path, mode_t m);
174
static void do_sysversion_sysctl(void);
175
static void do_application_firewall_magic(int sfd, launch_data_t thejob);
176
static void preheat_page_cache_hack(void);
177
static void do_bootroot_magic(void);
178
static void do_single_user_mode(bool);
179
static bool do_single_user_mode2(void);
180
static void do_crash_debug_mode(void);
181
static bool do_crash_debug_mode2(void);
182
static void read_launchd_conf(void);
183
static bool job_disabled_logic(launch_data_t obj);
184
static void fix_bogus_file_metadata(void);
185
static void do_file_init(void) __attribute__((constructor));
186
static void setup_system_context(void);
187
static void handle_system_bootstrapper_crashes_separately(void);
188
static void fatal_signal_handler(int sig, siginfo_t *si, void *uap);
189

190
typedef enum {
191
	BOOTCACHE_START = 1,
192
	BOOTCACHE_TAG,
193
	BOOTCACHE_STOP,
194
} BootCache_action_t;
195

196
static void do_BootCache_magic(BootCache_action_t what);
197

198
static int bootstrap_cmd(int argc, char *const argv[]);
199
static int load_and_unload_cmd(int argc, char *const argv[]);
200
//static int reload_cmd(int argc, char *const argv[]);
201
static int start_stop_remove_cmd(int argc, char *const argv[]);
202
static int submit_cmd(int argc, char *const argv[]);
203
static int list_cmd(int argc, char *const argv[]);
204

205
static int setenv_cmd(int argc, char *const argv[]);
206
static int unsetenv_cmd(int argc, char *const argv[]);
207
static int getenv_and_export_cmd(int argc, char *const argv[]);
208
static int wait4debugger_cmd(int argc, char *const argv[]);
209

210
static int limit_cmd(int argc, char *const argv[]);
211
static int stdio_cmd(int argc, char *const argv[]);
212
static int fyi_cmd(int argc, char *const argv[]);
213
static int logupdate_cmd(int argc, char *const argv[]);
214
static int umask_cmd(int argc, char *const argv[]);
215
static int getrusage_cmd(int argc, char *const argv[]);
216
static int bsexec_cmd(int argc, char *const argv[]);
217
static int _bslist_cmd(mach_port_t bport, unsigned int depth, bool show_job, bool local_only);
218
static int bslist_cmd(int argc, char *const argv[]);
219
static int _bstree_cmd(mach_port_t bsport, unsigned int depth, bool show_jobs);
220
static int bstree_cmd(int argc __attribute__((unused)), char * const argv[] __attribute__((unused)));
221
static int managerpid_cmd(int argc __attribute__((unused)), char * const argv[] __attribute__((unused)));
222
static int manageruid_cmd(int argc __attribute__((unused)), char * const argv[] __attribute__((unused)));
223
static int managername_cmd(int argc __attribute__((unused)), char * const argv[] __attribute__((unused)));
224
static int asuser_cmd(int argc, char * const argv[]);
225
static int exit_cmd(int argc, char *const argv[]) __attribute__((noreturn));
226
static int help_cmd(int argc, char *const argv[]);
227

228
static const struct {
229
	const char *name;
230
	int (*func)(int argc, char *const argv[]);
231
	const char *desc;
232
} cmds[] = {
233
	{ "load",			load_and_unload_cmd,	"Load configuration files and/or directories" },
234
	{ "unload",			load_and_unload_cmd,	"Unload configuration files and/or directories" },
235
//	{ "reload",			reload_cmd,				"Reload configuration files and/or directories" },
236
	{ "start",			start_stop_remove_cmd,	"Start specified job" },
237
	{ "stop",			start_stop_remove_cmd,	"Stop specified job" },
238
	{ "submit",			submit_cmd,				"Submit a job from the command line" },
239
	{ "remove",			start_stop_remove_cmd,	"Remove specified job" },
240
	{ "bootstrap",		bootstrap_cmd,			"Bootstrap launchd" },
241
	{ "list",			list_cmd,				"List jobs and information about jobs" },
242
	{ "setenv",			setenv_cmd,				"Set an environmental variable in launchd" },
243
	{ "unsetenv",		unsetenv_cmd,			"Unset an environmental variable in launchd" },
244
	{ "getenv",			getenv_and_export_cmd,	"Get an environmental variable from launchd" },
245
	{ "export",			getenv_and_export_cmd,	"Export shell settings from launchd" },
246
	{ "debug",			wait4debugger_cmd,		"Set the WaitForDebugger flag for the target job to true." },
247
	{ "limit",			limit_cmd,				"View and adjust launchd resource limits" },
248
	{ "stdout",			stdio_cmd,				"Redirect launchd's standard out to the given path" },
249
	{ "stderr",			stdio_cmd,				"Redirect launchd's standard error to the given path" },
250
	{ "shutdown",		fyi_cmd,				"Prepare for system shutdown" },
251
	{ "singleuser",		fyi_cmd,				"Switch to single-user mode" },
252
	{ "getrusage",		getrusage_cmd,			"Get resource usage statistics from launchd" },
253
	{ "log",			logupdate_cmd,			"Adjust the logging level or mask of launchd" },
254
	{ "umask",			umask_cmd,				"Change launchd's umask" },
255
	{ "bsexec",			bsexec_cmd,				"Execute a process within a different Mach bootstrap subset" },
256
	{ "bslist",			bslist_cmd,				"List Mach bootstrap services and optional servers" },
257
	{ "bstree",			bstree_cmd,				"Show the entire Mach bootstrap tree. Requires root privileges." },
258
	{ "managerpid",		managerpid_cmd,			"Print the PID of the launchd managing this Mach bootstrap." },
259
	{ "manageruid",		manageruid_cmd,			"Print the UID of the launchd managing this Mach bootstrap." },
260
	{ "managername",	managername_cmd,		"Print the name of this Mach bootstrap." },
261
	{ "asuser",			asuser_cmd,				"Execute a subcommand in the given user's context." },
262
	{ "exit",			exit_cmd,				"Exit the interactive invocation of launchctl" },
263
	{ "quit",			exit_cmd,				"Quit the interactive invocation of launchctl" },
264
	{ "help",			help_cmd,				"This help output" },
265
};
266

267
static bool _launchctl_istty;
268
static bool _launchctl_verbose;
269
static bool _launchctl_is_managed;
270
static bool _launchctl_apple_internal;
271
static bool _launchctl_system_context;
272
static bool _launchctl_uid0_context;
273
static bool _launchctl_system_bootstrap;
274
static bool _launchctl_peruser_bootstrap;
275
static bool _launchctl_verbose_boot = false;
276
static bool _launchctl_startup_debugging = false;
277

278
static bool _launchctl_overrides_db_changed = false;
279
static CFMutableDictionaryRef _launchctl_overrides_db = NULL;
280

281
static char *_launchctl_job_overrides_db_path;
282
static char *_launchctl_managername = NULL;
283

284
#if READ_JETSAM_DEFAULTS
285
static CFDictionaryRef _launchctl_jetsam_defaults = NULL;
286
static CFDictionaryRef _launchctl_jetsam_defaults_cached = NULL;
287
#endif
288

289
int
290
main(int argc, char *const argv[])
291
{
292
	char *l;
293

294
	if (getenv(LAUNCH_ENV_BOOTSTRAPPINGSYSTEM)) {
295
		/* We're bootstrapping the install environment, so we can't talk to
296
		 * mDNSResponder or opendirectoryd.
297
		 *
298
		 * See <rdar://problem/9877230>.
299
		 */
300
		si_search_module_set_flags("mdns", 1);
301
		si_search_module_set_flags("ds", 1);
302
	}
303

304
	int64_t is_managed = 0;
305
	(void)vproc_swap_integer(NULL, VPROC_GSK_IS_MANAGED, NULL, &is_managed);
306
	_launchctl_is_managed = is_managed;
307

308
	_launchctl_istty = isatty(STDIN_FILENO);
309
	argc--, argv++;
310

311
	if (argc > 0 && argv[0][0] == '-') {
312
		char *flago;
313

314
		for (flago = argv[0] + 1; *flago; flago++) {
315
			switch (*flago) {
316
			case 'v':
317
				_launchctl_verbose = true;
318
				break;
319
			case 'u':
320
				if (argc > 1) {
321
					if (strncmp(argv[1], "root", sizeof("root")) == 0) {
322
						_launchctl_uid0_context = true;
323
					} else {
324
						launchctl_log(LOG_ERR, "Unknown user: %s", argv[1]);
325
						exit(EXIT_FAILURE);
326
					}
327
					argc--, argv++;
328
				} else {
329
					launchctl_log(LOG_ERR, "-u option requires an argument.");
330
				}
331
				break;
332
			case '1':
333
				_launchctl_system_context = true;
334
				break;
335
			default:
336
				launchctl_log(LOG_ERR, "Unknown argument: '-%c'", *flago);
337
				break;
338
			}
339
		}
340
		argc--, argv++;
341
	}
342

343
	/* Running in the context of the root user's per-user launchd is only from
344
	 * within that session.
345
	 */
346
	if (_launchctl_uid0_context) {
347
		int64_t manager_uid = -1, manager_pid = -1;
348
		(void)vproc_swap_integer(NULL, VPROC_GSK_MGR_UID, NULL, &manager_uid);
349
		(void)vproc_swap_integer(NULL, VPROC_GSK_MGR_PID, NULL, &manager_pid);
350
		if (manager_uid || manager_pid == 1) {
351
			launchctl_log(LOG_ERR, "Running in the root user's per-user context is not supported outside of the root user's bootstrap.");
352
			exit(EXIT_FAILURE);
353
		}
354
	} else if (!(_launchctl_system_context || _launchctl_uid0_context)) {
355
		/* Running in the system context is implied when we're running as root
356
		 * and not running as a bootstrapper.
357
		 */
358
		_launchctl_system_context = (!_launchctl_is_managed && getuid() == 0);
359
	}
360

361
	if (_launchctl_system_context) {
362
		if (getuid() == 0) {
363
			setup_system_context();
364
		} else {
365
			launchctl_log(LOG_ERR, "You must be root to run in the system context.");
366
			exit(EXIT_FAILURE);
367
		}
368
	} else if (_launchctl_uid0_context) {
369
		if (getuid() != 0) {
370
			launchctl_log(LOG_ERR, "You must be root to run in the root user context.");
371
			exit(EXIT_FAILURE);
372
		}
373
	}
374

375
	if (!readline) {
376
		launchctl_log(LOG_ERR, "missing library: readline");
377
		exit(EXIT_FAILURE);
378
	}
379

380
	if (argc == 0) {
381
		while ((l = readline(_launchctl_istty ? "launchd% " : NULL))) {
382
			char *inputstring = l, *argv2[100], **ap = argv2;
383
			int i = 0;
384

385
			while ((*ap = strsep(&inputstring, " \t"))) {
386
				if (**ap != '\0') {
387
					ap++;
388
					i++;
389
				}
390
			}
391

392
			if (i > 0) {
393
				demux_cmd(i, argv2);
394
			}
395

396
			free(l);
397
		}
398

399
		if (_launchctl_istty) {
400
			fputc('\n', stdout);
401
		}
402
	}
403

404
	if (argc > 0) {
405
		exit(demux_cmd(argc, argv));
406
	}
407

408
	exit(EXIT_SUCCESS);
409
}
410

411
int
412
demux_cmd(int argc, char *const argv[])
413
{
414
	size_t i;
415

416
	optind = 1;
417
	optreset = 1;
418

419
	for (i = 0; i < (sizeof cmds / sizeof cmds[0]); i++) {
420
		if (!strcmp(cmds[i].name, argv[0])) {
421
			return cmds[i].func(argc, argv);
422
		}
423
	}
424

425
	launchctl_log(LOG_ERR, "%s: unknown subcommand \"%s\"", getprogname(), argv[0]);
426
	return 1;
427
}
428

429
void
430
launchctl_log(int level, const char *fmt, ...)
431
{
432
	va_list ap;
433
	va_start(ap, fmt);
434

435
	if (_launchctl_is_managed) {
436
		vsyslog(level, fmt, ap);
437
	} else {
438
		char *buff = NULL;
439
		(void)vasprintf(&buff, fmt, ap);
440

441
		FILE *where = stdout;
442
		if (level < LOG_NOTICE) {
443
			where = stderr;
444
		}
445

446
		fprintf(where, "%s\n", buff);
447
		free(buff);
448
	}
449

450
	va_end(ap);
451
}
452

453
void
454
launchctl_log_CFString(int level, CFStringRef string)
455
{
456
	// Big enough. Don't feel like jumping through CF's hoops.
457
	char *buff = malloc(4096);
458
	(void)CFStringGetCString(string, buff, 4096, kCFStringEncodingUTF8);
459
	launchctl_log(level, "%s", buff);
460
	free(buff);
461
}
462

463
void
464
read_launchd_conf(void)
465
{
466
#if !TARGET_OS_EMBEDDED
467
	char s[1000], *c, *av[100];
468
	const char *file;
469
	size_t len;
470
	int i;
471
	FILE *f;
472

473
	if (getppid() == 1) {
474
		file = "/etc/launchd.conf";
475
	} else {
476
		file = "/etc/launchd-user.conf";
477
	}
478

479
	if (!(f = fopen(file, "r"))) {
480
		return;
481
	}
482

483
	while ((c = fgets(s, (int) sizeof s, f))) {
484
		len = strlen(c);
485
		if (len && c[len - 1] == '\n') {
486
			c[len - 1] = '\0';
487
		}
488

489
		i = 0;
490

491
		while ((av[i] = strsep(&c, " \t"))) {
492
			if (*(av[i]) != '\0') {
493
				i++;
494
			}
495
		}
496

497
		if (i > 0) {
498
			demux_cmd(i, av);
499
		}
500
	}
501

502
	fclose(f);
503
#endif // !TARGET_OS_EMBEDDED
504
}
505

506
static CFPropertyListRef
507
CFPropertyListCreateFromFile(CFURLRef plistURL)
508
{
509
	CFReadStreamRef plistReadStream = CFReadStreamCreateWithFile(NULL, plistURL);
510

511
	CFErrorRef streamErr = NULL;
512
	if (!CFReadStreamOpen(plistReadStream)) {
513
		streamErr = CFReadStreamCopyError(plistReadStream);
514
		CFStringRef errString = CFErrorCopyDescription(streamErr);
515

516
		launchctl_log_CFString(LOG_ERR, errString);
517

518
		CFRelease(errString);
519
		CFRelease(streamErr);
520
	}
521

522
	CFPropertyListRef plist = NULL;
523
	if (plistReadStream) {
524
		CFStringRef errString = NULL;
525
		CFPropertyListFormat plistFormat = 0;
526
		plist = CFPropertyListCreateFromStream(NULL, plistReadStream, 0, kCFPropertyListImmutable, &plistFormat, &errString);
527
		if (!plist) {
528
			launchctl_log_CFString(LOG_ERR, errString);
529
			CFRelease(errString);
530
		}
531
	}
532

533
	CFReadStreamClose(plistReadStream);
534
	CFRelease(plistReadStream);
535

536
	return plist;
537
}
538

539
int
540
unsetenv_cmd(int argc, char *const argv[])
541
{
542
	launch_data_t resp, tmp, msg;
543

544
	if (argc != 2) {
545
		launchctl_log(LOG_ERR, "%s usage: unsetenv <key>", getprogname());
546
		return 1;
547
	}
548

549
	msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
550

551
	tmp = launch_data_new_string(argv[1]);
552
	launch_data_dict_insert(msg, tmp, LAUNCH_KEY_UNSETUSERENVIRONMENT);
553

554
	resp = launch_msg(msg);
555

556
	launch_data_free(msg);
557

558
	if (resp) {
559
		launch_data_free(resp);
560
	} else {
561
		launchctl_log(LOG_ERR, "launch_msg(\"%s\"): %s", LAUNCH_KEY_UNSETUSERENVIRONMENT, strerror(errno));
562
	}
563

564
	return 0;
565
}
566

567
int
568
setenv_cmd(int argc, char *const argv[])
569
{
570
	launch_data_t resp, tmp, tmpv, msg;
571

572
	if (argc != 3) {
573
		launchctl_log(LOG_ERR, "%s usage: setenv <key> <value>", getprogname());
574
		return 1;
575
	}
576

577
	msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
578
	tmp = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
579

580
	tmpv = launch_data_new_string(argv[2]);
581
	launch_data_dict_insert(tmp, tmpv, argv[1]);
582
	launch_data_dict_insert(msg, tmp, LAUNCH_KEY_SETUSERENVIRONMENT);
583

584
	resp = launch_msg(msg);
585
	launch_data_free(msg);
586

587
	if (resp) {
588
		launch_data_free(resp);
589
	} else {
590
		launchctl_log(LOG_ERR, "launch_msg(\"%s\"): %s", LAUNCH_KEY_SETUSERENVIRONMENT, strerror(errno));
591
	}
592

593
	return 0;
594
}
595

596
void
597
print_launchd_env(launch_data_t obj, const char *key, void *context)
598
{
599
	bool *is_csh = context;
600

601
	/* XXX escape the double quotes */
602
	if (*is_csh) {
603
		launchctl_log(LOG_NOTICE, "setenv %s \"%s\";", key, launch_data_get_string(obj));
604
	} else {
605
		launchctl_log(LOG_NOTICE, "%s=\"%s\"; export %s;", key, launch_data_get_string(obj), key);
606
	}
607
}
608

609
void
610
print_key_value(launch_data_t obj, const char *key, void *context)
611
{
612
	const char *k = context;
613

614
	if (!strcmp(key, k)) {
615
		launchctl_log(LOG_NOTICE, "%s", launch_data_get_string(obj));
616
	}
617
}
618

619
int
620
getenv_and_export_cmd(int argc, char *const argv[])
621
{
622
	launch_data_t resp;
623
	bool is_csh = false;
624
	char *k;
625

626
	if (!strcmp(argv[0], "export")) {
627
		char *s = getenv("SHELL");
628
		if (s) {
629
			is_csh = strstr(s, "csh") ? true : false;
630
		}
631
	} else if (argc != 2) {
632
		launchctl_log(LOG_ERR, "%s usage: getenv <key>", getprogname());
633
		return 1;
634
	}
635

636
	k = argv[1];
637

638
	if (vproc_swap_complex(NULL, VPROC_GSK_ENVIRONMENT, NULL, &resp) == NULL) {
639
		if (!strcmp(argv[0], "export")) {
640
			launch_data_dict_iterate(resp, print_launchd_env, &is_csh);
641
		} else {
642
			launch_data_dict_iterate(resp, print_key_value, k);
643
		}
644
		launch_data_free(resp);
645
		return 0;
646
	} else {
647
		return 1;
648
	}
649

650
	return 0;
651
}
652

653
int
654
wait4debugger_cmd(int argc, char * const argv[])
655
{
656
	if (argc != 3) {
657
		launchctl_log(LOG_ERR, "%s usage: debug <label> <value>", argv[0]);
658
		return 1;
659
	}
660

661
	int result = 1;
662
	int64_t inval = 0;
663
	if (strncmp(argv[2], "true", sizeof("true")) == 0) {
664
		inval = 1;
665
	} else if (strncmp(argv[2], "false", sizeof("false")) != 0) {
666
		inval = atoi(argv[2]);
667
		inval &= 1;
668
	}
669

670
	vproc_t vp = vprocmgr_lookup_vproc(argv[1]);
671
	if (vp) {
672
		vproc_err_t verr = vproc_swap_integer(vp, VPROC_GSK_WAITFORDEBUGGER, &inval, NULL);
673
		if (verr) {
674
			launchctl_log(LOG_ERR, "Failed to set WaitForDebugger flag on %s.", argv[1]);
675
		} else {
676
			result = 0;
677
		}
678
		vproc_release(vp);
679
	}
680

681
	return result;
682
}
683

684
void
685
unloadjob(launch_data_t job)
686
{
687
	launch_data_t tmps;
688

689
	tmps = launch_data_dict_lookup(job, LAUNCH_JOBKEY_LABEL);
690

691
	if (!tmps) {
692
		launchctl_log(LOG_ERR, "%s: Error: Missing Key: %s", getprogname(), LAUNCH_JOBKEY_LABEL);
693
		return;
694
	}
695

696
	if (_vproc_send_signal_by_label(launch_data_get_string(tmps), VPROC_MAGIC_UNLOAD_SIGNAL) != NULL) {
697
		launchctl_log(LOG_ERR, "%s: Error unloading: %s", getprogname(), launch_data_get_string(tmps));
698
	}
699
}
700

701
#if READ_JETSAM_DEFAULTS
702

703
static CFDictionaryRef
704
read_jetsam_defaults_from_cache(void) {
705
	CFPropertyListRef cache = GetPropertyListFromCache();
706
	CFPropertyListRef defaults = NULL;
707
	const void **keys = 0;
708
	CFIndex count, i;
709

710
	if (!cache) {
711
		return NULL;
712
	}
713

714
	CFPropertyListRef cachefiles = CFDictionaryGetValue(cache, CFSTR(XPC_PLIST_CACHE_KEY));
715
	if (!cachefiles) {
716
		return NULL;
717
	}
718

719
	count = CFDictionaryGetCount(cachefiles);
720
	keys = (const void **)malloc(sizeof(void *) * count);
721
	if (!keys) {
722
		return NULL;
723
	}
724

725
	CFDictionaryGetKeysAndValues(cachefiles, keys, NULL);
726
	for (i = 0; i < count; i++) {
727
		CFStringRef key = (CFStringRef)keys[i];
728
		CFIndex key_length = CFStringGetLength(key);
729

730
		if (key_length <= (CFIndex)(JETSAM_PROP_DIR_LENGTH + JETSAM_PROP_PREFIX_LENGTH + JETSAM_PROP_SUFFIX_LENGTH + 1)) {
731
			continue;
732
		}
733

734
		if (CFStringCompareWithOptions(key, CFSTR(JETSAM_PROP_DIR "/" JETSAM_PROP_PREFIX),
735
			CFRangeMake(0, JETSAM_PROP_DIR_LENGTH + JETSAM_PROP_PREFIX_LENGTH + 1), 0)) {
736
			continue;
737
		}
738

739
		if (CFStringCompareWithOptions(key, CFSTR(JETSAM_PROP_SUFFIX),
740
			CFRangeMake(key_length - JETSAM_PROP_SUFFIX_LENGTH, JETSAM_PROP_SUFFIX_LENGTH), 0)) {
741
			continue;
742
		}
743

744
		defaults = CFDictionaryGetValue(cachefiles, key);
745
		break;
746
	}
747

748
	free(keys);
749

750
	return defaults;
751
}
752

753
static CFDictionaryRef
754
read_jetsam_defaults_from_file(void) {
755
	DIR *dirp;
756
	struct dirent *dp;
757
	CFDictionaryRef defaults = NULL;
758

759
	dirp = opendir(JETSAM_PROP_DIR);
760
	while ((dp = readdir(dirp)) != NULL) {
761
		char *fullpath;
762

763
		if (dp->d_namlen <= (JETSAM_PROP_PREFIX_LENGTH + JETSAM_PROP_SUFFIX_LENGTH)) {
764
			continue;
765
		}
766

767
		if (strncmp(dp->d_name, JETSAM_PROP_PREFIX, JETSAM_PROP_PREFIX_LENGTH)) {
768
			continue;
769
		}
770

771
		if (strncmp(dp->d_name + dp->d_namlen - JETSAM_PROP_SUFFIX_LENGTH, JETSAM_PROP_SUFFIX, JETSAM_PROP_SUFFIX_LENGTH)) {
772
			continue;
773
		}
774

775
		if (-1 != asprintf(&fullpath, "%s/%s", JETSAM_PROP_DIR, dp->d_name)) {
776
			defaults = (CFDictionaryRef)CreateMyPropertyListFromFile(fullpath);
777
			free(fullpath);
778
		}
779

780
		break;
781
	}
782

783
	if (dirp) {
784
		closedir(dirp);
785
	}
786

787
	return defaults;
788
}
789

790
static bool
791
submit_cached_defaults(void) {
792
	launch_data_t msg, resp;
793
	const void **keys = NULL;
794
	int i;
795

796
	if (_launchctl_jetsam_defaults_cached == NULL) {
797
	return false;
798
	}
799

800
	/* The dictionary to transmit */
801
	CFMutableDictionaryRef payload_dict = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
802

803
	/* Add a key to indicate that this is a special job */
804
	CFBooleanRef ID = kCFBooleanTrue;
805
	CFDictionaryAddValue(payload_dict, CFSTR(LAUNCH_JOBKEY_DEFAULTS), ID);
806

807
	CFMutableDictionaryRef defaults_dict = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
808

809
	CFDictionaryAddValue(payload_dict, CFSTR(LAUNCHD_JOB_DEFAULTS), defaults_dict);
810

811
	/* Compile appropriate launchd dictionary... */
812
	CFIndex count = CFDictionaryGetCount(_launchctl_jetsam_defaults_cached);
813
	keys = (const void **)malloc(sizeof(void *) * count);
814
	if (!keys) {
815
		goto exit;
816
	}
817

818
	CFDictionaryGetKeysAndValues(_launchctl_jetsam_defaults_cached, keys, NULL);
819

820
	for (i = 0; i < count; i++) {
821
		CFStringRef label = (CFStringRef)keys[i];
822

823
		/* Get the defaults for the job */
824
		CFDictionaryRef job_defaults_dict = CFDictionaryGetValue(_launchctl_jetsam_defaults_cached, label);
825
		if (!(job_defaults_dict && CFTypeCheck(job_defaults_dict, CFDictionary))) {
826
			continue;
827
		}
828

829
		/* Create a new dictionary to represent the job */
830
		CFMutableDictionaryRef job_dict = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
831

832
		/* Add the defaults */
833
		CFDictionaryAddValue(job_dict, CFSTR(LAUNCH_JOBKEY_JETSAMPROPERTIES), job_defaults_dict);
834

835
		/* Finally, add the result to the main dictionary */
836
		CFDictionaryAddValue(defaults_dict, label, job_dict);
837

838
		/* Cleanup */
839
		CFRelease(job_dict);
840
	}
841

842
	/* Send the payload */
843
	launch_data_t ldp = CF2launch_data(payload_dict);
844

845
	msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
846
	launch_data_dict_insert(msg, ldp, LAUNCH_KEY_SUBMITJOB);
847

848
	resp = launch_msg(msg);
849
	launch_data_free(msg);
850

851
	launch_data_free(resp);
852

853
exit:
854
	CFRelease(defaults_dict);
855
	CFRelease(payload_dict);
856

857
	free(keys);
858

859
	return true;
860
}
861

862
static boolean_t
863
read_jetsam_defaults(void)
864
{
865
	/* Current supported version */
866
	const int v = 3;
867

868
	CFDictionaryRef jetsam_defaults = NULL;
869

870
	if (require_jobs_from_cache()) {
871
		jetsam_defaults = read_jetsam_defaults_from_cache();
872
	} else {
873
		jetsam_defaults = read_jetsam_defaults_from_file();
874
	}
875

876
	if (NULL == jetsam_defaults) {
877
		launchctl_log(LOG_NOTICE, "%s: no jetsam property file found", getprogname());
878
		return false;
879
	}
880

881
	/* Validate the version */
882
	CFNumberRef defaults_vers = CFDictionaryGetValue(jetsam_defaults, CFSTR("Version"));
883
	if (!(defaults_vers && CFTypeCheck(defaults_vers, CFNumber))) {
884
		return false;
885
	}
886

887
	CFNumberRef supported_vers = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &v);
888
	if (!(kCFCompareEqualTo == CFNumberCompare(defaults_vers, supported_vers, NULL ))) {
889
		return false;
890
	}
891

892
	/* These defaults are merged within launchctl prior to submitting the job */
893
	_launchctl_jetsam_defaults = CFDictionaryGetValue(jetsam_defaults, CFSTR(LAUNCHD_JOB_DEFAULTS));
894
	if (!(_launchctl_jetsam_defaults && CFTypeCheck(_launchctl_jetsam_defaults, CFDictionary))) {
895
		_launchctl_jetsam_defaults = NULL;
896
		return false;
897
	}
898

899
	/* Cached defaults (applied by launchd) - parse and submit immediately as a fake job */
900
	_launchctl_jetsam_defaults_cached = CFDictionaryGetValue(jetsam_defaults, CFSTR(LAUNCHD_JOB_DEFAULTS_CACHED));
901
	if (!(_launchctl_jetsam_defaults_cached && CFTypeCheck(_launchctl_jetsam_defaults_cached, CFDictionary))) {
902
		_launchctl_jetsam_defaults_cached = NULL;
903
		return false;
904
	}
905

906
	submit_cached_defaults();
907

908
	return true;
909
}
910

911
#endif /* READ_JETSAM_DEFAULTS */
912

913
launch_data_t
914
read_plist_file(const char *file, bool editondisk, bool load)
915
{
916
	CFPropertyListRef plist;
917
	launch_data_t r = NULL;
918
#if TARGET_OS_EMBEDDED
919
	if (require_jobs_from_cache()) {
920
		plist = CreateMyPropertyListFromCachedFile(file);
921
	} else {
922
		plist = CreateMyPropertyListFromFile(file);
923
	}
924
#else
925
	plist = CreateMyPropertyListFromFile(file);
926
#endif
927

928
	if (NULL == plist) {
929
		launchctl_log(LOG_ERR, "%s: no plist was returned for: %s", getprogname(), file);
930
		return NULL;
931
	}
932

933
	CFStringRef label = CFDictionaryGetValue(plist, CFSTR(LAUNCH_JOBKEY_LABEL));
934
	if (!(label && CFTypeCheck(label, CFString))) {
935
		return NULL;
936
	}
937

938
	if (_launchctl_overrides_db) {
939
		CFDictionaryRef overrides = CFDictionaryGetValue(_launchctl_overrides_db, label);
940
		if (overrides && CFTypeCheck(overrides, CFDictionary)) {
941
			CFBooleanRef disabled = CFDictionaryGetValue(overrides, CFSTR(LAUNCH_JOBKEY_DISABLED));
942
			if (disabled && CFTypeCheck(disabled, CFBoolean)) {
943
				CFDictionarySetValue((CFMutableDictionaryRef)plist, CFSTR(LAUNCH_JOBKEY_DISABLED), disabled);
944
			}
945
		}
946
	}
947

948
	if (editondisk) {
949
		if (_launchctl_overrides_db) {
950
			CFMutableDictionaryRef job = (CFMutableDictionaryRef)CFDictionaryGetValue(_launchctl_overrides_db, label);
951
			if (!job || !CFTypeCheck(job, CFDictionary)) {
952
				job = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
953
				CFDictionarySetValue(_launchctl_overrides_db, label, job);
954
				CFRelease(job);
955
			}
956

957
			CFDictionarySetValue(job, CFSTR(LAUNCH_JOBKEY_DISABLED), load ? kCFBooleanFalse : kCFBooleanTrue);
958
			CFDictionarySetValue((CFMutableDictionaryRef)plist, CFSTR(LAUNCH_JOBKEY_DISABLED), load ? kCFBooleanFalse : kCFBooleanTrue);
959
			_launchctl_overrides_db_changed = true;
960
		} else {
961
			if (load) {
962
				CFDictionaryRemoveValue((CFMutableDictionaryRef)plist, CFSTR(LAUNCH_JOBKEY_DISABLED));
963
			} else {
964
				CFDictionarySetValue((CFMutableDictionaryRef)plist, CFSTR(LAUNCH_JOBKEY_DISABLED), kCFBooleanTrue);
965
			}
966
			WriteMyPropertyListToFile(plist, file);
967
		}
968
	}
969

970
#if READ_JETSAM_DEFAULTS
971
	if (_launchctl_jetsam_defaults) {
972
		CFDictionaryRef job_defaults_dict = CFDictionaryGetValue(_launchctl_jetsam_defaults, label);
973
		if (job_defaults_dict) {
974
			CFDictionarySetValue((CFMutableDictionaryRef)plist, CFSTR(LAUNCH_JOBKEY_JETSAMPROPERTIES), job_defaults_dict);
975
		}
976
	} else {
977
		/* The plist is missing. Set a default memory limit, since the device will be otherwise unusable */
978
		long default_limit = 0;
979
		CFMutableDictionaryRef job_defaults_dict = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
980
		CFNumberRef memory_limit = CFNumberCreate(kCFAllocatorDefault, kCFNumberLongType, &default_limit);
981
		if (memory_limit) {
982
			CFDictionaryAddValue(job_defaults_dict, CFSTR(LAUNCH_JOBKEY_JETSAMMEMORYLIMIT), memory_limit);
983
			CFRelease(memory_limit);
984
		}
985
		CFDictionarySetValue((CFMutableDictionaryRef)plist, CFSTR(LAUNCH_JOBKEY_JETSAMPROPERTIES), job_defaults_dict);
986
		CFRelease(job_defaults_dict);
987
	}
988
#endif /* READ_JETSAM_DEFAULTS */
989

990
	r = CF2launch_data(plist);
991

992
	CFRelease(plist);
993

994
	return r;
995
}
996

997
static bool
998
sysctl_hw_streq(int mib_slot, const char *str)
999
{
1000
	char buf[1000];
1001
	size_t bufsz = sizeof(buf);
1002
	int mib[] = { CTL_HW, mib_slot };
1003

1004
	if (sysctl(mib, 2, buf, &bufsz, NULL, 0) != -1) {
1005
		if (strcmp(buf, str) == 0) {
1006
			return true;
1007
		}
1008
	}
1009

1010
	return false;
1011
}
1012

1013
static void
1014
limitloadtohardware_iterator(launch_data_t val, const char *key, void *ctx)
1015
{
1016
	bool *result = ctx;
1017

1018
	char name[128];
1019
	(void)snprintf(name, sizeof(name), "hw.%s", key);
1020

1021
	int mib[2];
1022
	size_t sz = 2;
1023
	if (*result != true && os_assumes_zero(sysctlnametomib(name, mib, &sz)) == 0) {
1024
		if (launch_data_get_type(val) == LAUNCH_DATA_ARRAY) {
1025
			size_t c = launch_data_array_get_count(val);
1026

1027
			size_t i = 0;
1028
			for (i = 0; i < c; i++) {
1029
				launch_data_t oai = launch_data_array_get_index(val, i);
1030
				if (sysctl_hw_streq(mib[1], launch_data_get_string(oai))) {
1031
					*result = true;
1032
					i = c;
1033
				}
1034
			}
1035
		}
1036
	}
1037
}
1038

1039
void
1040
readfile(const char *what, struct load_unload_state *lus)
1041
{
1042
	char ourhostname[1024];
1043
	launch_data_t tmpd, tmps, thejob, tmpa;
1044
	bool job_disabled = false;
1045
	size_t i, c;
1046

1047
	gethostname(ourhostname, sizeof(ourhostname));
1048

1049
	if (NULL == (thejob = read_plist_file(what, lus->editondisk, lus->load))) {
1050
		launchctl_log(LOG_ERR, "%s: no plist was returned for: %s", getprogname(), what);
1051
		return;
1052
	}
1053

1054

1055
	if (NULL == launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_LABEL)) {
1056
		launchctl_log(LOG_ERR, "%s: missing the Label key: %s", getprogname(), what);
1057
		goto out_bad;
1058
	}
1059

1060
	if ((launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_PROGRAM) == NULL) &&
1061
		(launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_PROGRAMARGUMENTS) == NULL)) {
1062
		launchctl_log(LOG_ERR, "%s: neither a Program nor a ProgramArguments key was specified: %s", getprogname(), what);
1063
		goto out_bad;
1064
	}
1065

1066
	if (NULL != (tmpa = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_LIMITLOADFROMHOSTS))) {
1067
		c = launch_data_array_get_count(tmpa);
1068

1069
		for (i = 0; i < c; i++) {
1070
			launch_data_t oai = launch_data_array_get_index(tmpa, i);
1071
			if (!strcasecmp(ourhostname, launch_data_get_string(oai))) {
1072
				goto out_bad;
1073
			}
1074
		}
1075
	}
1076

1077
	if (NULL != (tmpa = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_LIMITLOADTOHOSTS))) {
1078
		c = launch_data_array_get_count(tmpa);
1079

1080
		for (i = 0; i < c; i++) {
1081
			launch_data_t oai = launch_data_array_get_index(tmpa, i);
1082
			if (!strcasecmp(ourhostname, launch_data_get_string(oai))) {
1083
				break;
1084
			}
1085
		}
1086

1087
		if (i == c) {
1088
			goto out_bad;
1089
		}
1090
	}
1091

1092
	if (NULL != (tmpd = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_LIMITLOADTOHARDWARE))) {
1093
		bool result = false;
1094
		launch_data_dict_iterate(tmpd, limitloadtohardware_iterator, &result);
1095
		if (!result) {
1096
			goto out_bad;
1097
		}
1098
	}
1099

1100
	if (NULL != (tmpd = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_LIMITLOADFROMHARDWARE))) {
1101
		bool result = false;
1102
		launch_data_dict_iterate(tmpd, limitloadtohardware_iterator, &result);
1103
		if (result) {
1104
			goto out_bad;
1105
		}
1106
	}
1107

1108
	/* If the manager is Aqua, the LimitLoadToSessionType should default to
1109
	 * "Aqua".
1110
	 *
1111
	 * <rdar://problem/8297909>
1112
	 */
1113
	if (!_launchctl_managername) {
1114
		if (vproc_swap_string(NULL, VPROC_GSK_MGR_NAME, NULL, &_launchctl_managername)) {
1115
			if (bootstrap_port) {
1116
				/* This is only an error if we are running with a neutered
1117
				 * bootstrap port, otherwise we wouldn't expect this operating to
1118
				 * succeed.
1119
				 *
1120
				 * <rdar://problem/10514286>
1121
				 */
1122
				launchctl_log(LOG_ERR, "Could not obtain manager name: ppid/bootstrap: %d/0x%x", getppid(), bootstrap_port);
1123
			}
1124

1125
			_launchctl_managername = "";
1126
		}
1127
	}
1128

1129
	if (!lus->session_type) {
1130
		if (strcmp(_launchctl_managername, "Aqua") == 0) {
1131
			lus->session_type = "Aqua";
1132
		}
1133
	}
1134

1135
	if (lus->session_type && !(tmpa = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_LIMITLOADTOSESSIONTYPE))) {
1136
		tmpa = launch_data_new_string("Aqua");
1137
		launch_data_dict_insert(thejob, tmpa, LAUNCH_JOBKEY_LIMITLOADTOSESSIONTYPE);
1138
	}
1139

1140
	if ((tmpa = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_LIMITLOADTOSESSIONTYPE))) {
1141
		const char *allowed_session;
1142
		bool skipjob = true;
1143

1144
		/* My sincere apologies to anyone who has to deal with this
1145
		 * LimitLoadToSessionType madness. It was like this when I got here, but
1146
		 * I've knowingly made it worse, hopefully to the benefit of the end
1147
		 * user.
1148
		 *
1149
		 * See <rdar://problem/8769211> and <rdar://problem/7114980>.
1150
		 */
1151
		if (!lus->session_type && launch_data_get_type(tmpa) == LAUNCH_DATA_STRING) {
1152
			if (strcasecmp("System", _launchctl_managername) == 0 && strcasecmp("System", launch_data_get_string(tmpa)) == 0) {
1153
				skipjob = false;
1154
			}
1155
		}
1156

1157
		if (lus->session_type) switch (launch_data_get_type(tmpa)) {
1158
		case LAUNCH_DATA_ARRAY:
1159
			c = launch_data_array_get_count(tmpa);
1160
			for (i = 0; i < c; i++) {
1161
				tmps = launch_data_array_get_index(tmpa, i);
1162
				allowed_session = launch_data_get_string(tmps);
1163
				if (strcasecmp(lus->session_type, allowed_session) == 0) {
1164
					skipjob = false;
1165
					/* we have to do the following so job_reparent_hack() works within launchd */
1166
					tmpa = launch_data_new_string(lus->session_type);
1167
					launch_data_dict_insert(thejob, tmpa, LAUNCH_JOBKEY_LIMITLOADTOSESSIONTYPE);
1168
					break;
1169
				}
1170
			}
1171
			break;
1172
		case LAUNCH_DATA_STRING:
1173
			allowed_session = launch_data_get_string(tmpa);
1174
			if (strcasecmp(lus->session_type, allowed_session) == 0) {
1175
				skipjob = false;
1176
			}
1177
			break;
1178
		default:
1179
			break;
1180
		}
1181

1182
		if (skipjob) {
1183
			goto out_bad;
1184
		}
1185
	}
1186

1187
	if ((tmpd = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_DISABLED))) {
1188
		job_disabled = job_disabled_logic(tmpd);
1189
	}
1190

1191
	if (lus->forceload) {
1192
		job_disabled = false;
1193
	}
1194

1195
	if (job_disabled && lus->load) {
1196
		goto out_bad;
1197
	}
1198

1199
	if (_launchctl_system_bootstrap || _launchctl_peruser_bootstrap) {
1200
		uuid_t uuid;
1201
		uuid_clear(uuid);
1202

1203
		launch_data_t lduuid = launch_data_new_opaque(uuid, sizeof(uuid_t));
1204
		launch_data_dict_insert(thejob, lduuid, LAUNCH_JOBKEY_SECURITYSESSIONUUID);
1205
	}
1206

1207
	launch_data_array_append(lus->pass1, thejob);
1208

1209
	if (_launchctl_verbose) {
1210
		launchctl_log(LOG_NOTICE, "Will load: %s", what);
1211
	}
1212

1213
	return;
1214
out_bad:
1215
	if (_launchctl_verbose) {
1216
		launchctl_log(LOG_NOTICE, "Ignored: %s", what);
1217
	}
1218
	launch_data_free(thejob);
1219
}
1220

1221
static void
1222
job_disabled_dict_logic(launch_data_t obj, const char *key, void *context)
1223
{
1224
	bool *r = context;
1225

1226
	if (launch_data_get_type(obj) != LAUNCH_DATA_STRING) {
1227
		return;
1228
	}
1229

1230
	if (strcasecmp(key, LAUNCH_JOBKEY_DISABLED_MACHINETYPE) == 0) {
1231
		if (sysctl_hw_streq(HW_MACHINE, launch_data_get_string(obj))) {
1232
			*r = true;
1233
		}
1234
	} else if (strcasecmp(key, LAUNCH_JOBKEY_DISABLED_MODELNAME) == 0) {
1235
		if (sysctl_hw_streq(HW_MODEL, launch_data_get_string(obj))) {
1236
			*r = true;
1237
		}
1238
	}
1239
}
1240

1241
bool
1242
job_disabled_logic(launch_data_t obj)
1243
{
1244
	bool r = false;
1245

1246
	switch (launch_data_get_type(obj)) {
1247
		case LAUNCH_DATA_DICTIONARY:
1248
			launch_data_dict_iterate(obj, job_disabled_dict_logic, &r);
1249
			break;
1250
		case LAUNCH_DATA_BOOL:
1251
			r = launch_data_get_bool(obj);
1252
			break;
1253
		default:
1254
			break;
1255
	}
1256

1257
	return r;
1258
}
1259

1260
bool
1261
path_goodness_check(const char *path, bool forceload)
1262
{
1263
	struct stat sb;
1264

1265
	if (stat(path, &sb) == -1) {
1266
		launchctl_log(LOG_ERR, "%s: Couldn't stat(\"%s\"): %s", getprogname(), path, strerror(errno));
1267
		return false;
1268
	}
1269

1270
	if (forceload) {
1271
		return true;
1272
	}
1273

1274
	if (sb.st_mode & (S_IWOTH|S_IWGRP)) {
1275
		launchctl_log(LOG_ERR, "%s: Dubious permissions on file (skipping): %s", getprogname(), path);
1276
		return false;
1277
	}
1278

1279
	if (sb.st_uid != 0 && sb.st_uid != getuid()) {
1280
		launchctl_log(LOG_ERR, "%s: Dubious ownership on file (skipping): %s", getprogname(), path);
1281
		return false;
1282
	}
1283

1284
	if (!(S_ISREG(sb.st_mode) || S_ISDIR(sb.st_mode))) {
1285
		launchctl_log(LOG_ERR, "%s: Dubious path. Not a regular file or directory (skipping): %s", getprogname(), path);
1286
		return false;
1287
	}
1288

1289
	if ((!S_ISDIR(sb.st_mode)) && (fnmatch("*.plist", path, FNM_CASEFOLD) == FNM_NOMATCH)) {
1290
		launchctl_log(LOG_ERR, "%s: Dubious file. Not of type .plist (skipping): %s", getprogname(), path);
1291
		return false;
1292
	}
1293

1294
	return true;
1295
}
1296

1297
void
1298
readpath(const char *what, struct load_unload_state *lus)
1299
{
1300
	char buf[MAXPATHLEN];
1301
	struct stat sb;
1302
	struct dirent *de;
1303
	DIR *d;
1304

1305
	if (!path_goodness_check(what, lus->forceload)) {
1306
		return;
1307
	}
1308

1309
	if (stat(what, &sb) == -1) {
1310
		return;
1311
	}
1312

1313
	if (S_ISREG(sb.st_mode)) {
1314
		readfile(what, lus);
1315
	} else if (S_ISDIR(sb.st_mode)) {
1316
		if ((d = opendir(what)) == NULL) {
1317
			launchctl_log(LOG_ERR, "%s: opendir() failed to open the directory", getprogname());
1318
			return;
1319
		}
1320

1321
		while ((de = readdir(d))) {
1322
			if (de->d_name[0] == '.') {
1323
				continue;
1324
			}
1325
			snprintf(buf, sizeof(buf), "%s/%s", what, de->d_name);
1326

1327
			if (!path_goodness_check(buf, lus->forceload)) {
1328
				continue;
1329
			}
1330

1331
			readfile(buf, lus);
1332
		}
1333
		closedir(d);
1334
	}
1335
}
1336

1337
void
1338
insert_event(launch_data_t job, const char *stream, const char *key, launch_data_t event)
1339
{
1340
	launch_data_t launchevents, streamdict;
1341

1342
	launchevents = launch_data_dict_lookup(job, LAUNCH_JOBKEY_LAUNCHEVENTS);
1343
	if (launchevents == NULL) {
1344
		launchevents = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
1345
		launch_data_dict_insert(job, launchevents, LAUNCH_JOBKEY_LAUNCHEVENTS);
1346
	}
1347

1348
	streamdict = launch_data_dict_lookup(launchevents, stream);
1349
	if (streamdict == NULL) {
1350
		streamdict = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
1351
		launch_data_dict_insert(launchevents, streamdict, stream);
1352
	}
1353

1354
	launch_data_dict_insert(streamdict, event, key);
1355
}
1356

1357
struct distill_context {
1358
	launch_data_t base;
1359
	launch_data_t newsockdict;
1360
};
1361

1362
void
1363
distill_jobs(launch_data_t jobs)
1364
{
1365
	size_t i, c = launch_data_array_get_count(jobs);
1366
	launch_data_t job;
1367

1368
	for (i = 0; i < c; i++) {
1369
		job = launch_data_array_get_index(jobs, i);
1370
		distill_config_file(job);
1371
		distill_fsevents(job);
1372
	}
1373
}
1374

1375
void
1376
distill_config_file(launch_data_t id_plist)
1377
{
1378
	struct distill_context dc = { id_plist, NULL };
1379
	launch_data_t tmp;
1380

1381
	if ((tmp = launch_data_dict_lookup(dc.base, LAUNCH_JOBKEY_SOCKETS))) {
1382
		dc.newsockdict = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
1383
		launch_data_dict_iterate(tmp, sock_dict_cb, &dc);
1384
		launch_data_dict_insert(dc.base, dc.newsockdict, LAUNCH_JOBKEY_SOCKETS);
1385
	}
1386
}
1387

1388
void
1389
sock_dict_cb(launch_data_t what, const char *key, void *context)
1390
{
1391
	struct distill_context *dc = context;
1392
	launch_data_t fdarray = launch_data_alloc(LAUNCH_DATA_ARRAY);
1393

1394
	launch_data_dict_insert(dc->newsockdict, fdarray, key);
1395

1396
	if (launch_data_get_type(what) == LAUNCH_DATA_DICTIONARY) {
1397
		sock_dict_edit_entry(what, key, fdarray, dc->base);
1398
	} else if (launch_data_get_type(what) == LAUNCH_DATA_ARRAY) {
1399
		launch_data_t tmp;
1400
		size_t i;
1401

1402
		for (i = 0; i < launch_data_array_get_count(what); i++) {
1403
			tmp = launch_data_array_get_index(what, i);
1404
			sock_dict_edit_entry(tmp, key, fdarray, dc->base);
1405
		}
1406
	}
1407
}
1408

1409
void
1410
sock_dict_edit_entry(launch_data_t tmp, const char *key, launch_data_t fdarray, launch_data_t thejob)
1411
{
1412
	launch_data_t a, val;
1413
	int sfd, st = SOCK_STREAM;
1414
	bool passive = true;
1415

1416
	if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_TYPE))) {
1417
		if (!strcasecmp(launch_data_get_string(val), "stream")) {
1418
			st = SOCK_STREAM;
1419
		} else if (!strcasecmp(launch_data_get_string(val), "dgram")) {
1420
			st = SOCK_DGRAM;
1421
		} else if (!strcasecmp(launch_data_get_string(val), "seqpacket")) {
1422
			st = SOCK_SEQPACKET;
1423
		}
1424
	}
1425

1426
	if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_PASSIVE))) {
1427
		passive = launch_data_get_bool(val);
1428
	}
1429

1430
	if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_SECUREWITHKEY))) {
1431
		char secdir[] = LAUNCH_SECDIR, buf[1024];
1432
		launch_data_t uenv = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_USERENVIRONMENTVARIABLES);
1433

1434
		if (NULL == uenv) {
1435
			uenv = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
1436
			launch_data_dict_insert(thejob, uenv, LAUNCH_JOBKEY_USERENVIRONMENTVARIABLES);
1437
		}
1438

1439
		mkdtemp(secdir);
1440

1441
		sprintf(buf, "%s/%s", secdir, key);
1442

1443
		a = launch_data_new_string(buf);
1444
		launch_data_dict_insert(tmp, a, LAUNCH_JOBSOCKETKEY_PATHNAME);
1445
		a = launch_data_new_string(buf);
1446
		launch_data_dict_insert(uenv, a, launch_data_get_string(val));
1447
	}
1448

1449
	if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_PATHNAME))) {
1450
		struct sockaddr_un sun;
1451
		mode_t sun_mode = 0;
1452
		mode_t oldmask;
1453
		bool setm = false;
1454

1455
		memset(&sun, 0, sizeof(sun));
1456

1457
		sun.sun_family = AF_UNIX;
1458

1459
		strncpy(sun.sun_path, launch_data_get_string(val), sizeof(sun.sun_path));
1460

1461
		if (posix_assumes_zero(sfd = _fd(socket(AF_UNIX, st, 0))) == -1) {
1462
			return;
1463
		}
1464

1465
		if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_PATHMODE))) {
1466
			sun_mode = (mode_t)launch_data_get_integer(val);
1467
			setm = true;
1468
		}
1469

1470
		if (passive) {
1471
			if (unlink(sun.sun_path) == -1 && errno != ENOENT) {
1472
				close(sfd);
1473
				return;
1474
			}
1475
			oldmask = umask(S_IRWXG|S_IRWXO);
1476
			if (bind(sfd, (struct sockaddr *)&sun, (socklen_t) sizeof sun) == -1) {
1477
				close(sfd);
1478
				umask(oldmask);
1479
				return;
1480
			}
1481
			umask(oldmask);
1482
			if (setm) {
1483
				chmod(sun.sun_path, sun_mode);
1484
			}
1485
			if ((st == SOCK_STREAM || st == SOCK_SEQPACKET) && listen(sfd, -1) == -1) {
1486
				close(sfd);
1487
				return;
1488
			}
1489
		} else if (connect(sfd, (struct sockaddr *)&sun, (socklen_t) sizeof sun) == -1) {
1490
			close(sfd);
1491
			return;
1492
		}
1493

1494
		val = launch_data_new_fd(sfd);
1495
		launch_data_array_append(fdarray, val);
1496
	} else {
1497
		launch_data_t rnames = NULL;
1498
		const char *node = NULL, *serv = NULL, *mgroup = NULL;
1499
		char servnbuf[50];
1500
		struct addrinfo hints, *res0, *res;
1501
		int gerr, sock_opt = 1;
1502

1503
		memset(&hints, 0, sizeof(hints));
1504

1505
		hints.ai_socktype = st;
1506
		if (passive) {
1507
			hints.ai_flags |= AI_PASSIVE;
1508
		}
1509

1510
		if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_NODENAME))) {
1511
			node = launch_data_get_string(val);
1512
		}
1513
		if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_MULTICASTGROUP))) {
1514
			mgroup = launch_data_get_string(val);
1515
		}
1516
		if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_SERVICENAME))) {
1517
			if (LAUNCH_DATA_INTEGER == launch_data_get_type(val)) {
1518
				sprintf(servnbuf, "%lld", launch_data_get_integer(val));
1519
				serv = servnbuf;
1520
			} else {
1521
				serv = launch_data_get_string(val);
1522
			}
1523
		}
1524
		if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_FAMILY))) {
1525
			if (!strcasecmp("IPv4", launch_data_get_string(val))) {
1526
				hints.ai_family = AF_INET;
1527
			} else if (!strcasecmp("IPv6", launch_data_get_string(val))) {
1528
				hints.ai_family = AF_INET6;
1529
			}
1530
		}
1531
		if ((val = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_PROTOCOL))) {
1532
			if (!strcasecmp("TCP", launch_data_get_string(val))) {
1533
				hints.ai_protocol = IPPROTO_TCP;
1534
			} else if (!strcasecmp("UDP", launch_data_get_string(val))) {
1535
				hints.ai_protocol = IPPROTO_UDP;
1536
			}
1537
		}
1538
		if ((rnames = launch_data_dict_lookup(tmp, LAUNCH_JOBSOCKETKEY_BONJOUR))) {
1539
			if (LAUNCH_DATA_BOOL != launch_data_get_type(rnames) || launch_data_get_bool(rnames)) {
1540
				launch_data_t newevent;
1541
				char eventkey[100];
1542

1543
				newevent = launch_data_copy(tmp);
1544
				snprintf(eventkey, sizeof(eventkey), "com.apple.launchd.%s", key);
1545
				insert_event(thejob, "com.apple.bonjour.registration", eventkey, newevent);
1546
			}
1547
		}
1548

1549
		if ((gerr = getaddrinfo(node, serv, &hints, &res0)) != 0) {
1550
			launchctl_log(LOG_ERR, "getaddrinfo(): %s", gai_strerror(gerr));
1551
			return;
1552
		}
1553

1554
		for (res = res0; res; res = res->ai_next) {
1555
			if ((sfd = _fd(socket(res->ai_family, res->ai_socktype, res->ai_protocol))) == -1) {
1556
				launchctl_log(LOG_ERR, "socket(): %s", strerror(errno));
1557
				return;
1558
			}
1559

1560
			do_application_firewall_magic(sfd, thejob);
1561

1562
			if (hints.ai_flags & AI_PASSIVE) {
1563
				if (AF_INET6 == res->ai_family && -1 == setsockopt(sfd, IPPROTO_IPV6, IPV6_V6ONLY,
1564
							(void *)&sock_opt, (socklen_t) sizeof sock_opt)) {
1565
					launchctl_log(LOG_ERR, "setsockopt(IPV6_V6ONLY): %m");
1566
					return;
1567
				}
1568
				if (mgroup) {
1569
					if (setsockopt(sfd, SOL_SOCKET, SO_REUSEPORT, (void *)&sock_opt, (socklen_t) sizeof sock_opt) == -1) {
1570
						launchctl_log(LOG_ERR, "setsockopt(SO_REUSEPORT): %s", strerror(errno));
1571
						return;
1572
					}
1573
				} else {
1574
					if (setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, (void *)&sock_opt, (socklen_t) sizeof sock_opt) == -1) {
1575
						launchctl_log(LOG_ERR, "setsockopt(SO_REUSEADDR): %s", strerror(errno));
1576
						return;
1577
					}
1578
				}
1579
				if (bind(sfd, res->ai_addr, res->ai_addrlen) == -1) {
1580
					launchctl_log(LOG_ERR, "bind(): %s", strerror(errno));
1581
					return;
1582
				}
1583
				/* The kernel may have dynamically assigned some part of the
1584
				 * address. (The port being a common example.)
1585
				 */
1586
				if (getsockname(sfd, res->ai_addr, &res->ai_addrlen) == -1) {
1587
					launchctl_log(LOG_ERR, "getsockname(): %s", strerror(errno));
1588
					return;
1589
				}
1590

1591
				if (mgroup) {
1592
					do_mgroup_join(sfd, res->ai_family, res->ai_socktype, res->ai_protocol, mgroup);
1593
				}
1594
				if ((res->ai_socktype == SOCK_STREAM || res->ai_socktype == SOCK_SEQPACKET) && listen(sfd, -1) == -1) {
1595
					launchctl_log(LOG_ERR, "listen(): %s", strerror(errno));
1596
					return;
1597
				}
1598
			} else {
1599
				if (connect(sfd, res->ai_addr, res->ai_addrlen) == -1) {
1600
					launchctl_log(LOG_ERR, "connect(): %s", strerror(errno));
1601
					return;
1602
				}
1603
			}
1604
			val = launch_data_new_fd(sfd);
1605
			launch_data_array_append(fdarray, val);
1606
		}
1607
	}
1608
}
1609

1610
void
1611
distill_fsevents(launch_data_t id_plist)
1612
{
1613
	launch_data_t copy, newevent;
1614
	launch_data_t tmp, tmp2;
1615

1616
	if ((tmp = launch_data_dict_lookup(id_plist, LAUNCH_JOBKEY_QUEUEDIRECTORIES))) {
1617
		copy = launch_data_copy(tmp);
1618
		(void)launch_data_dict_remove(id_plist, LAUNCH_JOBKEY_QUEUEDIRECTORIES);
1619

1620
		newevent = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
1621
		launch_data_dict_insert(newevent, copy, LAUNCH_JOBKEY_QUEUEDIRECTORIES);
1622
		insert_event(id_plist, "com.apple.fsevents.matching", "com.apple.launchd." LAUNCH_JOBKEY_QUEUEDIRECTORIES, newevent);
1623
	}
1624

1625
	if ((tmp = launch_data_dict_lookup(id_plist, LAUNCH_JOBKEY_WATCHPATHS))) {
1626
		copy = launch_data_copy(tmp);
1627
		(void)launch_data_dict_remove(id_plist, LAUNCH_JOBKEY_WATCHPATHS);
1628

1629
		newevent = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
1630
		launch_data_dict_insert(newevent, copy, LAUNCH_JOBKEY_WATCHPATHS);
1631
		insert_event(id_plist, "com.apple.fsevents.matching", "com.apple.launchd." LAUNCH_JOBKEY_WATCHPATHS, newevent);
1632
	}
1633

1634
	if ((tmp = launch_data_dict_lookup(id_plist, LAUNCH_JOBKEY_KEEPALIVE))) {
1635
		if ((tmp2 = launch_data_dict_lookup(tmp, LAUNCH_JOBKEY_KEEPALIVE_PATHSTATE))) {
1636
			copy = launch_data_copy(tmp2);
1637
			(void)launch_data_dict_remove(tmp, LAUNCH_JOBKEY_KEEPALIVE_PATHSTATE);
1638

1639
			newevent = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
1640
			launch_data_dict_insert(newevent, copy, LAUNCH_JOBKEY_KEEPALIVE_PATHSTATE);
1641
			insert_event(id_plist, "com.apple.fsevents.matching", "com.apple.launchd." LAUNCH_JOBKEY_KEEPALIVE_PATHSTATE, newevent);
1642
		}
1643
	}
1644
}
1645

1646
void
1647
do_mgroup_join(int fd, int family, int socktype, int protocol, const char *mgroup)
1648
{
1649
	struct addrinfo hints, *res0, *res;
1650
	struct ip_mreq mreq;
1651
	struct ipv6_mreq m6req;
1652
	int gerr;
1653

1654
	memset(&hints, 0, sizeof(hints));
1655

1656
	hints.ai_flags |= AI_PASSIVE;
1657
	hints.ai_family = family;
1658
	hints.ai_socktype = socktype;
1659
	hints.ai_protocol = protocol;
1660

1661
	if ((gerr = getaddrinfo(mgroup, NULL, &hints, &res0)) != 0) {
1662
		launchctl_log(LOG_ERR, "getaddrinfo(): %s", gai_strerror(gerr));
1663
		return;
1664
	}
1665

1666
	for (res = res0; res; res = res->ai_next) {
1667
		if (AF_INET == family) {
1668
			memset(&mreq, 0, sizeof(mreq));
1669
			mreq.imr_multiaddr = ((struct sockaddr_in *)res->ai_addr)->sin_addr;
1670
			if (setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, (socklen_t) sizeof mreq) == -1) {
1671
				launchctl_log(LOG_ERR, "setsockopt(IP_ADD_MEMBERSHIP): %s", strerror(errno));
1672
				continue;
1673
			}
1674
			break;
1675
		} else if (AF_INET6 == family) {
1676
			memset(&m6req, 0, sizeof(m6req));
1677
			m6req.ipv6mr_multiaddr = ((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
1678
			if (setsockopt(fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &m6req, (socklen_t) sizeof m6req) == -1) {
1679
				launchctl_log(LOG_ERR, "setsockopt(IPV6_JOIN_GROUP): %s", strerror(errno));
1680
				continue;
1681
			}
1682
			break;
1683
		} else {
1684
			launchctl_log(LOG_ERR, "unknown family during multicast group bind!");
1685
			break;
1686
		}
1687
	}
1688

1689
	freeaddrinfo(res0);
1690
}
1691

1692
#pragma mark XPC Cache
1693

1694
#if TARGET_OS_EMBEDDED
1695

1696
CFPropertyListRef
1697
GetPropertyListFromCache(void)
1698
{
1699
	static CFPropertyListRef propertyList;
1700
	CFDataRef cacheData;
1701
	CFErrorRef error;
1702

1703
	if (!propertyList) {
1704
		uint8_t *data = NULL;
1705
		unsigned long sz = 0;
1706

1707
		void *handle = dlopen(XPC_PLIST_CACHE, RTLD_NOW);
1708

1709
		if (handle) {
1710
			void *fnptr = dlsym(handle, "__xpcd_cache");
1711

1712
			if (fnptr) {
1713
				Dl_info image_info;
1714

1715
				int rv = dladdr(fnptr, &image_info);
1716
				if (rv != 0) {
1717
					data = getsectiondata(image_info.dli_fbase, "__TEXT", "__xpcd_cache", &sz);
1718
				} else {
1719
					launchctl_log(LOG_ERR, "cache loading failed: failed to find address of __xpcd_cache symbol.");
1720
				}
1721
			} else {
1722
				launchctl_log(LOG_ERR, "cache loading failed: failed to find __xpcd_cache symbol in cache.");
1723
			}
1724
		} else {
1725
			launchctl_log(LOG_ERR, "cache loading failed: dlopen returned %s.", dlerror());
1726
		}
1727

1728
		if (data) {
1729
			cacheData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, data, sz, kCFAllocatorNull);
1730
			if (cacheData) {
1731
				propertyList = CFPropertyListCreateWithData(kCFAllocatorDefault, cacheData, kCFPropertyListMutableContainersAndLeaves, NULL, &error);
1732
				CFRelease(cacheData);
1733
			} else {
1734
				launchctl_log(LOG_ERR, "cache loading failed: unable to create data out of memory region.");
1735
			}
1736
		} else {
1737
			launchctl_log(LOG_ERR, "cache loading failed: no cache data found in __TEXT,__xpcd_cache segment.");
1738
		}
1739
	}
1740

1741
	return propertyList;
1742
}
1743

1744
CFPropertyListRef
1745
CreateMyPropertyListFromCachedFile(const char *posixfile)
1746
{
1747
	CFPropertyListRef cache = GetPropertyListFromCache();
1748
	CFPropertyListRef job = NULL;
1749

1750
	if (cache) {
1751
		CFPropertyListRef jobs = CFDictionaryGetValue(cache, CFSTR(XPC_PLIST_CACHE_KEY));
1752

1753
		if (jobs) {
1754
			CFStringRef key = CFStringCreateWithCStringNoCopy(kCFAllocatorDefault, posixfile, kCFStringEncodingUTF8, kCFAllocatorNull);
1755

1756
			if (key) {
1757
				job = CFDictionaryGetValue(jobs, key);
1758
				CFRelease(key);
1759
			}
1760
		}
1761
	}
1762

1763
	if (job) {
1764
		CFRetain(job);
1765
	}
1766
	return job;
1767
}
1768

1769
bool
1770
require_jobs_from_cache(void)
1771
{
1772
	char buf[1024];
1773
	size_t len;
1774
	char *ptr;
1775
	unsigned long val;
1776
	bool cs_disabled = false;
1777
	len = sizeof(buf);
1778

1779
	if (sysctlbyname("kern.bootargs", buf, &len, NULL, 0) == 0) {
1780
		ptr = strnstr(buf, "cs_enforcement_disable=", len);
1781
		if (ptr != NULL) {
1782
			val = strtoul(ptr + strlen("cs_enforcement_disable="), NULL, 10);
1783
			cs_disabled = (val != 0);
1784
		}
1785
		ptr = strnstr(buf, "launchctl_enforce_codesign=", len);
1786
		if (ptr != NULL) {
1787
			char *endptr = NULL;
1788
			char *startptr = ptr + strlen("launchctl_enforce_codesign=");
1789
			val = strtoul(startptr, &endptr, 10);
1790
			cs_disabled = (val == 0 && startptr != endptr);
1791
		}
1792
	}
1793

1794
	return !cs_disabled;
1795
}
1796

1797
#endif
1798

1799
#pragma mark File-based Property Lists
1800

1801
CFPropertyListRef
1802
CreateMyPropertyListFromFile(const char *posixfile)
1803
{
1804
	CFPropertyListRef propertyList;
1805
	CFStringRef       errorString;
1806
	CFDataRef         resourceData;
1807
	SInt32            errorCode;
1808
	CFURLRef          fileURL;
1809

1810
	fileURL = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (const UInt8 *)posixfile, strlen(posixfile), false);
1811
	if (!fileURL) {
1812
		launchctl_log(LOG_ERR, "%s: CFURLCreateFromFileSystemRepresentation(%s) failed", getprogname(), posixfile);
1813
	}
1814
	if (!CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault, fileURL, &resourceData, NULL, NULL, &errorCode)) {
1815
		launchctl_log(LOG_ERR, "%s: CFURLCreateDataAndPropertiesFromResource(%s) failed: %d", getprogname(), posixfile, (int)errorCode);
1816
	}
1817

1818
	propertyList = CFPropertyListCreateFromXMLData(kCFAllocatorDefault, resourceData, kCFPropertyListMutableContainersAndLeaves, &errorString);
1819
	if (fileURL) {
1820
		CFRelease(fileURL);
1821
	}
1822

1823
	if (resourceData) {
1824
		CFRelease(resourceData);
1825
	}
1826

1827
	return propertyList;
1828
}
1829

1830
void
1831
WriteMyPropertyListToFile(CFPropertyListRef plist, const char *posixfile)
1832
{
1833
	CFDataRef	resourceData;
1834
	CFURLRef	fileURL;
1835
	SInt32		errorCode;
1836

1837
	fileURL = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (const UInt8 *)posixfile, strlen(posixfile), false);
1838
	if (!fileURL) {
1839
		launchctl_log(LOG_ERR, "%s: CFURLCreateFromFileSystemRepresentation(%s) failed", getprogname(), posixfile);
1840
	}
1841
	resourceData = CFPropertyListCreateXMLData(kCFAllocatorDefault, plist);
1842
	if (resourceData == NULL) {
1843
		launchctl_log(LOG_ERR, "%s: CFPropertyListCreateXMLData(%s) failed", getprogname(), posixfile);
1844
	}
1845
	if (!CFURLWriteDataAndPropertiesToResource(fileURL, resourceData, NULL, &errorCode)) {
1846
		launchctl_log(LOG_ERR, "%s: CFURLWriteDataAndPropertiesToResource(%s) failed: %d", getprogname(), posixfile, (int)errorCode);
1847
	}
1848

1849
	if (resourceData) {
1850
		CFRelease(resourceData);
1851
	}
1852
}
1853

1854
static inline Boolean
1855
_is_launch_data_t(launch_data_t obj)
1856
{
1857
	Boolean result = true;
1858

1859
	switch (launch_data_get_type(obj)) {
1860
		case LAUNCH_DATA_STRING		: break;
1861
		case LAUNCH_DATA_INTEGER	: break;
1862
		case LAUNCH_DATA_REAL		: break;
1863
		case LAUNCH_DATA_BOOL		: break;
1864
		case LAUNCH_DATA_ARRAY		: break;
1865
		case LAUNCH_DATA_DICTIONARY	: break;
1866
		case LAUNCH_DATA_FD 		: break;
1867
		case LAUNCH_DATA_MACHPORT	: break;
1868
		default						: result = false;
1869
	}
1870

1871
	return result;
1872
}
1873

1874
static void
1875
_launch_data_iterate(launch_data_t obj, const char *key, CFMutableDictionaryRef dict)
1876
{
1877
	if (obj && _is_launch_data_t(obj)) {
1878
		CFStringRef cfKey = CFStringCreateWithCString(NULL, key, kCFStringEncodingUTF8);
1879
		CFTypeRef cfVal = CFTypeCreateFromLaunchData(obj);
1880

1881
		if (cfVal) {
1882
			CFDictionarySetValue(dict, cfKey, cfVal);
1883
			CFRelease(cfVal);
1884
		}
1885
		CFRelease(cfKey);
1886
	}
1887
}
1888

1889
static CFTypeRef
1890
CFTypeCreateFromLaunchData(launch_data_t obj)
1891
{
1892
	CFTypeRef cfObj = NULL;
1893

1894
	switch (launch_data_get_type(obj)) {
1895
	case LAUNCH_DATA_STRING: {
1896
		const char *str = launch_data_get_string(obj);
1897
		cfObj = CFStringCreateWithCString(NULL, str, kCFStringEncodingUTF8);
1898
		break;
1899
	}
1900
	case LAUNCH_DATA_INTEGER: {
1901
		long long integer = launch_data_get_integer(obj);
1902
		cfObj = CFNumberCreate(NULL, kCFNumberLongLongType, &integer);
1903
		break;
1904
	}
1905
	case LAUNCH_DATA_REAL: {
1906
		double real = launch_data_get_real(obj);
1907
		cfObj = CFNumberCreate(NULL, kCFNumberDoubleType, &real);
1908
		break;
1909
	}
1910
	case LAUNCH_DATA_BOOL: {
1911
		bool yesno = launch_data_get_bool(obj);
1912
		cfObj = yesno ? kCFBooleanTrue : kCFBooleanFalse;
1913
		break;
1914
	}
1915
	case LAUNCH_DATA_ARRAY: {
1916
		cfObj = (CFTypeRef)CFArrayCreateFromLaunchArray(obj);
1917
		break;
1918
	}
1919
	case LAUNCH_DATA_DICTIONARY: {
1920
		cfObj = (CFTypeRef)CFDictionaryCreateFromLaunchDictionary(obj);
1921
		break;
1922
	}
1923
	case LAUNCH_DATA_FD: {
1924
		int fd = launch_data_get_fd(obj);
1925
		cfObj = CFNumberCreate(NULL, kCFNumberIntType, &fd);
1926
		break;
1927
	}
1928
	case LAUNCH_DATA_MACHPORT: {
1929
		mach_port_t port = launch_data_get_machport(obj);
1930
		cfObj = CFNumberCreate(NULL, kCFNumberIntType, &port);
1931
		break;
1932
	}
1933
	default:
1934
		break;
1935
	}
1936

1937
	return cfObj;
1938
}
1939

1940
#pragma mark CFArray
1941
static CFArrayRef
1942
CFArrayCreateFromLaunchArray(launch_data_t arr)
1943
{
1944
	CFArrayRef result = NULL;
1945
	CFMutableArrayRef mutResult = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
1946

1947
	if (launch_data_get_type(arr) == LAUNCH_DATA_ARRAY) {
1948
		unsigned int count = launch_data_array_get_count(arr);
1949
		unsigned int i = 0;
1950

1951
		for (i = 0; i < count; i++) {
1952
			launch_data_t launch_obj = launch_data_array_get_index(arr, i);
1953
			CFTypeRef obj = CFTypeCreateFromLaunchData(launch_obj);
1954

1955
			if (obj) {
1956
				CFArrayAppendValue(mutResult, obj);
1957
				CFRelease(obj);
1958
			}
1959
		}
1960

1961
		result = CFArrayCreateCopy(NULL, mutResult);
1962
	}
1963

1964
	if (mutResult) {
1965
		CFRelease(mutResult);
1966
	}
1967
	return result;
1968
}
1969

1970
#pragma mark CFDictionary / CFPropertyList
1971
static CFDictionaryRef
1972
CFDictionaryCreateFromLaunchDictionary(launch_data_t dict)
1973
{
1974
	CFDictionaryRef result = NULL;
1975

1976
	if (launch_data_get_type(dict) == LAUNCH_DATA_DICTIONARY) {
1977
		CFMutableDictionaryRef mutResult = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
1978

1979
		launch_data_dict_iterate(dict, (void (*)(launch_data_t, const char *, void *))_launch_data_iterate, mutResult);
1980

1981
		result = CFDictionaryCreateCopy(NULL, mutResult);
1982
		CFRelease(mutResult);
1983
	}
1984

1985
	return result;
1986
}
1987

1988
void
1989
myCFDictionaryApplyFunction(const void *key, const void *value, void *context)
1990
{
1991
	launch_data_t ik, iw, where = context;
1992

1993
	ik = CF2launch_data(key);
1994
	iw = CF2launch_data(value);
1995

1996
	launch_data_dict_insert(where, iw, launch_data_get_string(ik));
1997
	launch_data_free(ik);
1998
}
1999

2000
launch_data_t
2001
CF2launch_data(CFTypeRef cfr)
2002
{
2003
	launch_data_t r;
2004
	CFTypeID cft = CFGetTypeID(cfr);
2005

2006
	if (cft == CFStringGetTypeID()) {
2007
		char buf[4096];
2008
		CFStringGetCString(cfr, buf, sizeof(buf), kCFStringEncodingUTF8);
2009
		r = launch_data_alloc(LAUNCH_DATA_STRING);
2010
		launch_data_set_string(r, buf);
2011
	} else if (cft == CFBooleanGetTypeID()) {
2012
		r = launch_data_alloc(LAUNCH_DATA_BOOL);
2013
		launch_data_set_bool(r, CFBooleanGetValue(cfr));
2014
	} else if (cft == CFArrayGetTypeID()) {
2015
		CFIndex i, ac = CFArrayGetCount(cfr);
2016
		r = launch_data_alloc(LAUNCH_DATA_ARRAY);
2017
		for (i = 0; i < ac; i++) {
2018
			CFTypeRef v = CFArrayGetValueAtIndex(cfr, i);
2019
			if (v) {
2020
				launch_data_t iv = CF2launch_data(v);
2021
				launch_data_array_set_index(r, iv, i);
2022
			}
2023
		}
2024
	} else if (cft == CFDictionaryGetTypeID()) {
2025
		r = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
2026
		CFDictionaryApplyFunction(cfr, myCFDictionaryApplyFunction, r);
2027
	} else if (cft == CFDataGetTypeID()) {
2028
		r = launch_data_alloc(LAUNCH_DATA_OPAQUE);
2029
		launch_data_set_opaque(r, CFDataGetBytePtr(cfr), CFDataGetLength(cfr));
2030
	} else if (cft == CFNumberGetTypeID()) {
2031
		long long n;
2032
		double d;
2033
		CFNumberType cfnt = CFNumberGetType(cfr);
2034
		switch (cfnt) {
2035
		case kCFNumberSInt8Type:
2036
		case kCFNumberSInt16Type:
2037
		case kCFNumberSInt32Type:
2038
		case kCFNumberSInt64Type:
2039
		case kCFNumberCharType:
2040
		case kCFNumberShortType:
2041
		case kCFNumberIntType:
2042
		case kCFNumberLongType:
2043
		case kCFNumberLongLongType:
2044
			CFNumberGetValue(cfr, kCFNumberLongLongType, &n);
2045
			r = launch_data_alloc(LAUNCH_DATA_INTEGER);
2046
			launch_data_set_integer(r, n);
2047
			break;
2048
		case kCFNumberFloat32Type:
2049
		case kCFNumberFloat64Type:
2050
		case kCFNumberFloatType:
2051
		case kCFNumberDoubleType:
2052
			CFNumberGetValue(cfr, kCFNumberDoubleType, &d);
2053
			r = launch_data_alloc(LAUNCH_DATA_REAL);
2054
			launch_data_set_real(r, d);
2055
			break;
2056
		default:
2057
			r = NULL;
2058
			break;
2059
		}
2060
	} else {
2061
		r = NULL;
2062
	}
2063
	return r;
2064
}
2065

2066
int
2067
help_cmd(int argc, char *const argv[])
2068
{
2069
	size_t i, l, cmdwidth = 0;
2070

2071
	int level = LOG_NOTICE;
2072
	if (argc == 0 || argv == NULL) {
2073
		level = LOG_ERR;
2074
	}
2075

2076
	launchctl_log(level, "usage: %s <subcommand>", getprogname());
2077

2078
	for (i = 0; i < (sizeof cmds / sizeof cmds[0]); i++) {
2079
		l = strlen(cmds[i].name);
2080
		if (l > cmdwidth) {
2081
			cmdwidth = l;
2082
		}
2083
	}
2084

2085
	for (i = 0; i < (sizeof cmds / sizeof cmds[0]); i++) {
2086
		launchctl_log(level, "\t%-*s\t%s", (int)cmdwidth, cmds[i].name, cmds[i].desc);
2087
	}
2088

2089
	return 0;
2090
}
2091

2092
int
2093
exit_cmd(int argc __attribute__((unused)), char *const argv[] __attribute__((unused)))
2094
{
2095
	exit(0);
2096
}
2097

2098
int
2099
_fd(int fd)
2100
{
2101
	if (fd >= 0)
2102
		fcntl(fd, F_SETFD, 1);
2103
	return fd;
2104
}
2105

2106
void
2107
do_single_user_mode(bool sflag)
2108
{
2109
	if (sflag) {
2110
		while (!do_single_user_mode2()) {
2111
			sleep(1);
2112
		}
2113
	}
2114
}
2115

2116
bool
2117
do_single_user_mode2(void)
2118
{
2119
	bool runcom_fsck = true; /* should_fsck(); */
2120
	int wstatus;
2121
	int fd;
2122
	pid_t p;
2123

2124
	switch ((p = fork())) {
2125
	case -1:
2126
		syslog(LOG_ERR, "can't fork single-user shell, trying again: %m");
2127
		return false;
2128
	case 0:
2129
		break;
2130
	default:
2131
		(void)os_assumes_zero(waitpid(p, &wstatus, 0));
2132
		if (WIFEXITED(wstatus)) {
2133
			if (WEXITSTATUS(wstatus) == EXIT_SUCCESS) {
2134
				return true;
2135
			} else {
2136
				launchctl_log(LOG_NOTICE, "single user mode: exit status: %d", WEXITSTATUS(wstatus));
2137
			}
2138
		} else {
2139
			launchctl_log(LOG_NOTICE, "single user mode shell: %s", strsignal(WTERMSIG(wstatus)));
2140
		}
2141
		return false;
2142
	}
2143

2144
	revoke(_PATH_CONSOLE);
2145
	if (posix_assumes_zero((fd = open(_PATH_CONSOLE, O_RDWR))) == -1) {
2146
		_exit(EXIT_FAILURE);
2147
	}
2148
	if (posix_assumes_zero(login_tty(fd)) == -1) {
2149
		_exit(EXIT_FAILURE);
2150
	}
2151

2152
	mach_timespec_t wt = { 5, 0 };
2153
	IOKitWaitQuiet(kIOMasterPortDefault, &wt); /* This will hopefully return after all the kexts have shut up. */
2154

2155
	setenv("TERM", "vt100", 1);
2156
	if (runcom_fsck) {
2157
		fprintf(stdout, "Singleuser boot -- fsck not done\n");
2158
		fprintf(stdout, "Root device is mounted read-only\n");
2159
		fprintf(stdout, "If you want to make modifications to files:\n");
2160
		fprintf(stdout, "\t/sbin/fsck -fy\n\t/sbin/mount -uw /\n");
2161
		fprintf(stdout, "If you wish to boot the system:\n");
2162
		fprintf(stdout, "\texit\n");
2163
		fflush(stdout);
2164
	}
2165

2166
	execl(_PATH_BSHELL, "-sh", NULL);
2167
	fprintf(stderr, "can't exec %s for single user: %m\n", _PATH_BSHELL);
2168
	_exit(EXIT_FAILURE);
2169
}
2170

2171
void
2172
do_crash_debug_mode(void)
2173
{
2174
	while (!do_crash_debug_mode2()) {
2175
		sleep(1);
2176
	}
2177
}
2178

2179
bool
2180
do_crash_debug_mode2(void)
2181
{
2182
	int wstatus;
2183
	int fd;
2184
	pid_t p;
2185

2186
	switch ((p = fork())) {
2187
	case -1:
2188
		syslog(LOG_ERR, "can't fork crash debug shell, trying again: %m");
2189
		return false;
2190
	case 0:
2191
		break;
2192
	default:
2193
		(void)os_assumes_zero(waitpid(p, &wstatus, 0));
2194
		if (WIFEXITED(wstatus)) {
2195
			if (WEXITSTATUS(wstatus) == EXIT_SUCCESS) {
2196
				return true;
2197
			} else {
2198
				launchctl_log(LOG_NOTICE, "crash debug mode: exit status: %d", WEXITSTATUS(wstatus));
2199
			}
2200
		} else {
2201
			launchctl_log(LOG_NOTICE, "crash debug mode shell: %s", strsignal(WTERMSIG(wstatus)));
2202
		}
2203
		return false;
2204
	}
2205

2206
	revoke(_PATH_CONSOLE);
2207
	if (posix_assumes_zero((fd = open(_PATH_CONSOLE, O_RDWR))) == -1) {
2208
		_exit(EXIT_FAILURE);
2209
	}
2210
	if (posix_assumes_zero(login_tty(fd)) == -1) {
2211
		_exit(EXIT_FAILURE);
2212
	}
2213

2214
	/* The idea is to wait until all the kexts have quiesced to prevent a bunch
2215
	 * of log messages from being slammed onto the console prompt. It mostly
2216
	 * works.
2217
	 */
2218
	mach_timespec_t wt = { 5, 0 };
2219
	IOKitWaitQuiet(kIOMasterPortDefault, &wt);
2220

2221
	setenv("TERM", "vt100", 1);
2222
	fprintf(stdout, "Entering boot-time debugging mode...\n");
2223
	fprintf(stdout, "The system bootstrapper process has crashed. To debug:\n");
2224
	fprintf(stdout, "\tgdb attach %i\n", getppid());
2225
	fprintf(stdout, "You can try booting the system with:\n");
2226
	fprintf(stdout, "\tlaunchctl load -S System -D All\n");
2227

2228
	execl(_PATH_BSHELL, "-sh", NULL);
2229
	fprintf(stderr, "can't exec %s for crash debug: %m\n", _PATH_BSHELL);
2230
	_exit(EXIT_FAILURE);
2231
}
2232

2233
static void
2234
exit_at_sigterm(int sig)
2235
{
2236
	if (sig == SIGTERM) {
2237
		_exit(EXIT_SUCCESS);
2238
	}
2239
}
2240

2241
void
2242
fatal_signal_handler(int sig __attribute__((unused)), siginfo_t *si __attribute__((unused)), void *uap __attribute__((unused)))
2243
{
2244
	do_crash_debug_mode();
2245
}
2246

2247
void
2248
handle_system_bootstrapper_crashes_separately(void)
2249
{
2250
	if (!_launchctl_startup_debugging) {
2251
		return;
2252
	}
2253

2254
	fprintf(stdout, "com.apple.launchctl.System\t\t\t*** Handling system bootstrapper crashes separately. ***\n");
2255
	struct sigaction fsa;
2256

2257
	fsa.sa_sigaction = fatal_signal_handler;
2258
	fsa.sa_flags = SA_SIGINFO;
2259
	sigemptyset(&fsa.sa_mask);
2260

2261
	(void)posix_assumes_zero(sigaction(SIGILL, &fsa, NULL));
2262
	(void)posix_assumes_zero(sigaction(SIGFPE, &fsa, NULL));
2263
	(void)posix_assumes_zero(sigaction(SIGBUS, &fsa, NULL));
2264
	(void)posix_assumes_zero(sigaction(SIGTRAP, &fsa, NULL));
2265
	(void)posix_assumes_zero(sigaction(SIGABRT, &fsa, NULL));
2266
}
2267

2268
#if TARGET_OS_EMBEDDED
2269
static void
2270
init_data_protection(void)
2271
{
2272
	if (path_check("/usr/libexec/init_data_protection")) {
2273
		const char *init_cp[] = { "/usr/libexec/init_data_protection", NULL };
2274
		if (fwexec(init_cp, NULL) == -1) {
2275
			launchctl_log(LOG_ERR, "Couldn't init content protection: %d: %s", errno, strerror(errno));
2276
			(void)reboot(RB_HALT);
2277

2278
			_exit(EXIT_FAILURE);
2279
		}
2280
	}
2281
}
2282
#endif
2283

2284
static void
2285
system_specific_bootstrap(bool sflag)
2286
{
2287
	int hnmib[] = { CTL_KERN, KERN_HOSTNAME };
2288
	struct kevent kev;
2289
	int kq;
2290
#if HAVE_LIBAUDITD
2291
	launch_data_t lda, ldb;
2292
#endif
2293

2294
	handle_system_bootstrapper_crashes_separately();
2295

2296
	// Disable Libinfo lookups to mdns and ds while bootstrapping (8698260)
2297
	si_search_module_set_flags("mdns", 1);
2298
	si_search_module_set_flags("ds", 1);
2299

2300
	/* rc.cdrom's hack to load the system means that we're not the real system
2301
	 * bootstrapper. So we set this environment variable, and if the real
2302
	 * bootstrapper detects it, it will disable lookups to mDNSResponder and
2303
	 * opendirectoryd to prevent deadlocks at boot.
2304
	 *
2305
	 * See <rdar://problem/9877230>.
2306
	 */
2307
	(void)setenv(LAUNCH_ENV_BOOTSTRAPPINGSYSTEM, "1", 1);
2308

2309
	do_sysversion_sysctl();
2310

2311
	do_single_user_mode(sflag);
2312

2313
	(void)posix_assumes_zero(kq = kqueue());
2314
	EV_SET(&kev, 0, EVFILT_TIMER, EV_ADD|EV_ONESHOT, NOTE_SECONDS, 60, 0);
2315
	(void)posix_assumes_zero(kevent(kq, &kev, 1, NULL, 0, NULL));
2316

2317
	__OS_COMPILETIME_ASSERT__(SIG_ERR == (typeof(SIG_ERR))-1);
2318
	EV_SET(&kev, SIGTERM, EVFILT_SIGNAL, EV_ADD, 0, 0, 0);
2319
	(void)posix_assumes_zero(kevent(kq, &kev, 1, NULL, 0, NULL));
2320
	(void)posix_assumes_zero(signal(SIGTERM, SIG_IGN));
2321
	(void)posix_assumes_zero(sysctl(hnmib, 2, NULL, NULL, "localhost", sizeof("localhost")));
2322

2323
	loopback_setup_ipv4();
2324
	loopback_setup_ipv6();
2325

2326
	apply_sysctls_from_file("/etc/sysctl.conf");
2327

2328
#if TARGET_OS_EMBEDDED
2329
	if (path_check("/etc/rc.boot")) {
2330
		const char *rcboot_tool[] = { "/etc/rc.boot", NULL };
2331

2332
		(void)posix_assumes_zero(signal(SIGTERM, exit_at_sigterm));
2333
		(void)posix_assumes_zero(fwexec(rcboot_tool, NULL));
2334
	}
2335
#endif
2336

2337
	if (path_check("/etc/rc.cdrom")) {
2338
		const char *rccdrom_tool[] = { _PATH_BSHELL, "/etc/rc.cdrom", "multiuser", NULL };
2339

2340
		/* The bootstrapper should always be killable during install-time. This
2341
		 * is a special case for /etc/rc.cdrom, which runs a process and never
2342
		 * exits.
2343
		 *
2344
		 * <rdar://problem/6103485>
2345
		 */
2346
		(void)posix_assumes_zero(signal(SIGTERM, exit_at_sigterm));
2347
		(void)posix_assumes_zero(fwexec(rccdrom_tool, NULL));
2348
		(void)reboot(RB_HALT);
2349
		_exit(EXIT_FAILURE);
2350
	} else if (is_netboot()) {
2351
		const char *rcnetboot_tool[] = { _PATH_BSHELL, "/etc/rc.netboot", "init", NULL };
2352
		if (posix_assumes_zero(fwexec(rcnetboot_tool, NULL)) == -1) {
2353
			(void)reboot(RB_HALT);
2354
			_exit(EXIT_FAILURE);
2355
		}
2356
	} else {
2357
		do_potential_fsck();
2358
	}
2359

2360
#if TARGET_OS_EMBEDDED
2361
	if (path_check("/usr/libexec/tzinit")) {
2362
		const char *tzinit_tool[] = { "/usr/libexec/tzinit", NULL };
2363
		(void)posix_assumes_zero(fwexec(tzinit_tool, NULL));
2364
	}
2365
#endif
2366

2367
#if TARGET_OS_EMBEDDED
2368
	if (path_check("/usr/libexec/FinishRestoreFromBackup")) {
2369
		const char *finish_restore[] = { "/usr/libexec/FinishRestoreFromBackup", NULL };
2370
		if (fwexec(finish_restore, NULL) == -1) {
2371
			launchctl_log(LOG_ERR, "Couldn't finish restore: %d: %s", errno, strerror(errno));
2372
			(void)reboot(RB_HALT);
2373

2374
			_exit(EXIT_FAILURE);
2375
		}
2376
	}
2377
#endif
2378

2379
	if (path_check("/usr/libexec/cc_fips_test")) {
2380
		const char *fips_tool[] = { "/usr/libexec/cc_fips_test", "-P", NULL };
2381
		if (fwexec(fips_tool, NULL) == -1) {
2382
			launchctl_log(LOG_ERR, "FIPS self check failure: %d: %s", errno, strerror(errno));
2383
			(void)reboot(RB_HALT);
2384

2385
			_exit(EXIT_FAILURE);
2386
		}
2387
	}
2388

2389
	if (path_check("/etc/rc.server")) {
2390
		const char *rcserver_tool[] = { _PATH_BSHELL, "/etc/rc.server", NULL };
2391
		(void)posix_assumes_zero(fwexec(rcserver_tool, NULL));
2392
	}
2393

2394
	read_launchd_conf();
2395

2396
	if (path_check("/var/account/acct")) {
2397
		(void)posix_assumes_zero(acct("/var/account/acct"));
2398
	}
2399

2400
#if !TARGET_OS_EMBEDDED
2401
	if (path_check("/etc/fstab")) {
2402
		const char *mount_tool[] = { "mount", "-vat", "nonfs", NULL };
2403
		(void)posix_assumes_zero(fwexec(mount_tool, NULL));
2404
	}
2405
#endif
2406

2407
	if (path_check("/etc/rc.installer_cleanup")) {
2408
		const char *rccleanup_tool[] = { _PATH_BSHELL, "/etc/rc.installer_cleanup", "multiuser", NULL };
2409
		(void)posix_assumes_zero(fwexec(rccleanup_tool, NULL));
2410
	}
2411

2412
	if (path_check("/etc/rc.deferred_install")) {
2413
		int status = 0;
2414
		const char *deferredinstall_tool[] = { _PATH_BSHELL, "/etc/rc.deferred_install", NULL };
2415
		if (posix_assumes_zero(fwexec(deferredinstall_tool, &status)) == 0) {
2416
			if (WEXITSTATUS(status) == EXIT_SUCCESS) {
2417
				if (_launchctl_apple_internal) {
2418
					launchctl_log(LOG_NOTICE, "Deferred install script completed successfully. Rebooting in 3 seconds...");
2419
					sleep(3);
2420
				}
2421

2422
				(void)remove(deferredinstall_tool[1]);
2423
				(void)reboot(RB_AUTOBOOT);
2424
				exit(EXIT_FAILURE);
2425
			} else {
2426
				launchctl_log(LOG_NOTICE, "Deferred install script exited with status %i. Continuing boot and hoping it'll work...", WEXITSTATUS(status));
2427
				(void)remove(deferredinstall_tool[1]);
2428
			}
2429
		}
2430
	}
2431

2432
	empty_dir(_PATH_VARRUN, NULL);
2433
	empty_dir(_PATH_TMP, NULL);
2434
	(void)remove(_PATH_NOLOGIN);
2435

2436
	if (path_check("/usr/libexec/dirhelper")) {
2437
		const char *dirhelper_tool[] = { "/usr/libexec/dirhelper", "-machineBoot", NULL };
2438
		(void)posix_assumes_zero(fwexec(dirhelper_tool, NULL));
2439
	}
2440

2441
	(void)posix_assumes_zero(touch_file(_PATH_UTMPX, DEFFILEMODE));
2442
#if !TARGET_OS_EMBEDDED
2443
	(void)posix_assumes_zero(touch_file(_PATH_VARRUN "/.systemStarterRunning", DEFFILEMODE));
2444
#endif
2445

2446
#if HAVE_LIBAUDITD
2447
	/* Only start auditing if not "Disabled" in auditd plist. */
2448
	if ((lda = read_plist_file(AUDITD_PLIST_FILE, false, false)) != NULL && ((ldb = launch_data_dict_lookup(lda, LAUNCH_JOBKEY_DISABLED)) == NULL || job_disabled_logic(ldb) == false)) {
2449
		(void)os_assumes_zero(audit_quick_start());
2450
		launch_data_free(lda);
2451
	}
2452
#else
2453
	if (path_check("/etc/security/rc.audit")) {
2454
		const char *audit_tool[] = { _PATH_BSHELL, "/etc/security/rc.audit", NULL };
2455
		(void)posix_assumes_zero(fwexec(audit_tool, NULL));
2456
	}
2457
#endif
2458

2459
#if HAVE_SYSTEMSTATS
2460
	systemstats_boot();
2461
#endif
2462

2463
	do_BootCache_magic(BOOTCACHE_START);
2464

2465
	preheat_page_cache_hack();
2466

2467
	_vproc_set_global_on_demand(true);
2468

2469
	char *load_launchd_items[] = { "load", "-D", "all", NULL };
2470
	int load_launchd_items_cnt = 3;
2471

2472
	if (is_safeboot()) {
2473
		load_launchd_items[2] = "system";
2474
	}
2475

2476
	(void)posix_assumes_zero(load_and_unload_cmd(load_launchd_items_cnt, load_launchd_items));
2477

2478
	/* See <rdar://problem/5066316>. */
2479
	if (!_launchctl_apple_internal) {
2480
		mach_timespec_t w = { 5, 0 };
2481
		IOKitWaitQuiet(kIOMasterPortDefault, &w);
2482
	}
2483

2484
	do_BootCache_magic(BOOTCACHE_TAG);
2485

2486
	do_bootroot_magic();
2487

2488
	_vproc_set_global_on_demand(false);
2489

2490
	(void)posix_assumes_zero(kevent(kq, NULL, 0, &kev, 1, NULL));
2491

2492
	/* warmd now handles cutting off the BootCache. We just kick it off. */
2493
	(void)close(kq);
2494
}
2495

2496
void
2497
do_BootCache_magic(BootCache_action_t what)
2498
{
2499
	const char *bcc_tool[] = { "/usr/sbin/BootCacheControl", NULL, NULL };
2500

2501
	if (is_safeboot() || !path_check(bcc_tool[0])) {
2502
		return;
2503
	}
2504

2505
	switch (what) {
2506
	case BOOTCACHE_START:
2507
		bcc_tool[1] = "start";
2508
		break;
2509
	case BOOTCACHE_TAG:
2510
		bcc_tool[1] = "tag";
2511
		break;
2512
	case BOOTCACHE_STOP:
2513
		bcc_tool[1] = "stop";
2514
		break;
2515
	}
2516

2517
	fwexec(bcc_tool, NULL);
2518
}
2519

2520
int
2521
bootstrap_cmd(int argc, char *const argv[])
2522
{
2523
	char *session = NULL;
2524
	bool sflag = false;
2525
	int ch;
2526

2527
	while ((ch = getopt(argc, argv, "sS:")) != -1) {
2528
		switch (ch) {
2529
		case 's':
2530
			sflag = true;
2531
			break;
2532
		case 'S':
2533
			session = optarg;
2534
			break;
2535
		case '?':
2536
		default:
2537
			break;
2538
		}
2539
	}
2540

2541
	optind = 1;
2542
	optreset = 1;
2543

2544
	if (!session) {
2545
		launchctl_log(LOG_ERR, "usage: %s bootstrap [-s] -S <session-type>", getprogname());
2546
		return 1;
2547
	}
2548

2549
	if (strcasecmp(session, "System") == 0) {
2550
		_launchctl_system_bootstrap = true;
2551
		system_specific_bootstrap(sflag);
2552
	} else {
2553
		char *load_launchd_items[] = {
2554
			"load",
2555
			"-S",
2556
			session,
2557
			"-D",
2558
			"all",
2559
			NULL,
2560
			NULL,
2561
			NULL,
2562
		};
2563
		size_t the_argc = 5;
2564

2565
		bool bootstrap_login_items = false;
2566
		if (strcasecmp(session, VPROCMGR_SESSION_AQUA) == 0) {
2567
			bootstrap_login_items = true;
2568
		} else if (strcasecmp(session, VPROCMGR_SESSION_BACKGROUND) == 0
2569
				   || strcasecmp(session, VPROCMGR_SESSION_LOGINWINDOW) == 0) {
2570
			/* If we're bootstrapping either the LoginWindow or Background
2571
			 * sessions, then we only load items from /System and /Library. We
2572
			 * do not attempt to load anything from a user's home directory, as
2573
			 * it might not be available at this time.
2574
			 */
2575
			load_launchd_items[4] = "system";
2576
			if (!is_safeboot()) {
2577
				load_launchd_items[5] = "-D";
2578
				load_launchd_items[6] = "local";
2579
				the_argc += 2;
2580
			}
2581

2582
			if (strcasecmp(session, VPROCMGR_SESSION_BACKGROUND) == 0) {
2583
				/* This is to force a bootstrapped job to inherit its security
2584
				 * session from the launchd that it resides in.
2585
				 */
2586
				_launchctl_peruser_bootstrap = true;
2587
				read_launchd_conf();
2588
			}
2589
		}
2590

2591
		if (is_safeboot()) {
2592
			load_launchd_items[4] = "system";
2593
		}
2594

2595
		int result = load_and_unload_cmd(the_argc, load_launchd_items);
2596
		if (result) {
2597
			syslog(LOG_ERR, "Could not bootstrap session: %s", session);
2598
			return 1;
2599
		}
2600

2601
		/* This will tell launchd to start listening on MachServices again. When
2602
		 * bootstrapping, launchd ignores requests from everyone but the
2603
		 * bootstrapper (us), so this unsets the "weird bootstrap" mode.
2604
		 */
2605
		int64_t junk = 0;
2606
		vproc_err_t verr = vproc_swap_integer(NULL, VPROC_GSK_WEIRD_BOOTSTRAP, &junk, NULL);
2607
		if (!verr) {
2608
#if !TARGET_OS_EMBEDDED
2609
			if (bootstrap_login_items) {
2610
				void *smf = dlopen("/System/Library/Frameworks/ServiceManagement.framework/Versions/A/ServiceManagement", 0);
2611
				if (smf) {
2612
					void (*_SMLoginItemBootstrapItemsFunc)(void) = dlsym(smf, "_SMLoginItemBootstrapItems");
2613
					if (_SMLoginItemBootstrapItemsFunc) {
2614
						_SMLoginItemBootstrapItemsFunc();
2615
					} else {
2616
						launchctl_log(LOG_ERR, "Could not find login item bootstrap function. LoginItems will be unavailable.");
2617
					}
2618
				} else {
2619
					launchctl_log(LOG_ERR, "Failed to open ServiceManagement framework. LoginItems will be unavailable.");
2620
				}
2621
			}
2622
#endif
2623
		} else if (bootstrap_login_items) {
2624
			launchctl_log(LOG_ERR, "Failed to unset weird bootstrap. LoginItems will be unavailable.");
2625
		}
2626
	}
2627

2628
	return 0;
2629
}
2630

2631
int
2632
load_and_unload_cmd(int argc, char *const argv[])
2633
{
2634
	NSSearchPathEnumerationState es = 0;
2635
	char nspath[PATH_MAX * 2]; /* safe side, we need to append */
2636
	bool badopts = false;
2637
	struct load_unload_state lus;
2638
	size_t i;
2639
	int ch;
2640

2641
	memset(&lus, 0, sizeof(lus));
2642

2643
	if (strcmp(argv[0], "load") == 0) {
2644
		lus.load = true;
2645
	}
2646

2647
	while ((ch = getopt(argc, argv, "wFS:D:")) != -1) {
2648
		switch (ch) {
2649
		case 'w':
2650
			lus.editondisk = true;
2651
			break;
2652
		case 'F':
2653
			lus.forceload = true;
2654
			break;
2655
		case 'S':
2656
			lus.session_type = optarg;
2657
			break;
2658
		case 'D':
2659
			if (strcasecmp(optarg, "all") == 0) {
2660
				es |= NSAllDomainsMask;
2661
			} else if (strcasecmp(optarg, "user") == 0) {
2662
				es |= NSUserDomainMask;
2663
			} else if (strcasecmp(optarg, "local") == 0) {
2664
				es |= NSLocalDomainMask;
2665
			} else if (strcasecmp(optarg, "network") == 0) {
2666
				es |= NSNetworkDomainMask;
2667
			} else if (strcasecmp(optarg, "system") == 0) {
2668
				es |= NSSystemDomainMask;
2669
			} else {
2670
				badopts = true;
2671
			}
2672
			break;
2673
		case '?':
2674
		default:
2675
			badopts = true;
2676
			break;
2677
		}
2678
	}
2679
	argc -= optind;
2680
	argv += optind;
2681

2682
	if (lus.session_type == NULL) {
2683
		es &= ~NSUserDomainMask;
2684
	}
2685

2686
	if (argc == 0 && es == 0) {
2687
		badopts = true;
2688
	}
2689

2690
	if (badopts) {
2691
		launchctl_log(LOG_ERR, "usage: %s load [-wF] [-D <user|local|network|system|all>] paths...", getprogname());
2692
		return 1;
2693
	}
2694

2695
	int dbfd = -1;
2696
	vproc_err_t verr = vproc_swap_string(NULL, VPROC_GSK_JOB_OVERRIDES_DB, NULL, &_launchctl_job_overrides_db_path);
2697
	if (verr) {
2698
		if (bootstrap_port) {
2699
			launchctl_log(LOG_ERR, "Could not get location of job overrides database: ppid/bootstrap: %d/0x%x", getppid(), bootstrap_port);
2700
		}
2701
	} else {
2702
		dbfd = open(_launchctl_job_overrides_db_path, O_RDONLY | O_EXLOCK | O_CREAT, S_IRUSR | S_IWUSR);
2703
		if (dbfd != -1) {
2704
			_launchctl_overrides_db = (CFMutableDictionaryRef)CreateMyPropertyListFromFile(_launchctl_job_overrides_db_path);
2705
			if (!_launchctl_overrides_db) {
2706
				_launchctl_overrides_db = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
2707
			}
2708
		} else if (errno != EROFS) {
2709
			launchctl_log(LOG_ERR, "Could not open job overrides database at: %s: %d: %s", _launchctl_job_overrides_db_path, errno, strerror(errno));
2710
		}
2711
	}
2712

2713
#if READ_JETSAM_DEFAULTS
2714
	if (!read_jetsam_defaults()) {
2715
		launchctl_log(LOG_NOTICE, "Failed to read jetsam defaults; no process limits applied");
2716
	}
2717
#endif
2718

2719
	/* Only one pass! */
2720
	lus.pass1 = launch_data_alloc(LAUNCH_DATA_ARRAY);
2721

2722
	es = NSStartSearchPathEnumeration(NSLibraryDirectory, es);
2723

2724
	while ((es = NSGetNextSearchPathEnumeration(es, nspath))) {
2725
		if (lus.session_type) {
2726
			strcat(nspath, "/LaunchAgents");
2727
		} else {
2728
			strcat(nspath, "/LaunchDaemons");
2729
		}
2730

2731
		bool should_glob = true;
2732

2733
#if TARGET_OS_EMBEDDED
2734
		if (require_jobs_from_cache()) {
2735
			CFDictionaryRef cache = GetPropertyListFromCache();
2736
			if (cache) {
2737
				CFDictionaryRef launchdJobs = CFDictionaryGetValue(cache, CFSTR(XPC_PLIST_CACHE_KEY));
2738
				if (launchdJobs) {
2739
					CFIndex sz = CFDictionaryGetCount(launchdJobs);
2740

2741
					CFStringRef *keys = malloc(sz * sizeof(CFStringRef));
2742
					CFDictionaryGetKeysAndValues(launchdJobs, (const void**)keys, NULL);
2743

2744
					for (i=0; i < (size_t)sz; i++) {
2745
						char path[PATH_MAX];
2746
						if (CFStringGetCString(keys[i], path, PATH_MAX, kCFStringEncodingUTF8) && (strncmp(path, nspath, strlen(nspath)) == 0)) {
2747
							readpath(path, &lus);
2748
						}
2749
					}
2750
				}
2751
			}
2752

2753
			should_glob = false;
2754
		}
2755
#endif
2756

2757
		if (should_glob) {
2758
			glob_t g;
2759

2760
			if (glob(nspath, GLOB_TILDE|GLOB_NOSORT, NULL, &g) == 0) {
2761
				for (i = 0; i < g.gl_pathc; i++) {
2762
					readpath(g.gl_pathv[i], &lus);
2763
				}
2764
				globfree(&g);
2765
			}
2766
		}
2767
	}
2768

2769
	for (i = 0; i < (size_t)argc; i++) {
2770
		readpath(argv[i], &lus);
2771
	}
2772

2773
	if (launch_data_array_get_count(lus.pass1) == 0) {
2774
		if (!_launchctl_is_managed) {
2775
			launchctl_log(LOG_ERR, "nothing found to %s", lus.load ? "load" : "unload");
2776
		}
2777
		launch_data_free(lus.pass1);
2778
		return _launchctl_is_managed ? 0 : 1;
2779
	}
2780

2781
	if (lus.load) {
2782
		distill_jobs(lus.pass1);
2783
		submit_job_pass(lus.pass1);
2784
	} else {
2785
		for (i = 0; i < launch_data_array_get_count(lus.pass1); i++) {
2786
			unloadjob(launch_data_array_get_index(lus.pass1, i));
2787
		}
2788
	}
2789

2790
	if (_launchctl_overrides_db_changed) {
2791
		WriteMyPropertyListToFile(_launchctl_overrides_db, _launchctl_job_overrides_db_path);
2792
	}
2793

2794
	flock(dbfd, LOCK_UN);
2795
	close(dbfd);
2796
	return 0;
2797
}
2798

2799
void
2800
submit_job_pass(launch_data_t jobs)
2801
{
2802
	launch_data_t msg, resp;
2803
	size_t i;
2804
	int e;
2805

2806
	if (launch_data_array_get_count(jobs) == 0)
2807
		return;
2808

2809
	msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
2810

2811
	launch_data_dict_insert(msg, jobs, LAUNCH_KEY_SUBMITJOB);
2812

2813
	resp = launch_msg(msg);
2814

2815
	if (resp) {
2816
		switch (launch_data_get_type(resp)) {
2817
		case LAUNCH_DATA_ERRNO:
2818
			if ((e = launch_data_get_errno(resp)))
2819
				launchctl_log(LOG_ERR, "%s", strerror(e));
2820
			break;
2821
		case LAUNCH_DATA_ARRAY:
2822
			for (i = 0; i < launch_data_array_get_count(jobs); i++) {
2823
				launch_data_t obatind = launch_data_array_get_index(resp, i);
2824
				launch_data_t jatind = launch_data_array_get_index(jobs, i);
2825
				const char *lab4job = launch_data_get_string(launch_data_dict_lookup(jatind, LAUNCH_JOBKEY_LABEL));
2826
				if (LAUNCH_DATA_ERRNO == launch_data_get_type(obatind)) {
2827
					e = launch_data_get_errno(obatind);
2828
					switch (e) {
2829
					case EEXIST:
2830
						launchctl_log(LOG_ERR, "%s: %s", lab4job, "Already loaded");
2831
						break;
2832
					case ESRCH:
2833
						launchctl_log(LOG_ERR, "%s: %s", lab4job, "Not loaded");
2834
						break;
2835
					case ENEEDAUTH:
2836
						launchctl_log(LOG_ERR, "%s: %s", lab4job, "Could not set security session");
2837
					default:
2838
						launchctl_log(LOG_ERR, "%s: %s", lab4job, strerror(e));
2839
					case 0:
2840
						break;
2841
					}
2842
				}
2843
			}
2844
			break;
2845
		default:
2846
			launchctl_log(LOG_ERR, "unknown respose from launchd!");
2847
			break;
2848
		}
2849
		launch_data_free(resp);
2850
	} else {
2851
		launchctl_log(LOG_ERR, "launch_msg(): %s", strerror(errno));
2852
	}
2853

2854
	launch_data_free(msg);
2855
}
2856

2857
int
2858
start_stop_remove_cmd(int argc, char *const argv[])
2859
{
2860
	launch_data_t resp, msg;
2861
	const char *lmsgcmd = LAUNCH_KEY_STOPJOB;
2862
	int e, r = 0;
2863

2864
	if (0 == strcmp(argv[0], "start"))
2865
		lmsgcmd = LAUNCH_KEY_STARTJOB;
2866

2867
	if (0 == strcmp(argv[0], "remove"))
2868
		lmsgcmd = LAUNCH_KEY_REMOVEJOB;
2869

2870
	if (argc != 2) {
2871
		launchctl_log(LOG_ERR, "usage: %s %s <job label>", getprogname(), argv[0]);
2872
		return 1;
2873
	}
2874

2875
	msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
2876
	launch_data_dict_insert(msg, launch_data_new_string(argv[1]), lmsgcmd);
2877

2878
	resp = launch_msg(msg);
2879
	launch_data_free(msg);
2880

2881
	if (resp == NULL) {
2882
		launchctl_log(LOG_ERR, "launch_msg(): %s", strerror(errno));
2883
		return 1;
2884
	} else if (launch_data_get_type(resp) == LAUNCH_DATA_ERRNO) {
2885
		if ((e = launch_data_get_errno(resp))) {
2886
			launchctl_log(LOG_ERR, "%s %s error: %s", getprogname(), argv[0], strerror(e));
2887
			r = 1;
2888
		}
2889
	} else {
2890
		launchctl_log(LOG_ERR, "%s %s returned unknown response", getprogname(), argv[0]);
2891
		r = 1;
2892
	}
2893

2894
	launch_data_free(resp);
2895
	return r;
2896
}
2897

2898
void
2899
print_jobs(launch_data_t j, const char *key __attribute__((unused)), void *context __attribute__((unused)))
2900
{
2901
	static size_t depth = 0;
2902
	launch_data_t lo = launch_data_dict_lookup(j, LAUNCH_JOBKEY_LABEL);
2903
	launch_data_t pido = launch_data_dict_lookup(j, LAUNCH_JOBKEY_PID);
2904
	launch_data_t stato = launch_data_dict_lookup(j, LAUNCH_JOBKEY_LASTEXITSTATUS);
2905
	const char *label = launch_data_get_string(lo);
2906
	size_t i;
2907

2908
	if (pido) {
2909
		fprintf(stdout, "%lld\t-\t%s\n", launch_data_get_integer(pido), label);
2910
	} else if (stato) {
2911
		int wstatus = (int)launch_data_get_integer(stato);
2912
		if (WIFEXITED(wstatus)) {
2913
			fprintf(stdout, "-\t%d\t%s\n", WEXITSTATUS(wstatus), label);
2914
		} else if (WIFSIGNALED(wstatus)) {
2915
			fprintf(stdout, "-\t-%d\t%s\n", WTERMSIG(wstatus), label);
2916
		} else {
2917
			fprintf(stdout, "-\t???\t%s\n", label);
2918
		}
2919
	} else {
2920
		fprintf(stdout, "-\t-\t%s\n", label);
2921
	}
2922
	for (i = 0; i < depth; i++) {
2923
		fprintf(stdout, "\t");
2924
	}
2925
}
2926

2927
void
2928
print_obj(launch_data_t obj, const char *key, void *context __attribute__((unused)))
2929
{
2930
	static size_t indent = 0;
2931
	size_t i, c;
2932

2933
	for (i = 0; i < indent; i++) {
2934
		fprintf(stdout, "\t");
2935
	}
2936

2937
	if (key) {
2938
		fprintf(stdout, "\"%s\" = ", key);
2939
	}
2940

2941
	switch (launch_data_get_type(obj)) {
2942
	case LAUNCH_DATA_STRING:
2943
		fprintf(stdout, "\"%s\";\n", launch_data_get_string(obj));
2944
		break;
2945
	case LAUNCH_DATA_INTEGER:
2946
		fprintf(stdout, "%lld;\n", launch_data_get_integer(obj));
2947
		break;
2948
	case LAUNCH_DATA_REAL:
2949
		fprintf(stdout, "%f;\n", launch_data_get_real(obj));
2950
		break;
2951
	case LAUNCH_DATA_BOOL:
2952
		fprintf(stdout, "%s;\n", launch_data_get_bool(obj) ? "true" : "false");
2953
		break;
2954
	case LAUNCH_DATA_ARRAY:
2955
		c = launch_data_array_get_count(obj);
2956
		fprintf(stdout, "(\n");
2957
		indent++;
2958
		for (i = 0; i < c; i++) {
2959
			print_obj(launch_data_array_get_index(obj, i), NULL, NULL);
2960
		}
2961
		indent--;
2962
		for (i = 0; i < indent; i++) {
2963
			fprintf(stdout, "\t");
2964
		}
2965
		fprintf(stdout, ");\n");
2966
		break;
2967
	case LAUNCH_DATA_DICTIONARY:
2968
		fprintf(stdout, "{\n");
2969
		indent++;
2970
		launch_data_dict_iterate(obj, print_obj, NULL);
2971
		indent--;
2972
		for (i = 0; i < indent; i++) {
2973
			fprintf(stdout, "\t");
2974
		}
2975
		fprintf(stdout, "};\n");
2976
		break;
2977
	case LAUNCH_DATA_FD:
2978
		fprintf(stdout, "file-descriptor-object;\n");
2979
		break;
2980
	case LAUNCH_DATA_MACHPORT:
2981
		fprintf(stdout, "mach-port-object;\n");
2982
		break;
2983
	default:
2984
		fprintf(stdout, "???;\n");
2985
		break;
2986
	}
2987
}
2988

2989
int
2990
list_cmd(int argc, char *const argv[])
2991
{
2992
	if (_launchctl_is_managed) {
2993
		/* This output is meant for a command line, so don't print anything if
2994
		 * we're managed by launchd.
2995
		 */
2996
		return 1;
2997
	}
2998

2999
	launch_data_t resp, msg = NULL;
3000
	int r = 0;
3001

3002
	bool plist_output = false;
3003
	char *label = NULL;
3004
	if (argc > 3) {
3005
		launchctl_log(LOG_ERR, "usage: %s list [-x] [label]", getprogname());
3006
		return 1;
3007
	} else if (argc >= 2) {
3008
		plist_output = (strncmp(argv[1], "-x", sizeof("-x")) == 0);
3009
		label = plist_output ? argv[2] : argv[1];
3010
	}
3011

3012
	if (label) {
3013
		msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
3014
		launch_data_dict_insert(msg, launch_data_new_string(label), LAUNCH_KEY_GETJOB);
3015

3016
		resp = launch_msg(msg);
3017
		launch_data_free(msg);
3018

3019
		if (resp == NULL) {
3020
			launchctl_log(LOG_ERR, "launch_msg(): %s", strerror(errno));
3021
			r = 1;
3022
		} else if (launch_data_get_type(resp) == LAUNCH_DATA_DICTIONARY) {
3023
			if (plist_output) {
3024
				CFDictionaryRef respDict = CFDictionaryCreateFromLaunchDictionary(resp);
3025
				CFStringRef plistStr = NULL;
3026
				if (respDict) {
3027
					CFDataRef plistData = CFPropertyListCreateXMLData(NULL, (CFPropertyListRef)respDict);
3028
					CFRelease(respDict);
3029
					if (plistData) {
3030
						plistStr = CFStringCreateWithBytes(NULL, CFDataGetBytePtr(plistData), CFDataGetLength(plistData), kCFStringEncodingUTF8, false);
3031
						CFRelease(plistData);
3032
					} else {
3033
						r = 1;
3034
					}
3035
				} else {
3036
					r = 1;
3037
				}
3038

3039
				if (plistStr) {
3040
					launchctl_log_CFString(LOG_NOTICE, plistStr);
3041
					CFRelease(plistStr);
3042
					r = 0;
3043
				}
3044
			} else {
3045
				print_obj(resp, NULL, NULL);
3046
				r = 0;
3047
			}
3048
			launch_data_free(resp);
3049
		} else {
3050
			launchctl_log(LOG_ERR, "%s %s returned unknown response", getprogname(), argv[0]);
3051
			r = 1;
3052
			launch_data_free(resp);
3053
		}
3054
	} else if (vproc_swap_complex(NULL, VPROC_GSK_ALLJOBS, NULL, &resp) == NULL) {
3055
		fprintf(stdout, "PID\tStatus\tLabel\n");
3056
		launch_data_dict_iterate(resp, print_jobs, NULL);
3057
		launch_data_free(resp);
3058

3059
		r = 0;
3060
	}
3061

3062
	return r;
3063
}
3064

3065
int
3066
stdio_cmd(int argc __attribute__((unused)), char *const argv[])
3067
{
3068
	launchctl_log(LOG_ERR, "%s %s: This sub-command no longer does anything", getprogname(), argv[0]);
3069
	return 1;
3070
}
3071

3072
int
3073
fyi_cmd(int argc, char *const argv[])
3074
{
3075
	launch_data_t resp, msg;
3076
	const char *lmsgk = NULL;
3077
	int e, r = 0;
3078

3079
	if (argc != 1) {
3080
		launchctl_log(LOG_ERR, "usage: %s %s", getprogname(), argv[0]);
3081
		return 1;
3082
	}
3083

3084
	if (!strcmp(argv[0], "shutdown")) {
3085
		lmsgk = LAUNCH_KEY_SHUTDOWN;
3086
	} else if (!strcmp(argv[0], "singleuser")) {
3087
		lmsgk = LAUNCH_KEY_SINGLEUSER;
3088
	} else {
3089
		return 1;
3090
	}
3091

3092
	msg = launch_data_new_string(lmsgk);
3093
	resp = launch_msg(msg);
3094
	launch_data_free(msg);
3095

3096
	if (resp == NULL) {
3097
		launchctl_log(LOG_ERR, "launch_msg(): %s", strerror(errno));
3098
		return 1;
3099
	} else if (launch_data_get_type(resp) == LAUNCH_DATA_ERRNO) {
3100
		if ((e = launch_data_get_errno(resp))) {
3101
			launchctl_log(LOG_ERR, "%s %s error: %s", getprogname(), argv[0], strerror(e));
3102
			r = 1;
3103
		}
3104
	} else {
3105
		launchctl_log(LOG_ERR, "%s %s returned unknown response", getprogname(), argv[0]);
3106
		r = 1;
3107
	}
3108

3109
	launch_data_free(resp);
3110

3111
	return r;
3112
}
3113

3114
int
3115
logupdate_cmd(int argc, char *const argv[])
3116
{
3117
	int64_t inval, outval;
3118
	bool badargs = false, maskmode = false, onlymode = false, levelmode = false;
3119
	static const struct {
3120
		const char *name;
3121
		int level;
3122
	} logtbl[] = {
3123
		{ "debug",	LOG_DEBUG },
3124
		{ "info",	LOG_INFO },
3125
		{ "notice",	LOG_NOTICE },
3126
		{ "warning",	LOG_WARNING },
3127
		{ "error",	LOG_ERR },
3128
		{ "critical",	LOG_CRIT },
3129
		{ "alert",	LOG_ALERT },
3130
		{ "emergency",	LOG_EMERG },
3131
	};
3132
	size_t i, j, logtblsz = sizeof logtbl / sizeof logtbl[0];
3133
	int m = 0;
3134

3135
	if (argc >= 2) {
3136
		if (!strcmp(argv[1], "mask"))
3137
			maskmode = true;
3138
		else if (!strcmp(argv[1], "only"))
3139
			onlymode = true;
3140
		else if (!strcmp(argv[1], "level"))
3141
			levelmode = true;
3142
		else
3143
			badargs = true;
3144
	}
3145

3146
	if (maskmode)
3147
		m = LOG_UPTO(LOG_DEBUG);
3148

3149
	if (argc > 2 && (maskmode || onlymode)) {
3150
		for (i = 2; i < (size_t)argc; i++) {
3151
			for (j = 0; j < logtblsz; j++) {
3152
				if (!strcmp(argv[i], logtbl[j].name)) {
3153
					if (maskmode)
3154
						m &= ~(LOG_MASK(logtbl[j].level));
3155
					else
3156
						m |= LOG_MASK(logtbl[j].level);
3157
					break;
3158
				}
3159
			}
3160
			if (j == logtblsz) {
3161
				badargs = true;
3162
				break;
3163
			}
3164
		}
3165
	} else if (argc > 2 && levelmode) {
3166
		for (j = 0; j < logtblsz; j++) {
3167
			if (!strcmp(argv[2], logtbl[j].name)) {
3168
				m = LOG_UPTO(logtbl[j].level);
3169
				break;
3170
			}
3171
		}
3172
		if (j == logtblsz)
3173
			badargs = true;
3174
	} else if (argc != 1) {
3175
		badargs = true;
3176
	}
3177

3178
	if (badargs) {
3179
		launchctl_log(LOG_ERR, "usage: %s [[mask loglevels...] | [only loglevels...] [level loglevel]]", getprogname());
3180
		return 1;
3181
	}
3182

3183
	inval = m;
3184

3185
	if (vproc_swap_integer(NULL, VPROC_GSK_GLOBAL_LOG_MASK, argc != 1 ? &inval : NULL, &outval) == NULL) {
3186
		if (argc == 1) {
3187
			for (j = 0; j < logtblsz; j++) {
3188
				if (outval & LOG_MASK(logtbl[j].level)) {
3189
					launchctl_log(LOG_NOTICE, "%s ", logtbl[j].name);
3190
				}
3191
			}
3192
			launchctl_log(LOG_NOTICE, "");
3193
		}
3194
		return 0;
3195
	} else {
3196
		return 1;
3197
	}
3198
}
3199

3200
static const struct {
3201
	const char *name;
3202
	int lim;
3203
} limlookup[] = {
3204
	{ "cpu",	RLIMIT_CPU },
3205
	{ "filesize",	RLIMIT_FSIZE },
3206
	{ "data",	RLIMIT_DATA },
3207
	{ "stack",	RLIMIT_STACK },
3208
	{ "core",	RLIMIT_CORE },
3209
	{ "rss", 	RLIMIT_RSS },
3210
	{ "memlock",	RLIMIT_MEMLOCK },
3211
	{ "maxproc",	RLIMIT_NPROC },
3212
	{ "maxfiles",	RLIMIT_NOFILE }
3213
};
3214

3215
static const size_t limlookupcnt = sizeof limlookup / sizeof limlookup[0];
3216

3217
ssize_t
3218
name2num(const char *n)
3219
{
3220
	size_t i;
3221

3222
	for (i = 0; i < limlookupcnt; i++) {
3223
		if (!strcmp(limlookup[i].name, n)) {
3224
			return limlookup[i].lim;
3225
		}
3226
	}
3227
	return -1;
3228
}
3229

3230
const char *
3231
num2name(int n)
3232
{
3233
	size_t i;
3234

3235
	for (i = 0; i < limlookupcnt; i++) {
3236
		if (limlookup[i].lim == n)
3237
			return limlookup[i].name;
3238
	}
3239
	return NULL;
3240
}
3241

3242
const char *
3243
lim2str(rlim_t val, char *buf)
3244
{
3245
	if (val == RLIM_INFINITY)
3246
		strcpy(buf, "unlimited");
3247
	else
3248
		sprintf(buf, "%lld", val);
3249
	return buf;
3250
}
3251

3252
bool
3253
str2lim(const char *buf, rlim_t *res)
3254
{
3255
	char *endptr;
3256
	*res = strtoll(buf, &endptr, 10);
3257
	if (!strcmp(buf, "unlimited")) {
3258
		*res = RLIM_INFINITY;
3259
		return false;
3260
	} else if (*endptr == '\0') {
3261
		 return false;
3262
	}
3263
	return true;
3264
}
3265

3266
int
3267
limit_cmd(int argc, char *const argv[])
3268
{
3269
	char slimstr[100];
3270
	char hlimstr[100];
3271
	struct rlimit *lmts = NULL;
3272
	launch_data_t resp, resp1 = NULL, msg, tmp;
3273
	int r = 0;
3274
	size_t i, lsz = -1;
3275
	ssize_t which = 0;
3276
	rlim_t slim = -1, hlim = -1;
3277
	bool badargs = false;
3278

3279
	if (argc > 4)
3280
		badargs = true;
3281

3282
	if (argc >= 3 && str2lim(argv[2], &slim))
3283
		badargs = true;
3284
	else
3285
		hlim = slim;
3286

3287
	if (argc == 4 && str2lim(argv[3], &hlim))
3288
		badargs = true;
3289

3290
	if (argc >= 2 && -1 == (which = name2num(argv[1])))
3291
		badargs = true;
3292

3293
	if (badargs) {
3294
		launchctl_log(LOG_ERR, "usage: %s %s [", getprogname(), argv[0]);
3295
		for (i = 0; i < limlookupcnt; i++)
3296
			launchctl_log(LOG_ERR, "%s %s", limlookup[i].name, (i + 1) == limlookupcnt ? "" : "| ");
3297
		launchctl_log(LOG_ERR, "[both | soft hard]]");
3298
		return 1;
3299
	}
3300

3301
	msg = launch_data_new_string(LAUNCH_KEY_GETRESOURCELIMITS);
3302
	resp = launch_msg(msg);
3303
	launch_data_free(msg);
3304

3305
	if (resp == NULL) {
3306
		launchctl_log(LOG_ERR, "launch_msg(): %s", strerror(errno));
3307
		return 1;
3308
	} else if (launch_data_get_type(resp) == LAUNCH_DATA_OPAQUE) {
3309
		lmts = launch_data_get_opaque(resp);
3310
		lsz = launch_data_get_opaque_size(resp);
3311
		if (argc <= 2) {
3312
			for (i = 0; i < (lsz / sizeof(struct rlimit)); i++) {
3313
				if (argc == 2 && (size_t)which != i)
3314
					continue;
3315
				launchctl_log(LOG_NOTICE, "\t%-12s%-15s%-15s", num2name((int)i),
3316
						lim2str(lmts[i].rlim_cur, slimstr),
3317
						lim2str(lmts[i].rlim_max, hlimstr));
3318
			}
3319
		}
3320
	} else if (launch_data_get_type(resp) == LAUNCH_DATA_STRING) {
3321
		launchctl_log(LOG_ERR, "%s %s error: %s", getprogname(), argv[0], launch_data_get_string(resp));
3322
		r = 1;
3323
	} else {
3324
		launchctl_log(LOG_ERR, "%s %s returned unknown response", getprogname(), argv[0]);
3325
		r = 1;
3326
	}
3327

3328
	if (argc <= 2 || r != 0) {
3329
		launch_data_free(resp);
3330
		return r;
3331
	} else {
3332
		resp1 = resp;
3333
	}
3334

3335
	lmts[which].rlim_cur = slim;
3336
	lmts[which].rlim_max = hlim;
3337

3338
	bool maxfiles_exceeded = false;
3339
	if (strncmp(argv[1], "maxfiles", sizeof("maxfiles")) == 0) {
3340
		if (argc > 2) {
3341
			maxfiles_exceeded = (strncmp(argv[2], "unlimited", sizeof("unlimited")) == 0);
3342
		}
3343

3344
		if (argc > 3) {
3345
			maxfiles_exceeded = (maxfiles_exceeded || strncmp(argv[3], "unlimited", sizeof("unlimited")) == 0);
3346
		}
3347

3348
		if (maxfiles_exceeded) {
3349
			launchctl_log(LOG_ERR, "Neither the hard nor soft limit for \"maxfiles\" can be unlimited. Please use a numeric parameter for both.");
3350
			return 1;
3351
		}
3352
	}
3353

3354
	msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
3355
	tmp = launch_data_new_opaque(lmts, lsz);
3356
	launch_data_dict_insert(msg, tmp, LAUNCH_KEY_SETRESOURCELIMITS);
3357
	resp = launch_msg(msg);
3358
	launch_data_free(msg);
3359

3360
	if (resp == NULL) {
3361
		launchctl_log(LOG_ERR, "launch_msg(): %s", strerror(errno));
3362
		return 1;
3363
	} else if (launch_data_get_type(resp) == LAUNCH_DATA_STRING) {
3364
		launchctl_log(LOG_ERR, "%s %s error: %s", getprogname(), argv[0], launch_data_get_string(resp));
3365
		r = 1;
3366
	} else if (launch_data_get_type(resp) != LAUNCH_DATA_OPAQUE) {
3367
		launchctl_log(LOG_ERR, "%s %s returned unknown response", getprogname(), argv[0]);
3368
		r = 1;
3369
	}
3370

3371
	launch_data_free(resp);
3372
	launch_data_free(resp1);
3373

3374
	return r;
3375
}
3376

3377
int
3378
umask_cmd(int argc, char *const argv[])
3379
{
3380
	bool badargs = false;
3381
	char *endptr;
3382
	long m = 0;
3383
	int64_t inval, outval;
3384

3385
	if (argc == 2) {
3386
		m = strtol(argv[1], &endptr, 8);
3387
		if (*endptr != '\0' || m > 0777)
3388
			badargs = true;
3389
	}
3390

3391
	if (argc > 2 || badargs) {
3392
		launchctl_log(LOG_ERR, "usage: %s %s <mask>", getprogname(), argv[0]);
3393
		return 1;
3394
	}
3395

3396
	inval = m;
3397

3398
	if (vproc_swap_integer(NULL, VPROC_GSK_GLOBAL_UMASK, argc == 2 ? &inval : NULL, &outval) == NULL) {
3399
		if (argc == 1) {
3400
			launchctl_log(LOG_NOTICE, "%o", (unsigned int)outval);
3401
		}
3402
		return 0;
3403
	} else {
3404
		return 1;
3405
	}
3406
}
3407

3408
void
3409
setup_system_context(void)
3410
{
3411
	if (getenv(LAUNCHD_SOCKET_ENV)) {
3412
		return;
3413
	}
3414

3415
	if (getenv(LAUNCH_ENV_KEEPCONTEXT)) {
3416
		return;
3417
	}
3418

3419
	if (geteuid() != 0) {
3420
		launchctl_log(LOG_ERR, "You must be the root user to perform this operation.");
3421
		return;
3422
	}
3423

3424
	/* Use the system launchd's socket. */
3425
	setenv("__USE_SYSTEM_LAUNCHD", "1", 0);
3426

3427
	/* Put ourselves in the system launchd's bootstrap. */
3428
	mach_port_t rootbs = str2bsport("/");
3429
	mach_port_deallocate(mach_task_self(), bootstrap_port);
3430
	task_set_bootstrap_port(mach_task_self(), rootbs);
3431
	bootstrap_port = rootbs;
3432
}
3433

3434
int
3435
submit_cmd(int argc, char *const argv[])
3436
{
3437
	launch_data_t msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
3438
	launch_data_t job = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
3439
	launch_data_t resp, largv = launch_data_alloc(LAUNCH_DATA_ARRAY);
3440
	int ch, i, r = 0;
3441

3442
	launch_data_dict_insert(job, launch_data_new_bool(false), LAUNCH_JOBKEY_ONDEMAND);
3443

3444
	while ((ch = getopt(argc, argv, "l:p:o:e:")) != -1) {
3445
		switch (ch) {
3446
		case 'l':
3447
			launch_data_dict_insert(job, launch_data_new_string(optarg), LAUNCH_JOBKEY_LABEL);
3448
			break;
3449
		case 'p':
3450
			launch_data_dict_insert(job, launch_data_new_string(optarg), LAUNCH_JOBKEY_PROGRAM);
3451
			break;
3452
		case 'o':
3453
			launch_data_dict_insert(job, launch_data_new_string(optarg), LAUNCH_JOBKEY_STANDARDOUTPATH);
3454
			break;
3455
		case 'e':
3456
			launch_data_dict_insert(job, launch_data_new_string(optarg), LAUNCH_JOBKEY_STANDARDERRORPATH);
3457
			break;
3458
		default:
3459
			launchctl_log(LOG_ERR, "usage: %s submit ...", getprogname());
3460
			return 1;
3461
		}
3462
	}
3463
	argc -= optind;
3464
	argv += optind;
3465

3466
	for (i = 0; argv[i]; i++) {
3467
		launch_data_array_append(largv, launch_data_new_string(argv[i]));
3468
	}
3469

3470
	launch_data_dict_insert(job, largv, LAUNCH_JOBKEY_PROGRAMARGUMENTS);
3471

3472
	launch_data_dict_insert(msg, job, LAUNCH_KEY_SUBMITJOB);
3473

3474
	resp = launch_msg(msg);
3475
	launch_data_free(msg);
3476

3477
	if (resp == NULL) {
3478
		launchctl_log(LOG_ERR, "launch_msg(): %s", strerror(errno));
3479
		return 1;
3480
	} else if (launch_data_get_type(resp) == LAUNCH_DATA_ERRNO) {
3481
		errno = launch_data_get_errno(resp);
3482
		if (errno) {
3483
			launchctl_log(LOG_ERR, "%s %s error: %s", getprogname(), argv[0], strerror(errno));
3484
			r = 1;
3485
		}
3486
	} else {
3487
		launchctl_log(LOG_ERR, "%s %s error: %s", getprogname(), argv[0], "unknown response");
3488
	}
3489

3490
	launch_data_free(resp);
3491

3492
	return r;
3493
}
3494

3495
int
3496
getrusage_cmd(int argc, char *const argv[])
3497
{
3498
	launch_data_t resp, msg;
3499
	bool badargs = false;
3500
	int r = 0;
3501

3502
	if (argc != 2)
3503
		badargs = true;
3504
	else if (strcmp(argv[1], "self") && strcmp(argv[1], "children"))
3505
		badargs = true;
3506

3507
	if (badargs) {
3508
		launchctl_log(LOG_ERR, "usage: %s %s self | children", getprogname(), argv[0]);
3509
		return 1;
3510
	}
3511

3512
	if (!strcmp(argv[1], "self")) {
3513
		msg = launch_data_new_string(LAUNCH_KEY_GETRUSAGESELF);
3514
	} else {
3515
		msg = launch_data_new_string(LAUNCH_KEY_GETRUSAGECHILDREN);
3516
	}
3517

3518
	resp = launch_msg(msg);
3519
	launch_data_free(msg);
3520

3521
	if (resp == NULL) {
3522
		launchctl_log(LOG_ERR, "launch_msg(): %s", strerror(errno));
3523
		return 1;
3524
	} else if (launch_data_get_type(resp) == LAUNCH_DATA_ERRNO) {
3525
		launchctl_log(LOG_ERR, "%s %s error: %s", getprogname(), argv[0], strerror(launch_data_get_errno(resp)));
3526
		r = 1;
3527
	} else if (launch_data_get_type(resp) == LAUNCH_DATA_OPAQUE) {
3528
		struct rusage *rusage = launch_data_get_opaque(resp);
3529
		launchctl_log(LOG_NOTICE, "\t%-10f\tuser time used",
3530
				(double)rusage->ru_utime.tv_sec + (double)rusage->ru_utime.tv_usec / (double)1000000);
3531
		launchctl_log(LOG_NOTICE, "\t%-10f\tsystem time used",
3532
				(double)rusage->ru_stime.tv_sec + (double)rusage->ru_stime.tv_usec / (double)1000000);
3533
		launchctl_log(LOG_NOTICE, "\t%-10ld\tmax resident set size", rusage->ru_maxrss);
3534
		launchctl_log(LOG_NOTICE, "\t%-10ld\tshared text memory size", rusage->ru_ixrss);
3535
		launchctl_log(LOG_NOTICE, "\t%-10ld\tunshared data size", rusage->ru_idrss);
3536
		launchctl_log(LOG_NOTICE, "\t%-10ld\tunshared stack size", rusage->ru_isrss);
3537
		launchctl_log(LOG_NOTICE, "\t%-10ld\tpage reclaims", rusage->ru_minflt);
3538
		launchctl_log(LOG_NOTICE, "\t%-10ld\tpage faults", rusage->ru_majflt);
3539
		launchctl_log(LOG_NOTICE, "\t%-10ld\tswaps", rusage->ru_nswap);
3540
		launchctl_log(LOG_NOTICE, "\t%-10ld\tblock input operations", rusage->ru_inblock);
3541
		launchctl_log(LOG_NOTICE, "\t%-10ld\tblock output operations", rusage->ru_oublock);
3542
		launchctl_log(LOG_NOTICE, "\t%-10ld\tmessages sent", rusage->ru_msgsnd);
3543
		launchctl_log(LOG_NOTICE, "\t%-10ld\tmessages received", rusage->ru_msgrcv);
3544
		launchctl_log(LOG_NOTICE, "\t%-10ld\tsignals received", rusage->ru_nsignals);
3545
		launchctl_log(LOG_NOTICE, "\t%-10ld\tvoluntary context switches", rusage->ru_nvcsw);
3546
		launchctl_log(LOG_NOTICE, "\t%-10ld\tinvoluntary context switches", rusage->ru_nivcsw);
3547
	} else {
3548
		launchctl_log(LOG_ERR, "%s %s returned unknown response", getprogname(), argv[0]);
3549
		r = 1;
3550
	}
3551

3552
	launch_data_free(resp);
3553

3554
	return r;
3555
}
3556

3557
bool
3558
launch_data_array_append(launch_data_t a, launch_data_t o)
3559
{
3560
	size_t offt = launch_data_array_get_count(a);
3561

3562
	return launch_data_array_set_index(a, o, offt);
3563
}
3564

3565
mach_port_t
3566
str2bsport(const char *s)
3567
{
3568
	bool getrootbs = strcmp(s, "/") == 0;
3569
	mach_port_t last_bport, bport = bootstrap_port;
3570
	task_t task = mach_task_self();
3571
	kern_return_t result;
3572

3573
	if (strcmp(s, "..") == 0 || getrootbs) {
3574
		do {
3575
			last_bport = bport;
3576
			result = bootstrap_parent(last_bport, &bport);
3577

3578
			if (result == BOOTSTRAP_NOT_PRIVILEGED) {
3579
				launchctl_log(LOG_ERR, "Permission denied");
3580
				return 1;
3581
			} else if (result != BOOTSTRAP_SUCCESS) {
3582
				launchctl_log(LOG_ERR, "bootstrap_parent() %d", result);
3583
				return 1;
3584
			}
3585
		} while (getrootbs && last_bport != bport);
3586
	} else if (strcmp(s, "0") == 0 || strcmp(s, "NULL") == 0) {
3587
		bport = MACH_PORT_NULL;
3588
	} else {
3589
		int pid = atoi(s);
3590

3591
		result = task_for_pid(mach_task_self(), pid, &task);
3592

3593
		if (result != KERN_SUCCESS) {
3594
			launchctl_log(LOG_ERR, "task_for_pid() %s", mach_error_string(result));
3595
			return 1;
3596
		}
3597

3598
		result = task_get_bootstrap_port(task, &bport);
3599

3600
		if (result != KERN_SUCCESS) {
3601
			launchctl_log(LOG_ERR, "Couldn't get bootstrap port: %s", mach_error_string(result));
3602
			return 1;
3603
		}
3604
	}
3605

3606
	return bport;
3607
}
3608

3609
int
3610
bsexec_cmd(int argc, char *const argv[])
3611
{
3612
	kern_return_t result;
3613
	mach_port_t bport;
3614

3615
	if (argc < 3) {
3616
		launchctl_log(LOG_ERR, "usage: %s bsexec <PID> prog...", getprogname());
3617
		return 1;
3618
	}
3619

3620
	bport = str2bsport(argv[1]);
3621

3622
	result = task_set_bootstrap_port(mach_task_self(), bport);
3623

3624
	if (result != KERN_SUCCESS) {
3625
		launchctl_log(LOG_ERR, "Couldn't switch to new bootstrap port: %s", mach_error_string(result));
3626
		return 1;
3627
	}
3628

3629
	setgid(getgid());
3630
	setuid(getuid());
3631

3632
	setenv(LAUNCH_ENV_KEEPCONTEXT, "1", 1);
3633
	if (fwexec((const char *const *)argv + 2, NULL) == -1) {
3634
		launchctl_log(LOG_ERR, "%s bsexec failed: %s", getprogname(), strerror(errno));
3635
		return 1;
3636
	}
3637

3638
	return 0;
3639
}
3640

3641
int
3642
_bslist_cmd(mach_port_t bport, unsigned int depth, bool show_job, bool local_only)
3643
{
3644
	kern_return_t result;
3645
	name_array_t service_names;
3646
	name_array_t service_jobs;
3647
	mach_msg_type_number_t service_cnt, service_jobs_cnt, service_active_cnt;
3648
	bootstrap_status_array_t service_actives;
3649
	unsigned int i;
3650

3651
	if (bport == MACH_PORT_NULL) {
3652
		launchctl_log(LOG_ERR, "Invalid bootstrap port");
3653
		return 1;
3654
	}
3655

3656
	uint64_t flags = 0;
3657
	flags |= local_only ? BOOTSTRAP_FORCE_LOCAL : 0;
3658
	result = bootstrap_info(bport, &service_names, &service_cnt, &service_jobs, &service_jobs_cnt, &service_actives, &service_active_cnt, flags);
3659
	if (result != BOOTSTRAP_SUCCESS) {
3660
		launchctl_log(LOG_ERR, "bootstrap_info(): %d", result);
3661
		return 1;
3662
	}
3663

3664
#define bport_state(x)	(((x) == BOOTSTRAP_STATUS_ACTIVE) ? "A" : ((x) == BOOTSTRAP_STATUS_ON_DEMAND) ? "D" : "I")
3665

3666
	for (i = 0; i < service_cnt ; i++) {
3667
		if (!show_job) {
3668
			fprintf(stdout, "%*s%-3s%s\n", depth, "", bport_state((service_actives[i])), service_names[i]);
3669
		} else {
3670
			fprintf(stdout, "%*s%-3s%s (%s)\n", depth, "", bport_state((service_actives[i])), service_names[i], service_jobs[i]);
3671
		}
3672
	}
3673

3674
	return 0;
3675
}
3676

3677
int
3678
bslist_cmd(int argc, char *const argv[])
3679
{
3680
	if (_launchctl_is_managed) {
3681
		/* This output is meant for a command line, so don't print anything if
3682
		 * we're managed by launchd.
3683
		 */
3684
		return 1;
3685
	}
3686

3687
	mach_port_t bport = bootstrap_port;
3688
	bool show_jobs = false;
3689
	if (argc > 2 && strcmp(argv[2], "-j") == 0) {
3690
		show_jobs = true;
3691
	}
3692

3693
	if (argc > 1) {
3694
		if (show_jobs) {
3695
			bport = str2bsport(argv[1]);
3696
		} else if (strcmp(argv[1], "-j") == 0) {
3697
			show_jobs = true;
3698
		}
3699
	}
3700

3701
	if (bport == MACH_PORT_NULL) {
3702
		launchctl_log(LOG_ERR, "Invalid bootstrap port");
3703
		return 1;
3704
	}
3705

3706
	return _bslist_cmd(bport, 0, show_jobs, false);
3707
}
3708

3709
int
3710
_bstree_cmd(mach_port_t bsport, unsigned int depth, bool show_jobs)
3711
{
3712
	if (bsport == MACH_PORT_NULL) {
3713
		launchctl_log(LOG_ERR, "No root port!");
3714
		return 1;
3715
	}
3716

3717
	mach_port_array_t child_ports = NULL;
3718
	name_array_t child_names = NULL;
3719
	bootstrap_property_array_t child_props = NULL;
3720
	unsigned int cnt = 0;
3721

3722
	kern_return_t kr = bootstrap_lookup_children(bsport, &child_ports, &child_names, &child_props, (mach_msg_type_number_t *)&cnt);
3723
	if (kr != BOOTSTRAP_SUCCESS && kr != BOOTSTRAP_NO_CHILDREN) {
3724
		if (kr == BOOTSTRAP_NOT_PRIVILEGED) {
3725
			launchctl_log(LOG_ERR, "You must be root to perform this operation.");
3726
		} else {
3727
			launchctl_log(LOG_ERR, "bootstrap_lookup_children(): %d", kr);
3728
		}
3729

3730
		return 1;
3731
	}
3732

3733
	unsigned int i = 0;
3734
	_bslist_cmd(bsport, depth, show_jobs, true);
3735

3736
	for (i = 0; i < cnt; i++) {
3737
		char *type = NULL;
3738
		if (child_props[i] & BOOTSTRAP_PROPERTY_PERUSER) {
3739
			type = "Per-user";
3740
		} else if (child_props[i] & BOOTSTRAP_PROPERTY_EXPLICITSUBSET) {
3741
			type = "Explicit Subset";
3742
		} else if (child_props[i] & BOOTSTRAP_PROPERTY_IMPLICITSUBSET) {
3743
			type = "Implicit Subset";
3744
		} else if (child_props[i] & BOOTSTRAP_PROPERTY_MOVEDSUBSET) {
3745
			type = "Moved Subset";
3746
		} else if (child_props[i] & BOOTSTRAP_PROPERTY_XPC_SINGLETON) {
3747
			type = "XPC Singleton Domain";
3748
		} else if (child_props[i] & BOOTSTRAP_PROPERTY_XPC_DOMAIN) {
3749
			type = "XPC Private Domain";
3750
		} else {
3751
			type = "Unknown";
3752
		}
3753

3754
		fprintf(stdout, "%*s%s (%s)/\n", depth, "", child_names[i], type);
3755
		if (child_ports[i] != MACH_PORT_NULL) {
3756
			_bstree_cmd(child_ports[i], depth + 4, show_jobs);
3757
		}
3758
	}
3759

3760
	return 0;
3761
}
3762

3763
int
3764
bstree_cmd(int argc, char * const argv[])
3765
{
3766
	if (_launchctl_is_managed) {
3767
		/* This output is meant for a command line, so don't print anything if
3768
		 * we're managed by launchd.
3769
		 */
3770
		return 1;
3771
	}
3772

3773
	bool show_jobs = false;
3774
	if (geteuid() != 0) {
3775
		launchctl_log(LOG_ERR, "You must be root to perform this operation.");
3776
		return 1;
3777
	} else {
3778
		if (argc == 2 && strcmp(argv[1], "-j") == 0) {
3779
			show_jobs = true;
3780
		}
3781
		fprintf(stdout, "System/\n");
3782
	}
3783

3784
	return _bstree_cmd(str2bsport("/"), 4, show_jobs);
3785
}
3786

3787
int
3788
managerpid_cmd(int argc __attribute__((unused)), char * const argv[] __attribute__((unused)))
3789
{
3790
	int64_t manager_pid = 0;
3791
	vproc_err_t verr = vproc_swap_integer(NULL, VPROC_GSK_MGR_PID, NULL, (int64_t *)&manager_pid);
3792
	if (verr) {
3793
		launchctl_log(LOG_NOTICE, "Unknown job manager!");
3794
		return 1;
3795
	}
3796

3797
	launchctl_log(LOG_NOTICE, "%d", (pid_t)manager_pid);
3798
	return 0;
3799
}
3800

3801
int
3802
manageruid_cmd(int argc __attribute__((unused)), char * const argv[] __attribute__((unused)))
3803
{
3804
	int64_t manager_uid = 0;
3805
	vproc_err_t verr = vproc_swap_integer(NULL, VPROC_GSK_MGR_UID, NULL, (int64_t *)&manager_uid);
3806
	if (verr) {
3807
		launchctl_log(LOG_NOTICE, "Unknown job manager!");
3808
		return 1;
3809
	}
3810

3811
	launchctl_log(LOG_NOTICE, "%lli", manager_uid);
3812
	return 0;
3813
}
3814

3815
int
3816
managername_cmd(int argc __attribute__((unused)), char * const argv[] __attribute__((unused)))
3817
{
3818
	char *manager_name = NULL;
3819
	vproc_err_t verr = vproc_swap_string(NULL, VPROC_GSK_MGR_NAME, NULL, &manager_name);
3820
	if (verr) {
3821
		launchctl_log(LOG_NOTICE, "Unknown job manager!");
3822
		return 1;
3823
	}
3824

3825
	launchctl_log(LOG_NOTICE, "%s", manager_name);
3826
	free(manager_name);
3827

3828
	return 0;
3829
}
3830

3831
int
3832
asuser_cmd(int argc, char * const argv[])
3833
{
3834
	/* This code plays fast and loose with Mach ports. Do NOT use it as any sort
3835
	 * of reference for port handling. Or really anything else in this file.
3836
	 */
3837
	uid_t req_uid = (uid_t)-2;
3838
	if (argc > 2) {
3839
		req_uid = atoi(argv[1]);
3840
		if (req_uid == (uid_t)-2) {
3841
			launchctl_log(LOG_ERR, "You cannot run a command nobody.");
3842
			return 1;
3843
		}
3844
	} else {
3845
		launchctl_log(LOG_ERR, "Usage: launchctl asuser <UID> <command> [arguments...].");
3846
		return 1;
3847
	}
3848

3849
	if (geteuid() != 0) {
3850
		launchctl_log(LOG_ERR, "You must be root to run a command as another user.");
3851
		return 1;
3852
	}
3853

3854
	mach_port_t rbs = MACH_PORT_NULL;
3855
	kern_return_t kr = bootstrap_get_root(bootstrap_port, &rbs);
3856
	if (kr != BOOTSTRAP_SUCCESS) {
3857
		launchctl_log(LOG_ERR, "bootstrap_get_root(): %u", kr);
3858
		return 1;
3859
	}
3860

3861
	mach_port_t bp = MACH_PORT_NULL;
3862
	kr = bootstrap_look_up_per_user(rbs, NULL, req_uid, &bp);
3863
	if (kr != BOOTSTRAP_SUCCESS) {
3864
		launchctl_log(LOG_ERR, "bootstrap_look_up_per_user(): %u", kr);
3865
		return 1;
3866
	}
3867

3868
	bootstrap_port = bp;
3869
	kr = task_set_bootstrap_port(mach_task_self(), bp);
3870
	if (kr != KERN_SUCCESS) {
3871
		launchctl_log(LOG_ERR, "task_set_bootstrap_port(): 0x%x: %s", kr, mach_error_string(kr));
3872
		return 1;
3873
	}
3874

3875
	name_t sockpath;
3876
	sockpath[0] = 0;
3877
	kr = _vprocmgr_getsocket(sockpath);
3878
	if (kr != BOOTSTRAP_SUCCESS) {
3879
		launchctl_log(LOG_ERR, "_vprocmgr_getsocket(): %u", kr);
3880
		return 1;
3881
	}
3882

3883
	setenv(LAUNCHD_SOCKET_ENV, sockpath, 1);
3884
	setenv(LAUNCH_ENV_KEEPCONTEXT, "1", 1);
3885
	if (fwexec((const char *const *)argv + 2, NULL) == -1) {
3886
		launchctl_log(LOG_ERR, "Couldn't spawn command: %s", argv[2]);
3887
		return 1;
3888
	}
3889

3890
	return 0;
3891
}
3892

3893
void
3894
loopback_setup_ipv4(void)
3895
{
3896
	struct ifaliasreq ifra;
3897
	struct ifreq ifr;
3898
	int s;
3899

3900
	memset(&ifr, 0, sizeof(ifr));
3901
	strcpy(ifr.ifr_name, "lo0");
3902

3903
	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
3904
		return;
3905

3906
	if (posix_assumes_zero(ioctl(s, SIOCGIFFLAGS, &ifr)) != -1) {
3907
		ifr.ifr_flags |= IFF_UP;
3908
		(void)posix_assumes_zero(ioctl(s, SIOCSIFFLAGS, &ifr));
3909
	}
3910

3911
	memset(&ifra, 0, sizeof(ifra));
3912
	strcpy(ifra.ifra_name, "lo0");
3913
	((struct sockaddr_in *)&ifra.ifra_addr)->sin_family = AF_INET;
3914
	((struct sockaddr_in *)&ifra.ifra_addr)->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
3915
	((struct sockaddr_in *)&ifra.ifra_addr)->sin_len = sizeof(struct sockaddr_in);
3916
	((struct sockaddr_in *)&ifra.ifra_mask)->sin_family = AF_INET;
3917
	((struct sockaddr_in *)&ifra.ifra_mask)->sin_addr.s_addr = htonl(IN_CLASSA_NET);
3918
	((struct sockaddr_in *)&ifra.ifra_mask)->sin_len = sizeof(struct sockaddr_in);
3919

3920
	(void)posix_assumes_zero(ioctl(s, SIOCAIFADDR, &ifra));
3921
	(void)close(s);
3922
}
3923

3924
void
3925
loopback_setup_ipv6(void)
3926
{
3927
	struct in6_aliasreq ifra6;
3928
	struct ifreq ifr;
3929
	int s6;
3930

3931
	memset(&ifr, 0, sizeof(ifr));
3932
	strcpy(ifr.ifr_name, "lo0");
3933

3934
	if ((s6 = socket(AF_INET6, SOCK_DGRAM, 0)) == -1)
3935
		return;
3936

3937
	memset(&ifr, 0, sizeof(ifr));
3938
	strcpy(ifr.ifr_name, "lo0");
3939

3940
	if (posix_assumes_zero(ioctl(s6, SIOCGIFFLAGS, &ifr)) != -1) {
3941
		ifr.ifr_flags |= IFF_UP;
3942
		(void)posix_assumes_zero(ioctl(s6, SIOCSIFFLAGS, &ifr));
3943
	}
3944

3945
	memset(&ifra6, 0, sizeof(ifra6));
3946
	strcpy(ifra6.ifra_name, "lo0");
3947

3948
	ifra6.ifra_addr.sin6_family = AF_INET6;
3949
	ifra6.ifra_addr.sin6_addr = in6addr_loopback;
3950
	ifra6.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
3951
	ifra6.ifra_prefixmask.sin6_family = AF_INET6;
3952
	memset(&ifra6.ifra_prefixmask.sin6_addr, 0xff, sizeof(struct in6_addr));
3953
	ifra6.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
3954
	ifra6.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
3955
	ifra6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
3956

3957
	if (ioctl(s6, SIOCAIFADDR_IN6, &ifra6) == -1 && errno != EEXIST) {
3958
		(void)os_assumes_zero(errno);
3959
	}
3960

3961
	(void)close(s6);
3962
}
3963

3964
pid_t
3965
fwexec(const char *const *argv, int *wstatus)
3966
{
3967
	int wstatus2;
3968
	pid_t p;
3969

3970
	/* We'd use posix_spawnp(), but we want to workaround: 6288899 */
3971
	if ((p = vfork()) == -1) {
3972
		return -1;
3973
	} else if (p == 0) {
3974
		execvp(argv[0], (char *const *)argv);
3975
		_exit(EXIT_FAILURE);
3976
	}
3977

3978
	if (waitpid(p, wstatus ? wstatus : &wstatus2, 0) == -1) {
3979
		return -1;
3980
	}
3981

3982
	if (wstatus) {
3983
		return p;
3984
	} else if (WIFEXITED(wstatus2) && WEXITSTATUS(wstatus2) == EXIT_SUCCESS) {
3985
		return p;
3986
	}
3987

3988
	return -1;
3989
}
3990

3991
void
3992
do_potential_fsck(void)
3993
{
3994
	/* XXX: This whole function's logic needs to be redone. */
3995

3996
	const char *safe_fsck_tool[] = { "fsck", "-fy", NULL };
3997
	const char *fsck_tool[] = { "fsck", "-q", NULL };
3998
	const char *remount_tool[] = { "mount", "-uw", "/", NULL };
3999
#if TARGET_OS_EMBEDDED
4000
	const char *nvram_tool[] = { "/usr/sbin/nvram", "auto-boot=false", NULL };
4001
#endif /* TARGET_OS_EMBEDDED */
4002
	struct statfs sfs;
4003
	int status = 0;
4004

4005
	if (posix_assumes_zero(statfs("/", &sfs)) == -1) {
4006
		return;
4007
	}
4008

4009
	if (!(sfs.f_flags & MNT_RDONLY)) {
4010
		return;
4011
	}
4012

4013
	if (!is_safeboot()) {
4014
#if 0
4015
		/* We have disabled this block for now. We need to revisit this optimization after Leopard. */
4016
		if (sfs.f_flags & MNT_JOURNALED) {
4017
			goto out;
4018
		}
4019
#endif
4020
		launchctl_log(LOG_NOTICE, "Running fsck on the boot volume...");
4021
		if (fwexec(fsck_tool, &status) != -1) {
4022
			if (WEXITSTATUS(status) != 0) {
4023
				launchctl_log(LOG_NOTICE, "fsck exited with status: %d", WEXITSTATUS(status));
4024
			} else {
4025
				goto out;
4026
			}
4027
		} else {
4028
			launchctl_log(LOG_NOTICE, "fwexec(): %d: %s", errno, strerror(errno));
4029
		}
4030
	}
4031

4032
	launchctl_log(LOG_NOTICE, "Running safe fsck on the boot volume...");
4033
	if (fwexec(safe_fsck_tool, &status) != -1) {
4034
		if (WEXITSTATUS(status) != 0) {
4035
			launchctl_log(LOG_NOTICE, "Safe fsck exited with status: %d", WEXITSTATUS(status));
4036
		} else {
4037
			goto out;
4038
		}
4039
	} else {
4040
		launchctl_log(LOG_NOTICE, "fwexec(): %d: %s", errno, strerror(errno));
4041
	}
4042

4043
	/* someday, we should keep booting read-only, but as of today, other sub-systems cannot handle that scenario */
4044
#if TARGET_OS_EMBEDDED
4045
	launchctl_log(LOG_NOTICE, "fsck failed! Booting into restore mode...");
4046
	(void)posix_assumes_zero(fwexec(nvram_tool, NULL));
4047
	(void)reboot(RB_AUTOBOOT);
4048
#else
4049
	launchctl_log(LOG_NOTICE, "fsck failed! Shutting down in 3 seconds.");
4050
	sleep(3);
4051
	(void)reboot(RB_HALT);
4052
#endif
4053

4054
	return;
4055
out:
4056

4057
#if TARGET_OS_EMBEDDED
4058
	/* Once we've validated the root filesystem, kick off any
4059
	 * tasks needed for data protection before we mount other file
4060
	 * systems.
4061
	 */
4062
	init_data_protection();
4063
#endif
4064

4065
	/*
4066
	 * Once this is fixed:
4067
	 *
4068
	 * <rdar://problem/3948774> Mount flag updates should be possible with NULL as the forth argument to mount()
4069
	 *
4070
	 * We can then do this one system call instead of calling out a full blown process.
4071
	 *
4072
	 * assumes(mount(sfs.f_fstypename, "/", MNT_UPDATE, NULL) != -1);
4073
	 */
4074
#if TARGET_OS_EMBEDDED
4075
	if (path_check("/etc/fstab")) {
4076
		const char *mount_tool[] = { "mount", "-vat", "nonfs", NULL };
4077
		if (posix_assumes_zero(fwexec(mount_tool, NULL)) == -1) {
4078
			(void)fwexec(nvram_tool, NULL);
4079
			(void)reboot(RB_AUTOBOOT);
4080
		}
4081
	} else
4082
#endif
4083
	{
4084
		(void)posix_assumes_zero(fwexec(remount_tool, NULL));
4085
	}
4086

4087
	fix_bogus_file_metadata();
4088
}
4089

4090
void
4091
fix_bogus_file_metadata(void)
4092
{
4093
	// Don't do any of this on embedded: <rdar://problem/13212363>
4094
#if !TARGET_OS_EMBEDDED
4095
	static const struct {
4096
		const char *path;
4097
		const uid_t owner;
4098
		const gid_t group;
4099
		const mode_t needed_bits;
4100
		const mode_t bad_bits;
4101
		const bool create;
4102
	} f[] = {
4103
		{ "/sbin/launchd", 0, 0, S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH, S_ISUID|S_ISGID|S_ISVTX|S_IWOTH, false },
4104
		{ _PATH_TMP, 0, 0, S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO, S_ISUID|S_ISGID, true },
4105
		{ _PATH_VARTMP, 0, 0, S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO, S_ISUID|S_ISGID, true },
4106
		{ "/var/folders", 0, 0, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH, S_ISUID | S_ISGID, true },
4107
		{ LAUNCHD_DB_PREFIX, 0, 0, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH, S_IWGRP | S_IWOTH, true },
4108
		{ LAUNCHD_DB_PREFIX "/com.apple.launchd", 0, 0, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH, S_IWGRP | S_IWOTH, true },
4109
		// Fixing <rdar://problem/7571633>.
4110
		{ _PATH_VARDB, 0, 0, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH, S_IWGRP | S_IWOTH | S_ISUID | S_ISGID, true },
4111
		{ _PATH_VARDB "mds/", 0, 0, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH, S_IWGRP | S_IWOTH | S_ISUID | S_ISGID, true },
4112
		// Similar fix for <rdar://problem/6550172>.
4113
		{ "/Library/StartupItems", 0, 0, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH, S_IWGRP | S_IWOTH | S_ISUID | S_ISGID, true },
4114
	};
4115
	struct stat sb;
4116
	size_t i;
4117

4118
	for (i = 0; i < (sizeof(f) / sizeof(f[0])); i++) {
4119
		mode_t i_needed_bits;
4120
		mode_t i_bad_bits;
4121
		bool fix_mode = false;
4122
		bool fix_id = false;
4123

4124
		if (stat(f[i].path, &sb) == -1) {
4125
			launchctl_log(LOG_NOTICE, "Crucial filesystem check: Path not present: %s. %s", f[i].path, f[i].create ? "Will create." : "");
4126
			if (f[i].create) {
4127
				if (posix_assumes_zero(mkdir(f[i].path, f[i].needed_bits)) == -1) {
4128
					continue;
4129
				} else if (posix_assumes_zero(stat(f[i].path, &sb)) == -1) {
4130
					continue;
4131
				}
4132
			} else {
4133
				continue;
4134
			}
4135
		}
4136

4137
		i_needed_bits = ~sb.st_mode & f[i].needed_bits;
4138
		i_bad_bits = sb.st_mode & f[i].bad_bits;
4139

4140
		if (i_bad_bits) {
4141
			launchctl_log(LOG_ERR, "Crucial filesystem check: Removing bogus mode bits 0%o on path: %s", i_bad_bits, f[i].path);
4142
			fix_mode = true;
4143
		}
4144
		if (i_needed_bits) {
4145
			launchctl_log(LOG_ERR, "Crucial filesystem check: Adding missing mode bits 0%o on path: %s", i_needed_bits, f[i].path);
4146
			fix_mode = true;
4147
		}
4148
		if (sb.st_uid != f[i].owner) {
4149
			launchctl_log(LOG_ERR, "Crucial filesystem check: Fixing bogus UID %u on path: %s", sb.st_uid, f[i].path);
4150
			fix_id = true;
4151
		}
4152
		if (sb.st_gid != f[i].group) {
4153
			launchctl_log(LOG_ERR, "Crucial filesystem check: Fixing bogus GID %u on path: %s", sb.st_gid, f[i].path);
4154
			fix_id = true;
4155
		}
4156

4157
		if (fix_mode) {
4158
			(void)posix_assumes_zero(chmod(f[i].path, (sb.st_mode & ~i_bad_bits) | i_needed_bits));
4159
		}
4160
		if (fix_id) {
4161
			(void)posix_assumes_zero(chown(f[i].path, f[i].owner, f[i].group));
4162
		}
4163
	}
4164
#endif
4165
}
4166

4167

4168
bool
4169
path_check(const char *path)
4170
{
4171
	struct stat sb;
4172

4173
	if (stat(path, &sb) == 0)
4174
		return true;
4175
	return false;
4176
}
4177

4178
bool
4179
is_safeboot(void)
4180
{
4181
	int sbmib[] = { CTL_KERN, KERN_SAFEBOOT };
4182
	uint32_t sb = 0;
4183
	size_t sbsz = sizeof(sb);
4184

4185
	if (posix_assumes_zero(sysctl(sbmib, 2, &sb, &sbsz, NULL, 0)) == -1) {
4186
		return false;
4187
	}
4188

4189
	return (bool)sb;
4190
}
4191

4192
bool
4193
is_netboot(void)
4194
{
4195
	int nbmib[] = { CTL_KERN, KERN_NETBOOT };
4196
	uint32_t nb = 0;
4197
	size_t nbsz = sizeof(nb);
4198

4199
	if (posix_assumes_zero(sysctl(nbmib, 2, &nb, &nbsz, NULL, 0)) == -1) {
4200
		return false;
4201
	}
4202

4203
	return (bool)nb;
4204
}
4205

4206
void
4207
empty_dir(const char *thedir, struct stat *psb)
4208
{
4209
	struct dirent *de;
4210
	struct stat psb2;
4211
	DIR *od;
4212
	int currend_dir_fd;
4213

4214
	if (!psb) {
4215
		psb = &psb2;
4216
		if (posix_assumes_zero(lstat(thedir, psb)) == -1) {
4217
			return;
4218
		}
4219
	}
4220

4221
	if (posix_assumes_zero(currend_dir_fd = open(".", 0)) == -1) {
4222
		return;
4223
	}
4224

4225
	if (posix_assumes_zero(chdir(thedir)) == -1) {
4226
		goto out;
4227
	}
4228

4229
	if (!(od = opendir("."))) {
4230
		(void)os_assumes_zero(errno);
4231
		goto out;
4232
	}
4233

4234
	while ((de = readdir(od))) {
4235
		struct stat sb;
4236

4237
		if (strcmp(de->d_name, ".") == 0) {
4238
			continue;
4239
		}
4240

4241
		if (strcmp(de->d_name, "..") == 0) {
4242
			continue;
4243
		}
4244

4245
		if (posix_assumes_zero(lstat(de->d_name, &sb)) == -1) {
4246
			continue;
4247
		}
4248

4249
		if (psb->st_dev != sb.st_dev) {
4250
			(void)posix_assumes_zero(unmount(de->d_name, MNT_FORCE));
4251

4252
			/* Let's lstat() again to see if the unmount() worked and what was
4253
			 * under it.
4254
			 */
4255
			if (posix_assumes_zero(lstat(de->d_name, &sb)) == -1) {
4256
				continue;
4257
			}
4258

4259
			if (os_assumes(psb->st_dev == sb.st_dev)) {
4260
				continue;
4261
			}
4262
		}
4263

4264
		if (S_ISDIR(sb.st_mode)) {
4265
			empty_dir(de->d_name, &sb);
4266
		}
4267

4268
		(void)posix_assumes_zero(lchflags(de->d_name, 0));
4269
		(void)posix_assumes_zero(remove(de->d_name));
4270
	}
4271

4272
	(void)closedir(od);
4273

4274
out:
4275
	(void)posix_assumes_zero(fchdir(currend_dir_fd));
4276
	(void)posix_assumes_zero(close(currend_dir_fd));
4277
}
4278

4279
int
4280
touch_file(const char *path, mode_t m)
4281
{
4282
	int fd = open(path, O_CREAT, m);
4283

4284
	if (fd == -1)
4285
		return -1;
4286

4287
	return close(fd);
4288
}
4289

4290
void
4291
apply_sysctls_from_file(const char *thefile)
4292
{
4293
	const char *sysctl_tool[] = { "sysctl", "-w", NULL, NULL };
4294
	size_t ln_len = 0;
4295
	char *val, *tmpstr;
4296
	FILE *sf;
4297

4298
	if (!(sf = fopen(thefile, "r")))
4299
		return;
4300

4301
	while ((val = fgetln(sf, &ln_len))) {
4302
		if (ln_len == 0) {
4303
			continue;
4304
		}
4305
		if (!(tmpstr = malloc(ln_len + 1))) {
4306
			(void)os_assumes_zero(errno);
4307
			continue;
4308
		}
4309
		memcpy(tmpstr, val, ln_len);
4310
		tmpstr[ln_len] = 0;
4311
		val = tmpstr;
4312

4313
		if (val[ln_len - 1] == '\n' || val[ln_len - 1] == '\r') {
4314
			val[ln_len - 1] = '\0';
4315
		}
4316

4317
		while (*val && isspace(*val))
4318
			val++;
4319
		if (*val == '\0' || *val == '#') {
4320
			goto skip_sysctl_tool;
4321
		}
4322
		sysctl_tool[2] = val;
4323
		(void)posix_assumes_zero(fwexec(sysctl_tool, NULL));
4324
skip_sysctl_tool:
4325
		free(tmpstr);
4326
	}
4327

4328
	(void)fclose(sf);
4329
}
4330

4331
static CFStringRef
4332
copySystemBuildVersion(void)
4333
{
4334
    CFStringRef build = NULL;
4335
    const char path[] = "/System/Library/CoreServices/SystemVersion.plist";
4336
    CFURLRef plistURL = CFURLCreateFromFileSystemRepresentation(kCFAllocatorSystemDefault, (const uint8_t *)path, sizeof(path) - 1, false);
4337

4338
	CFPropertyListRef plist = NULL;
4339
    if (plistURL && (plist = CFPropertyListCreateFromFile(plistURL))) {
4340
		if (CFTypeCheck(plist, CFDictionary)) {
4341
			build = (CFStringRef)CFDictionaryGetValue((CFDictionaryRef)plist, _kCFSystemVersionBuildVersionKey);
4342
			if (build && CFTypeCheck(build, CFString)) {
4343
				CFRetain(build);
4344
			} else {
4345
				build = CFSTR("99Z999");
4346
			}
4347
		}
4348

4349
		CFRelease(plist);
4350
    } else {
4351
		build = CFSTR("99Z999");
4352
	}
4353

4354
	if (plistURL) {
4355
		CFRelease(plistURL);
4356
	}
4357

4358
    return build;
4359
}
4360

4361
void
4362
do_sysversion_sysctl(void)
4363
{
4364
	int mib[] = { CTL_KERN, KERN_OSVERSION };
4365
	CFStringRef buildvers;
4366
	char buf[1024];
4367
	size_t bufsz = sizeof(buf);
4368

4369
	/* <rdar://problem/4477682> ER: launchd should set kern.osversion very early in boot */
4370

4371
	if (sysctl(mib, 2, buf, &bufsz, NULL, 0) == -1) {
4372
		launchctl_log(LOG_ERR, "sysctl(): %s", strerror(errno));
4373
		return;
4374
	}
4375

4376
	if (buf[0] != '\0') {
4377
		return;
4378
	}
4379

4380
	buildvers = copySystemBuildVersion();
4381
	if (buildvers) {
4382
		CFStringGetCString(buildvers, buf, sizeof(buf), kCFStringEncodingUTF8);
4383
		(void)posix_assumes_zero(sysctl(mib, 2, NULL, 0, buf, strlen(buf) + 1));
4384
	}
4385

4386
	CFRelease(buildvers);
4387
}
4388

4389
void
4390
do_application_firewall_magic(int sfd, launch_data_t thejob)
4391
{
4392
	const char *prog = NULL, *partialprog = NULL;
4393
	char *path, *pathtmp, **pathstmp;
4394
	char *paths[100];
4395
	launch_data_t tmp;
4396

4397
	/*
4398
	 * Sigh...
4399
	 * <rdar://problem/4684434> setsockopt() with the executable path as the argument
4400
	 */
4401

4402
	if ((tmp = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_PROGRAM))) {
4403
		prog = launch_data_get_string(tmp);
4404
	}
4405

4406
	if (!prog) {
4407
		if ((tmp = launch_data_dict_lookup(thejob, LAUNCH_JOBKEY_PROGRAMARGUMENTS))) {
4408
			if ((tmp = launch_data_array_get_index(tmp, 0))) {
4409
				if ((partialprog = launch_data_get_string(tmp))) {
4410
					if (partialprog[0] == '/') {
4411
						prog = partialprog;
4412
					}
4413
				}
4414
			}
4415
		}
4416
	}
4417

4418
	if (!prog) {
4419
		pathtmp = path = strdup(getenv("PATH"));
4420

4421
		pathstmp = paths;
4422

4423
		while ((*pathstmp = strsep(&pathtmp, ":"))) {
4424
			if (**pathstmp != '\0') {
4425
				pathstmp++;
4426
			}
4427
		}
4428

4429
		free(path);
4430
		pathtmp = alloca(MAXPATHLEN);
4431

4432
		pathstmp = paths;
4433

4434
		for (; *pathstmp; pathstmp++) {
4435
			snprintf(pathtmp, MAXPATHLEN, "%s/%s", *pathstmp, partialprog);
4436
			if (path_check(pathtmp)) {
4437
				prog = pathtmp;
4438
				break;
4439
			}
4440
		}
4441
	}
4442

4443
	if (prog != NULL) {
4444
		/* The networking team has asked us to ignore the failure of this API if
4445
		 * errno == ENOPROTOOPT.
4446
		 */
4447
		if (setsockopt(sfd, SOL_SOCKET, SO_EXECPATH, prog, (socklen_t)(strlen(prog) + 1)) == -1 && errno != ENOPROTOOPT) {
4448
			(void)os_assumes_zero(errno);
4449
		}
4450
	}
4451
}
4452

4453

4454
void
4455
preheat_page_cache_hack(void)
4456
{
4457
	struct dirent *de;
4458
	DIR *thedir;
4459

4460
	/* Disable this hack for now */
4461
	return;
4462

4463
	if ((thedir = opendir("/etc/preheat_at_boot")) == NULL) {
4464
		return;
4465
	}
4466

4467
	while ((de = readdir(thedir))) {
4468
		struct stat sb;
4469
		void *junkbuf;
4470
		int fd;
4471

4472
		if (de->d_name[0] == '.') {
4473
			continue;
4474
		}
4475

4476
		if ((fd = open(de->d_name, O_RDONLY)) == -1) {
4477
			continue;
4478
		}
4479

4480
		if (fstat(fd, &sb) != -1) {
4481
			if ((sb.st_size < 10*1024*1024) && (junkbuf = malloc((size_t)sb.st_size)) != NULL) {
4482
				ssize_t n = read(fd, junkbuf, (size_t)sb.st_size);
4483
				if (posix_assumes_zero(n) != -1 && n != (ssize_t)sb.st_size) {
4484
					(void)os_assumes_zero(n);
4485
				}
4486
				free(junkbuf);
4487
			}
4488
		}
4489

4490
		close(fd);
4491
	}
4492

4493
	closedir(thedir);
4494
}
4495

4496
void
4497
do_bootroot_magic(void)
4498
{
4499
	const char *kextcache_tool[] = { "kextcache", "-U", "/", NULL };
4500
	CFTypeRef bootrootProp;
4501
	io_service_t chosen;
4502
	int wstatus;
4503
	pid_t p;
4504

4505
	chosen = IORegistryEntryFromPath(kIOMasterPortDefault, "IODeviceTree:/chosen");
4506

4507
	if (!os_assumes(chosen)) {
4508
		return;
4509
	}
4510

4511
	bootrootProp = IORegistryEntryCreateCFProperty(chosen, CFSTR(kBootRootActiveKey), kCFAllocatorDefault, 0);
4512

4513
	IOObjectRelease(chosen);
4514

4515
	if (!bootrootProp) {
4516
		return;
4517
	}
4518

4519
	CFRelease(bootrootProp);
4520

4521
	if (posix_assumes_zero(p = fwexec(kextcache_tool, &wstatus)) == -1) {
4522
		return;
4523
	}
4524

4525
	if (WIFEXITED(wstatus) && WEXITSTATUS(wstatus) == EX_OSFILE) {
4526
		(void)reboot(RB_AUTOBOOT);
4527
	}
4528
}
4529

4530
void
4531
do_file_init(void)
4532
{
4533
	struct stat sb;
4534

4535
	if (stat("/AppleInternal", &sb) == 0 && stat("/var/db/disableAppleInternal", &sb) == -1) {
4536
		_launchctl_apple_internal = true;
4537
	}
4538

4539
	char bootargs[128];
4540
	size_t len = sizeof(bootargs);
4541
	int r = sysctlbyname("kern.bootargs", bootargs, &len, NULL, 0);
4542
	if (r == 0 && (strnstr(bootargs, "-v", len) != NULL || strnstr(bootargs, "-s", len))) {
4543
		_launchctl_verbose_boot = true;
4544
	}
4545

4546
	if (stat("/var/db/.launchd_shutdown_debugging", &sb) == 0 && _launchctl_verbose_boot) {
4547
		_launchctl_startup_debugging = true;
4548
	}
4549
}
4550

4551