scheduler/cups-exec.c

   1 /*
   2  * "$Id$"
   3  *
   4  *   Sandbox helper for CUPS.
   5  *
   6  *   Copyright 2007-2011 by Apple Inc.
   7  *
   8  *   These coded instructions, statements, and computer programs are the
   9  *   property of Apple Inc. and are protected by Federal copyright
  10  *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
  11  *   which should have been included with this file.  If this file is
  12  *   file is missing or damaged, see the license at "http://www.cups.org/".
  13  *
  14  * Usage:
  15  *
  16  *     cups-exec /path/to/profile /path/to/program argv0 argv1 ... argvN
  17  *
  18  * Contents:
  19  *
  20  *   main() - Apply sandbox profile and execute program.
  21  */
  22
  23 /*
  24  * Include necessary headers...
  25  */
  26
  27 #include <cups/string-private.h>
  28 #include <unistd.h>
  29 #ifdef HAVE_SANDBOX_H
  30 #  define __APPLE_API_PRIVATE
  31 #  include <sandbox.h>
  32 #endif /* HAVE_SANDBOX_H */
  33
  34
  35 /*
  36  * 'main()' - Apply sandbox profile and execute program.
  37  */
  38
  39 int                                     /* O - Exit status */
  40 main(int  argc,                         /* I - Number of command-line args */
  41      char *argv[])                      /* I - Command-line arguments */
  42 {
  43   int   i;                              /* Looping var */
  44 #ifdef HAVE_SANDBOX_H
  45   char  *sandbox_error = NULL;          /* Sandbox error, if any */
  46 #endif /* HAVE_SANDBOX_H */
  47
  48
  49  /*
  50   * Check that we have enough arguments...
  51   */
  52
  53   if (argc < 4)
  54   {
  55     puts("Usage: cups-exec /path/to/profile /path/to/program argv0 argv1 ... "
  56          "argvN");
  57     return (1);
  58   }
  59
  60 #ifdef HAVE_SANDBOX_H
  61  /*
  62   * Run in a separate security profile...
  63   */
  64
  65   if (strcmp(argv[1], "none") &&
  66       sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error))
  67   {
  68     fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error,
  69             strerror(errno));
  70     sandbox_free_error(sandbox_error);
  71     return (1);
  72   }
  73 #endif /* HAVE_SANDBOX_H */
  74
  75  /*
  76   * Close file descriptors we don't need (insurance):
  77   *
  78   * 0   = stdin
  79   * 1   = stdout
  80   * 2   = stderr
  81   * 3   = back-channel
  82   * 4   = side-channel
  83   * 5-N = unused
  84   */
  85
  86   for (i = 5; i < 1024; i ++)
  87     close(i);
  88
  89  /*
  90   * Execute the program...
  91   */
  92
  93   execv(argv[2], argv + 3);
  94
  95  /*
  96   * If we get here, execv() failed...
  97   */
  98
  99   fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno));
 100   return (1);
 101 }
 102
 103
 104 /*
 105  * End of "$Id$".
 106  */