我正在尝试创建一个授权来使用 SMJobBless 复制文件,尽管我无法让它工作。助手应用已成功授权,并且在 [self copyFile]
方法之前出现 Job is available!
消息,但 copyFile 始终失败。如果有人可以阐明我做错了什么,或者提供如何完成这项工作的示例,那就太好了。
appDelegate.h
#import <Cocoa/Cocoa.h>
@interface SMJobBlessAppController : NSObject {
IBOutlet NSTextField *_textField;
}
- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)error;
- (void)copyFile;
@end
appDelegate.m
#import <ServiceManagement/ServiceManagement.h>
#import <Security/Authorization.h>
#import "appDelegate.h"
@implementation SMJobBlessAppController
- (void)applicationDidFinishLaunching:(NSNotification *)notification
{
NSError *error = nil;
if (![self blessHelperWithLabel:@"com.apple.bsd.SMJobBlessHelper" error:&error]) {
NSLog(@"Something went wrong!");
} else {
/* At this point, the job is available. However, this is a very
* simple sample, and there is no IPC infrastructure set up to
* make it launch-on-demand. You would normally achieve this by
* using a Sockets or MachServices dictionary in your launchd.plist.
*/
NSLog(@"Job is available!");
[self->_textField setHidden:false];
[self copyFile];
}
}
- (void)copyFile {
NSError *error = nil;
NSFileManager *fileManager = [[NSFileManager alloc] init];
NSString *sourceFile = @"~/path/to/file.txt";
NSString *destFile = @"~/Library/Application Support/myApp/file.txt";
if ([fileManager copyItemAtPath:sourceFile toPath:destFile error:&error] == YES) {
NSLog (@"[FILE] Copied.");
// NSLog (@"Copy successful");
} else {
NSLog (@"[FILE] Copy failed.");
NSLog (@" %@ %@",sourceFile, destFile);
// NSLog (@"Copy failed");
}
[fileManager release];
return;
}
- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)error;
{
BOOL result = NO;
AuthorizationItem authItem = { kSMRightBlessPrivilegedHelper, 0, NULL, 0 };
AuthorizationRights authRights = { 1, &authItem };
AuthorizationFlags flags = kAuthorizationFlagDefaults |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights;
AuthorizationRef authRef = NULL;
/* Obtain the right to install privileged helper tools (kSMRightBlessPrivilegedHelper). */
OSStatus status = AuthorizationCreate(&authRights, kAuthorizationEmptyEnvironment, flags, &authRef);
if (status != errAuthorizationSuccess) {
NSLog(@"Failed to create AuthorizationRef, return code %i", status);
} else {
/* This does all the work of verifying the helper tool against the application
* and vice-versa. Once verification has passed, the embedded launchd.plist
* is extracted and placed in /Library/LaunchDaemons and then loaded. The
* executable is placed in /Library/PrivilegedHelperTools.
*/
result = SMJobBless(kSMDomainSystemLaunchd, (CFStringRef)label, authRef, (CFErrorRef *)error);
}
return result;
}
@end
最佳答案
你完全没有理解SMJobBless
的要点。它不会神奇地使您当前的应用程序能够执行特权操作。相反,它安装并运行一个单独的帮助工具,允许该工具执行特权操作,但不应执行其他操作(尽可能少)。
您需要将 copyFile
中的代码移至 the main
function in SMJobBlessHelper.c
。 (由于这是一个 C 文件,您必须用 C 语言重写它——也许使用 CoreFoundation——或者您必须更改工具以使用 Objective-C。没有人说这很容易。)
关于Objective-C,授权无法执行功能,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11514262/