task_for_pid fails with os/kern failure even with system.privilege.taskport
task_for_pid fails with os/kern failure even with system.privilege.taskport
- Subject: task_for_pid fails with os/kern failure even with system.privilege.taskport
- From: Ben Staveley-Taylor <email@hidden>
- Date: Wed, 12 Oct 2011 17:33:58 +0100
I'm trying to use the task_for_pid() mach call. I've found several list posts and other items about the security requirements for this from 10.5 onwards and I believe I'm complying, but I just can't get it to work. Can anyone spot what I'm doing wrong?
Setup:
------
- Running on OS X 10.7.1
- I created a new Cocoa application with the code snippets shown below.
- Info.plist contains:
<key>SecTaskAccess</key>
<array>
<string>allowed</string>
<string>safe</string>
</array>
- The app is codesigned using a self-signed certificate.
Behaviour:
----------
- If I sudo-run the app's executable in Terminal (i.e. Test.app/Contents/MacOS/test) directly, it works
- If I do the same without sudo, I get the output:
system.privilege.taskport acquired
com.apple.TextEdit pid is 2475
Failed; machErr=(os/kern) failure (5)
- If I run the .app bundle by double-clicking in Finder, or in Terminal using "open Test.app" or "sudo open Test.app" it also fails in the same way.
So in the failure cases I'm told that I do have system.privilege.taskport rights, but task_for_pid() then fails. What vital step am I missing?
Many thanks if you can help,
Ben Staveley-Taylor
email@hidden
Code:
-----
ProcessSerialNumber psn;
// Get pid of TextEdit, assuming it is running
NSString *targetProcessBundle = @"com.apple.TextEdit";
if (FindPSNForBundleID(targetProcessBundle, &psn) == noErr) {
// I don't think this should be necessary, but done for verification
OSStatus osErr = AcquireTaskportRight();
if (osErr == noErr)
{
// Convert PSN to PID.
pid_t pid;
GetProcessPID( &psn, &pid );
NSLog(@"%@ pid is %d", targetProcessBundle, pid);
mach_port_t remoteTask = 0;
mach_error_t machErr = task_for_pid( mach_task_self(), pid, &remoteTask );
if (machErr == 0) {
NSLog(@"Success");
}
else {
const char *msg = mach_error_string(machErr);
NSLog(@"Failed; machErr=%s (%d)", msg, (int)machErr);
}
}
}
OSStatus AcquireTaskportRight() {
OSStatus stat = noErr;
AuthorizationItem taskport_item[] = {
{"system.privilege.taskport"},0,0,0
};
AuthorizationRights rights = {1, taskport_item}, *out_rights = NULL;
AuthorizationRef authRef;
AuthorizationFlags auth_flags = kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize;
stat = AuthorizationCreate (NULL, kAuthorizationEmptyEnvironment, auth_flags, &authRef);
if (stat == errAuthorizationSuccess) {
stat = AuthorizationCopyRights ( authRef, &rights, kAuthorizationEmptyEnvironment, auth_flags, &out_rights);
}
if (stat == errAuthorizationSuccess) {
NSLog(@"system.privilege.taskport acquired");
}
else {
NSLog(@"Failed to acquire system.privilege.taskport right. Error: %d", (int)stat);
}
return stat;
}
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden