Mountain Lion Privileged Helper Daemon status

3
votes

I'm building an app for 10.8+ which among other things has to patch files. Because of this functionality I have created a "PrivilegedHelperTool" and installed as KeepLive = YES RunAtLoad = YES (so it's always running). I also use XPC over mach for communication to a GUI app (menubar)

I'd like to be able to check if the "PrivilegedHelperTool" is installed, and running and so far the best way to check installation i've found is look for the plist in /Library/LaunchDaemons/ and check the binary is in /Library/PrivilegedHelperTools .

Is this really the best way?

Also I have found no reliable way to check if the PrivilegedHelperTool(running as root) without already being root (eg. sudo launchctl list)

I added a wrapper which uses launch.h (/usr/include/launch.h) http://brockerhoff.net/blog/2009/02/02/cocoa-musings-pt-3/ but it only returns user processes and getting the end user to escalate privileges just to check some "plugin" is running seems wrong.

Is it true that the best I can hope for is trying to talk to my service and if its not responding assume it's "damaged or not running"? ( http://mac-os-forge.2317878.n4.nabble.com/Programmatic-interface-to-launchctl-and-some-other-questions-OS-X-10-5-tp189494p189496.html )

2
objective-ccocoaosx-lionmacos-carbonlaunchd
Follow up from Apple here devforums.apple.com/message/731960#731960 - drunknbass
It might not be the best solution, but the easiest I can think of. Since you already have messaging, why not use that one? You message the daemon and the daemon returns the information (uid_t, whatever) you need. If it's not running, there won't be a reply from the daemon. Also, if you don't want to rely on messaging to know if it's running, maybe the source code of ps might help you. - YllierDev
Id like to have finer grain control than "release the carrier pidgin and hope it returns". Daemon might not be running (unlikely) Daemon might be running but deleted (maybe edge case?) etc. I'd much rather know a daemon was not running and request sudo for starting it vs. assuming the worst and reinstalling it at the first sign of trouble (XPC message not responded to) - drunknbass
So this is not true "Also I have found no reliable way to check if the PrivilegedHelperTool(running as root) without already being root (eg. sudo launchctl list)" My error was partially because i was reading the pipe too early and missed a bunch and because when i debugging this plugin/daemon was set as OnDemand = YES (and not always running when I was on the cli) ps and parsing the output is dirty but should be sufficient. - drunknbass
Apple replied on their developer forums with some more details. devforums.apple.com/message/732894#732894 (need apple dev account) - drunknbass

2 Answers

0
votes

when you install the background helper daemon, you need to be root. So either your installer does the job of installing the daemon with appropriate privileges or when you launch the application, you ask the user to authorize himself as administrator so you can install the daemon on the fly.

This is a code snippet to become root out of an application. it will prompt the user with the normal username/password dialogbox you see also when installing something from a pkg.

OSStatus myStatus;
uid_t   uid = -1;
AuthorizationRights myRights;
AuthorizationFlags myFlags;
AuthorizationItem myItems[1];


uid = geteuid();
if(uid != 0)
{
    myItems[0].name = "com.whatever";
    myItems[0].valueLength = 0;
    myItems[0].value = NULL;
    myItems[0].flags = 0;
    myRights.count = sizeof (myItems) / sizeof (myItems[0]);
    myRights.items = myItems;
    myFlags = kAuthorizationFlagDefaults |
        kAuthorizationFlagInteractionAllowed |
        kAuthorizationFlagExtendRights |
        kAuthorizationFlagPartialRights;
    myStatus = AuthorizationCreate (&myRights, kAuthorizationEmptyEnvironment,myFlags,NULL);
}
0
votes

You can use sysctl to get all running process. Have a look at my answer.