]>
Commit | Line | Data |
---|---|---|
0268488e MS |
1 | /* |
2 | * "$Id$" | |
3 | * | |
4 | * Sandbox helper for CUPS. | |
5 | * | |
f3c17241 | 6 | * Copyright 2007-2012 by Apple Inc. |
0268488e MS |
7 | * |
8 | * These coded instructions, statements, and computer programs are the | |
9 | * property of Apple Inc. and are protected by Federal copyright | |
10 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
11 | * which should have been included with this file. If this file is | |
12 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
13 | * | |
14 | * Usage: | |
15 | * | |
16 | * cups-exec /path/to/profile /path/to/program argv0 argv1 ... argvN | |
17 | * | |
18 | * Contents: | |
19 | * | |
20 | * main() - Apply sandbox profile and execute program. | |
21 | */ | |
22 | ||
23 | /* | |
24 | * Include necessary headers... | |
25 | */ | |
26 | ||
27 | #include <cups/string-private.h> | |
28 | #include <unistd.h> | |
29 | #ifdef HAVE_SANDBOX_H | |
0268488e | 30 | # include <sandbox.h> |
a4845881 MS |
31 | # ifndef SANDBOX_NAMED_EXTERNAL |
32 | # define SANDBOX_NAMED_EXTERNAL 0x0003 | |
33 | # endif /* !SANDBOX_NAMED_EXTERNAL */ | |
0268488e MS |
34 | #endif /* HAVE_SANDBOX_H */ |
35 | ||
36 | ||
37 | /* | |
38 | * 'main()' - Apply sandbox profile and execute program. | |
39 | */ | |
40 | ||
41 | int /* O - Exit status */ | |
42 | main(int argc, /* I - Number of command-line args */ | |
43 | char *argv[]) /* I - Command-line arguments */ | |
44 | { | |
22c9029b | 45 | int i; /* Looping var */ |
0268488e MS |
46 | #ifdef HAVE_SANDBOX_H |
47 | char *sandbox_error = NULL; /* Sandbox error, if any */ | |
48 | #endif /* HAVE_SANDBOX_H */ | |
49 | ||
50 | ||
51 | /* | |
52 | * Check that we have enough arguments... | |
53 | */ | |
54 | ||
55 | if (argc < 4) | |
56 | { | |
57 | puts("Usage: cups-exec /path/to/profile /path/to/program argv0 argv1 ... " | |
58 | "argvN"); | |
59 | return (1); | |
60 | } | |
61 | ||
62 | #ifdef HAVE_SANDBOX_H | |
37e7e6e0 | 63 | # pragma GCC diagnostic ignored "-Wdeprecated-declarations" |
0268488e MS |
64 | /* |
65 | * Run in a separate security profile... | |
66 | */ | |
67 | ||
22c9029b MS |
68 | if (strcmp(argv[1], "none") && |
69 | sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error)) | |
0268488e MS |
70 | { |
71 | fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error, | |
72 | strerror(errno)); | |
73 | sandbox_free_error(sandbox_error); | |
74 | return (1); | |
75 | } | |
76 | #endif /* HAVE_SANDBOX_H */ | |
77 | ||
22c9029b MS |
78 | /* |
79 | * Close file descriptors we don't need (insurance): | |
80 | * | |
81 | * 0 = stdin | |
82 | * 1 = stdout | |
83 | * 2 = stderr | |
84 | * 3 = back-channel | |
85 | * 4 = side-channel | |
86 | * 5-N = unused | |
87 | */ | |
88 | ||
89 | for (i = 5; i < 1024; i ++) | |
90 | close(i); | |
91 | ||
0268488e MS |
92 | /* |
93 | * Execute the program... | |
94 | */ | |
95 | ||
96 | execv(argv[2], argv + 3); | |
97 | ||
98 | /* | |
99 | * If we get here, execv() failed... | |
100 | */ | |
101 | ||
102 | fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno)); | |
103 | return (1); | |
104 | } | |
105 | ||
106 | ||
107 | /* | |
108 | * End of "$Id$". | |
109 | */ |