I recall there being a Cocoa framework or AppleScript dictionary to check if an Application bundle with a specific name is installed at all, anywhere on the computer.
How do I do this? Either Cocoa, AppleScript, or command line are useful to me.
You should use Launch Services to do this, specifically the function LSFindApplicationForInfo().
You use it like so:
#import <ApplicationServices/ApplicationServices.h>
CFURLRef appURL = NULL;
OSStatus result = LSFindApplicationForInfo (
kLSUnknownCreator, //creator codes are dead, so we don't care about it
CFSTR("com.apple.Safari"), //you can use the bundle ID here
NULL, //or the name of the app here (CFSTR("Safari.app"))
NULL, //this is used if you want an FSRef rather than a CFURLRef
&appURL
);
switch(result)
{
case noErr:
NSLog(#"the app's URL is: %#",appURL);
break;
case kLSApplicationNotFoundErr:
NSLog(#"app not found");
break;
default:
NSLog(#"an error occurred: %d",result);
break;
}
//the CFURLRef returned from the function is retained as per the docs so we must release it
if(appURL)
CFRelease(appURL);
From the command line this seems to do it:
> mdfind 'kMDItemContentType == "com.apple.application-bundle" && kMDItemFSName = "Google Chrome.app"'
You can also use lsregister.
on doesAppExist(appName)
if (do shell script "/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump | grep com.apple.Safari") ¬
contains "com.apple.Safari" then return true
end appExists
That's pretty fast and you can do it from other languages like Python quite easily. You would want to play around with what you grep to make it most efficient.
Related
IOCreatePlugInInterfaceForService failed w/ kIOReturnNoResources/0xe00002be
I am rewriting old FireWire based command line utility into XPCService. I need some help about an IOKit function.
Following part is to get IOCFPlugInInterface for FireWireAVCLibUnit.(almost same as original code; basic idea comes from legacy simpleAVC samplecode).
When I call IOCreatePlugInInterfaceForService() in the XPCService, it always failed returning 0xe00002be = kIOReturnNoResources in IOReturn.h.
I have confirmed no sandbox, no hardened for the XPC Service.
Original command line utility works perfectly on macOS 10.14 though, would you someone give me a hint on this topic?
CFDictionaryRef dict = CFDictionaryCreateCopy(kCFAllocatorDefault, self.dict);
kern_return_t result = IOServiceGetMatchingServices(kIOMasterPortDefault, dict, &serviceIterator);
if (result == KERN_SUCCESS && serviceIterator != IO_OBJECT_NULL) {
while ((service = IOIteratorNext(serviceIterator)) != IO_OBJECT_NULL) {
SInt32 score = 0;
kern_return_t result = IOCreatePlugInInterfaceForService(service,
kIOFireWireAVCLibUnitTypeID,
kIOCFPlugInInterfaceID,
&interface,
&score);
if (result != KERN_SUCCESS) continue;
// result 0xe00002be = kIOReturnNoResources in IOReturn.h
break;
}
}
Additional details
I have find IOCFPlugIn.c in opensource.apple.com. After basic verification,
- IOCreatePlugInInterfaceForService() failed to IOCFPlugIn->Start() .
(*iunknown)->QueryInterface(iunknown, CFUUIDGetUUIDBytes(interfaceType),
(LPVOID *)&interface);
<snip>
kr = (*interface)->Probe(interface, plist, service, &score);
<snip>
haveOne = (kIOReturnSuccess == (*interface)->Start(interface, plist, service));
Probe() returned kIOReturnSuccess though,
Start() failed w/ kIOReturnNoDevice = 0xe00002c0. and haveOne = false.
Finally IOCreatePlugInInterfaceForService() returned kIOReturnNoResources = 0xe00002be.
Is this related to some security feature on macOS?
MODIFIED
I have found hardened runtime with Camera access was rejected FireWireAVCLibUnit (tccd shows error).
Even if no sandbox, no hardened for the XPC Service in Xcode was checked, XPCservice is handled via sandbox. (macOS 10.14.6 + Xcode 10.3)
I would appreciate if you have an advice.
I have found the solution.
- Add NSCameraUsageDescription in Info.plist, and IOFireWireAVCUserClient will work.
- If sandboxed, com.apple.security.device.firewire is also required.
Even if capabilities-sandbox is off, tccd verify info.plist.
If “Privacy - Camera Usage Description” is not available, sandboxd reject to use IOFireWireAVCUserClient device.
Information Property List Key Reference/Cocoa Keys
I need to know if a specified directory (local or shared path with login credentials) has write permissions or not.
I am using GetFileAttributes but it always returns FILE_ATTRIBUTE_DIRECTORY and nothing else.
My code is something like below
if(storageLocation != "")
{
//! check if local storage - user name password would be empty
if(storageUsername == "" && storagePassword == "")
{
//! local storage
//! lets check whether the local path is a valid path or not
boost::filesystem::path fpath(storageUsername.c_str());
if(boost::filesystem::exists(fpath))
{
DWORD attrib = ::GetFileAttributes(storageLocation.c_str());
if((attrib != INVALID_FILE_ATTRIBUTES) &&
((attrib & FILE_ATTRIBUTE_READONLY) != FILE_ATTRIBUTE_READONLY))
{
string strWritePermission = "TRUE";
}
}
}
else
{
uncLocation_t uncLocation;
uncLocation.m_location = storageLocation;
uncLocation.m_username = storageUsername;
uncLocation.m_password = storagePassword;
if(0 == connectToUNCLocation(uncLocation)) // My function to connect to UNC location
{
//! successful connection
DWORD attrib = ::GetFileAttributes(storageLocation.c_str());
if((attrib != INVALID_FILE_ATTRIBUTES) &&
((attrib & FILE_ATTRIBUTE_READONLY) != FILE_ATTRIBUTE_READONLY))
{
string strWritePermission = "TRUE";
}
}
}
}
I don't understand why but GetFileAttributes always return 0x16.
I have tested it by creating a shared folder and creating 2 folders in it. One with read only permissions and other with default permissions. But in all 3 cases (shared folder, read only folder and default permission folder) I am getting same return value.
There is on way to find write permission, to create a temporary file (usinf CreateFile in GENERIC_WRITE mode) and if successfully created, delete it. But I don't want to use this method as I don't want my application to create a temporary file each time user specifies a location.
Please suggest what should be done.
You would need to replicate the security checking that Windows performs. The AccessCheck function will help that. You are currently well wide of the mark in looking at the file attributes. Windows security is so much more complicated than that.
Although you said you did not want to do it, the right solution is not to try to check. Simply do whatever it is you are attempting to do. If the system decides that the user does not have sufficient rights, then CreateFile will fail, and the last error will be set to ERROR_ACCESS_DENIED. There's no need for temporary files. You just try to do whatever it is you are doing, and let it fail. You have to handle failure anyway since there are many ways for a file operation to fail, not just security.
As the saying goes, it is better to ask forgiveness than permission.
I think you are looking for AccessCheck. FYI, this is not a C++ question, but a Windows API question.
This is my first time writing in Swift, Cocoa (have experience in Cocoa Touch), and using Authorization, so I honestly have no idea if I am even on the right track. I am trying to make a modification to the hosts file, which requires user authentication, but both the AuthorizationCreate and AuthorizationExecuteWithPrivileges methods are giving errors.
var authorizationRef:AuthorizationRef
var status:OSStatus
status = AuthorizationCreate(nil, environment:kAuthorizationEmptyEnvironment, flags:kAuthorizationFlagDefaults, authorization:&authorizationRef)
let overwrite_hosts = "echo \(hostsContents) > /private/etc/hosts"
let args = [overwrite_hosts.cStringUsingEncoding(NSUTF8StringEncoding)]
status = AuthorizationExecuteWithPrivileges(authorizationRef, pathToTool:"/bin/sh", options:kAuthorizationFlagDefaults, arguments:args, communicationsPipe:nil)
Me calling AuthorizationCreate is throwing "Type '()' does not conform to protocol 'AuthorizationRef'" and my call of AuthorizationExecuteWithPrivileges is throwing "Could not find an overload for '__conversion' that accepts the supplied arguments"
Any ideas? Am I approaching this incorrectly?
Thanks for any help!
I was able to figure out how to do it via AppleScript, but you should be able to do it using the Authorization method I was trying before, therefore leaving this question open. Anybody looking for a quick solution (no error checks implemented) you can use what I wrote below:
func doScriptWithAdmin(inScript:String) -> String{
let script = "do shell script \"\(inScript)\" with administrator privileges"
var appleScript = NSAppleScript(source: script)
var eventResult = appleScript.executeAndReturnError(nil)
if !eventResult {
return "ERROR"
}else{
return eventResult.stringValue
}
}
I want to create application that use admin password to run some scripts in bash. For example:
echo **pass** | sudo -S reboot
What is the best way to get it.
I looked this tutorial, and all of what I understood - it is how to run authorization window.
AuthorizationRef authRef= NULL;
AuthorizationItem right = { "com.my.app", 0, NULL, 0 };
AuthorizationRights rightSet = { 1, &right };
OSStatus status;
if (AuthorizationCreate(
NULL,
kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults,
&authRef) != errAuthorizationSuccess)
{
NSLog(#"Could not create authorization reference object.");
}
status = AuthorizationCopyRights(authRef, &rightSet, kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagExtendRights,
NULL);
Is there a way to get password after this steps?
Or all of this wrong - and exist another way?
Thanks!
You cannot (and should not) get the actual password. The OS doesn't even know what it is. This is on purpose. As you note, you should create a small helper program whose privileges you can escalate.
If at all possible, you should avoid the shell entirely. It is very fragile. It is much better to write a pure C/ObjC program that does just what you want and elevate its privileges.
I am using following code to fetch the path of the application. It works for all cases but fails for front row.
CFStringRef cfStrAppShortName = NULL;
FSRef appRef;
CFURLRef cfAppUrlRef = NULL;
CFBundleRef cfAppBundleRef = NULL;
CFDictionaryRef cfAppDictRef = NULL;
CFStringRef cfStrAppBundleName = NULL;
OSErr osErr;
cfStrAppShortName = CFSTR(Front Row);
if(cfStrAppShortName != NULL)
{
osErr = LSFindApplicationForInfo(kLSUnknownCreator,NULL,cfStrAppShortName,&appRef,NULL);
if(osErr == noErr)
{
cfAppUrlRef = CFURLCreateFromFSRef ( kCFAllocatorDefault, &appRef);
cfAppBundleRef = CFBundleCreate (kCFAllocatorDefault,cfAppUrlRef);
cfAppDictRef = CFBundleGetInfoDictionary (cfAppBundleRef);
cfStrAppBundleName = (CFStringRef)CFDictionaryGetValue (cfAppDictRef,kCFBundleNameKey);
}
I was expecting application path from Applications folder, but it comes from /system/coreservices/..
This happens for all items present in /system/library/coreservices/.. .
Is there any was that it should not look in /system/library/coreservices.. or any better solution?
Can anyone help me?
Thanks in Advance.
A more reliable way to identify an application is by bundle identifier. In the case of Front Row, for example, there are two separate applications with the same name:
/Applications/Front Row.app: com.apple.frontrowlauncher
/System/Library/CoreServices/Front Row.app: com.apple.frontrow
Looking at the bundle identifiers, it looks like this function is returning the path to the correct Front Row after all, since the one in /Applications is just a launcher.
But you shouldn't rely on that—the function could return the launcher's path at any time. Moreover, anybody could create an application bundle and name it “Front Row”.
Use the bundle identifier, so that you are always asking for the correct application.