Recent

Author Topic: [SOLVED] How to run SMJobBless - Elevated Privileges Helper (root access)  (Read 531 times)

Hansaplast

  • Hero Member
  • *****
  • Posts: 535
  • Tweaking4All.com
    • Tweaking4All
I have been tinkering with this for a very very long time and finally got things to work. After all I'm no expert - so suggestions and ideas are most welcome.

I though I'd share my findings here. I've made a full description, an example project, and organized tons of details and information, which be all can found on website in English and Dutch.

I've attached my example project here as well.


The steps to reproduce this are quite extensive, so this is only a minimal recap:


Note: I've been using CFMessages to send messages to the Helper Tool since I had no bindings for NSXPCConnection, and creating my own went a little over my head (ideas and suggestions are welcome!).


The Helper Tool has to be based on the Lazarus Pascal template "program" or "simple program", and cannot based on any of the TApplication classes, and cannot create any treads (the Helper Tool will crash if any threads or GUI elements are being accessed). So Application, Console Application, Daemons, etc - none of these will work.
For the Helper Tool, one needs to create a info.plist and a launchd.plist, which both must be embedded into the binary (see one of my earlier posts).

The Main (test) Application can be any Lazarus Pascal application, but needs a proper Info.plist as well, indicating that the Helper Tool is allowed to start with elevated privileges.
The plists files are pretty picky when it comes to signing criteria in the plist.
The Helper Tool and the application app bundle both need to be signed with a valid Apple Developer ID.


Some missing bindings need to be put in place:


Code: Pascal  [Select]
  1. const  kSMRightBlessPrivilegedHelper = 'com.apple.ServiceManagement.blesshelper';
  2. function SMJobBless(domain:CFStringRef; executableLabel:CFStringRef; auth:AuthorizationRef; outError:CFErrorRef): boolean; external name '_SMJobBless'; mwpascal;
  3. var kSMDomainSystemLaunchd: CFStringRef; external name '_kSMDomainSystemLaunchd';


And the proper frameworks needs to be included:


Code: Pascal  [Select]
  1. {$linkframework ServiceManagement}
  2. {$linkframework Security}
  3. {$linkframework Foundation}
  4. {$linkframework CoreFoundation}
  5. {$calling mwpascal}


And let's not forget to set callback function to handle incoming messages.


I've also made a simple representation of the steps in a diagram, ...
I hope this is useful to someone ...  :)