SMJobSubmit()可以用于执行由SMJobBless安装的特权助手吗? [英] Can SMJobSubmit() be used to execute a privileged helper installed by SMJobBless?
问题描述
我一直在阅读文档和SMJobBless示例和互联网上的各种讨论。我的应用程序现在使用 SMJobBless()安装一个特权帮助器,但是帮助器根本不运行。
帮助器的整体目的是加载一个kext,一个重要的组件,我的应用程序,每当应用程序启动。我看到的例子表明,试图通过XPC连接到助手将启动助手,但我想保持我的帮助简单和愚蠢。
API文档有一个 SMJobSubmit()函数。它究竟做了什么?我可以使用它来启动之前由 SMJobBless()?安装的特权助手吗?
launchd 和服务管理框架周围的术语 - 例如,RunAtLoadplist选项控制在作业加载时启动一次。什么是加载和启动,它们如何与bless / install和submit相关?
p> SMJobBless将把你的工作添加到launchd的系统中。请参阅SMJobBless示例代码。
http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html
但是, launchd的整个目的是控制作业的启动方式和时间,默认情况下(在示例代码中)没有指定实际启动作业的时间,因此作业实际上不会启动。 / p>
Nathan de Vries写了一篇非常好的文章和示例代码,用于使用SBJobBless并使用XPC与特权作业进行通信。一个进口方的影响当然是,试图与launchd服务通信的行为将导致launchd实际启动您的服务,所以这将解决你的问题。
http://atnan.com/blog/ 2012/02/29 / modern-privileged-helper-tools-using-smjobbless-plus-xpc /
为了具体回答您的问题,SMJobSubmit可以执行特权助手。它需要我很长时间才能弄清楚,但两者之间的区别是,SMJobSubmit将允许您使用launchd运行一个可执行文件的权限,而SMJobBless将永久添加一个LaunchDaemon。
请注意,在这两种情况下,您必须SMJobRemove上一个,以确保一个新的
所以,我认为你需要:
- > SMJobRemove,SMJobSubmit每次启动应用程序时,每次提示用户进行身份验证。使用您建立的字典中的RunAtLoad属性来立即执行帮助程序。
或
- 使用Nathan的代码,XPC connect,询问它的版本号,如果没有更新,退出,然后SMJobRemove,SMJobBless一个新版本,然后XPC连接并请求安装你的kext。这样,用户只需对任何新版本进行身份验证。
I have been reading documentation and the SMJobBless example and various discussions on the Internet. My app now installs a privileged helper using SMJobBless(), but the helper doesn't run at all.
The whole purpose of the helper is to load a kext, an important component of my app, whenever the application starts. I have seen examples showing that trying to connect to the helper through XPC will launch the helper, but I would like to keep my helper simple and dumb.
The API doc shows that there is a SMJobSubmit() function. What exactly does it do? Can I use it to launch the privileged helper installed previously by SMJobBless()?
I'm confused by all the terms around launchd and the Service Management Framework - for example, the "RunAtLoad" plist option controls "whether your job is launched once at the time the job is loaded". What exactly is "load" and "launch", and how are they related to "bless/install" and "submit"?
SMJobBless will add your job to launchd's system. See the SMJobBless sample code for doing this.
http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html
However, the whole purpose of launchd is to control how and when the jobs are launched, and by default (in the sample code), there is no specification of actually when the job should be launched, so the job will in fact never be launched.
Nathan de Vries wrote a very good article and sample code for using SBJobBless and communicating with the privileged job using XPC. One import side affect is, of course, that the act of trying to communicate with the launchd service will cause launchd to actually start your service, so this would solve your problem.
http://atnan.com/blog/2012/02/29/modern-privileged-helper-tools-using-smjobbless-plus-xpc/
And to specifically answer your question, SMJobSubmit can execute a privileged helper. It took me a long time to figure out, but the difference between the two is that SMJobSubmit will let you run an executable with privileges using launchd, while SMJobBless will add a LaunchDaemon permanently. SMJobBless's installed executable will remain blessed, whereas SMJobSubmit will require you to re-authenticate each time.
Note that in both cases you must SMJobRemove the previous one to ensure that a new version is used.
So, I would think you need to either:
- SMJobRemove, SMJobSubmit each time you launch your application, prompting the user for authentication each time. Use the RunAtLoad property in the dictionary you built to have the helper execute immediately.
OR
- Use Nathan's code, XPC connect, ask it its version number, if its not update, have it quit, then SMJobRemove, SMJobBless a new version, then XPC connect and ask it to install your kext. That way the user only has to authenticate for any new version.
这篇关于SMJobSubmit()可以用于执行由SMJobBless安装的特权助手吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
