diff --git a/makefile b/makefile index ab099d9..446ac5a 100644 --- a/makefile +++ b/makefile @@ -753,7 +753,7 @@ linux: $(STRIP) macos: - $(MAKE) $(MAKEFILE) EXENAME="$(EXENAME)_$(ARCHNAME)" ADDITIONALSOURCES="$(MACOSKVMSOURCES)" CFLAGS="$(MACOSARCH) -std=gnu99 -Wall -DJPEGMAXBUF=$(KVMMaxTile) -DMESH_AGENTID=$(ARCHID) -D_POSIX -D_NOILIBSTACKDEBUG -D_NOHECI -DMICROSTACK_PROXY -D__APPLE__ $(CWEBLOG) -fno-strict-aliasing $(INCDIRS) $(CFLAGS) $(CEXTRA)" LDFLAGS="$(MACSSL) $(MACOSFLAGS) -L. -lpthread -ldl -lz -lutil -framework IOKit -framework ApplicationServices -framework SystemConfiguration -framework CoreFoundation -fconstant-cfstrings $(LDFLAGS) $(LDEXTRA)" + $(MAKE) $(MAKEFILE) EXENAME="$(EXENAME)_$(ARCHNAME)" ADDITIONALSOURCES="$(MACOSKVMSOURCES)" CFLAGS="$(MACOSARCH) -std=gnu99 -Wall -DJPEGMAXBUF=$(KVMMaxTile) -DMESH_AGENTID=$(ARCHID) -D_POSIX -D_NOILIBSTACKDEBUG -D_NOHECI -DMICROSTACK_PROXY -D__APPLE__ $(CWEBLOG) -fno-strict-aliasing $(INCDIRS) $(CFLAGS) $(CEXTRA)" LDFLAGS="$(MACSSL) $(MACOSFLAGS) -L. -lpthread -ldl -lz -lutil -framework IOKit -framework ApplicationServices -framework SystemConfiguration -framework CoreServices -framework CoreGraphics -framework CoreFoundation -fconstant-cfstrings $(LDFLAGS) $(LDEXTRA)" $(SYMBOLCP) $(STRIP) diff --git a/meshcore/KVM/MacOS/mac_kvm.c b/meshcore/KVM/MacOS/mac_kvm.c index df73599..3e202a2 100644 --- a/meshcore/KVM/MacOS/mac_kvm.c +++ b/meshcore/KVM/MacOS/mac_kvm.c @@ -25,10 +25,14 @@ limitations under the License. #include #include #include +#include +#include #include #include #include +#include +#include int KVM_Listener_FD = -1; #define KVM_Listener_Path "/usr/local/mesh_services/meshagent/kvm" @@ -902,3 +906,104 @@ void kvm_cleanup() gChildProcess = NULL; } } + + +typedef enum { + MPAuthorizationStatusNotDetermined, + MPAuthorizationStatusAuthorized, + MPAuthorizationStatusDenied +} MPAuthorizationStatus; + + + + +MPAuthorizationStatus _checkFDAUsingFile(const char *path) { + int fd = open(path, O_RDONLY); + if (fd != -1) + { + close(fd); + return MPAuthorizationStatusAuthorized; + } + + if (errno == EPERM || errno == EACCES) + { + return MPAuthorizationStatusDenied; + } + + return MPAuthorizationStatusNotDetermined; +} + +MPAuthorizationStatus _fullDiskAuthorizationStatus() { + char *userHomeFolderPath = getenv("HOME"); + if (userHomeFolderPath == NULL) { + struct passwd *pw = getpwuid(getuid()); + if (pw == NULL) { + return MPAuthorizationStatusNotDetermined; + } + userHomeFolderPath = pw->pw_dir; + } + + const char *testFiles[] = { + strcat(strcpy(malloc(strlen(userHomeFolderPath) + 30), userHomeFolderPath), "/Library/Safari/CloudTabs.db"), + strcat(strcpy(malloc(strlen(userHomeFolderPath) + 30), userHomeFolderPath), "/Library/Safari/Bookmarks.plist"), + "/Library/Application Support/com.apple.TCC/TCC.db", + "/Library/Preferences/com.apple.TimeMachine.plist", + }; + + MPAuthorizationStatus resultStatus = MPAuthorizationStatusNotDetermined; + for (int i = 0; i < 4; i++) { + MPAuthorizationStatus status = _checkFDAUsingFile(testFiles[i]); + if (status == MPAuthorizationStatusAuthorized) { + resultStatus = MPAuthorizationStatusAuthorized; + break; + } + if (status == MPAuthorizationStatusDenied) { + resultStatus = MPAuthorizationStatusDenied; + } + } + + return resultStatus; +} + + +void kvm_check_permission() +{ + + //Request screen recording access + if(__builtin_available(macOS 10.15, *)){ + if(!CGPreflightScreenCaptureAccess()) { + CGRequestScreenCaptureAccess(); + } + } + + + // Request accessibility access + if(__builtin_available(macOS 10.9, *)){ + const void * keys[] = { kAXTrustedCheckOptionPrompt }; + const void * values[] = { kCFBooleanTrue }; + + CFDictionaryRef options = CFDictionaryCreate( + kCFAllocatorDefault, + keys, + values, + sizeof(keys) / sizeof(*keys), + &kCFCopyStringDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + + AXIsProcessTrustedWithOptions(options); + } + + // Request full disk access + if(__builtin_available(macOS 10.14, *)) { + if(_fullDiskAuthorizationStatus() != MPAuthorizationStatusAuthorized) { + CFStringRef URL = CFStringCreateWithCString(NULL, "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles", kCFStringEncodingASCII); + CFURLRef pathRef = CFURLCreateWithString( NULL, URL, NULL ); + if( pathRef ) + { + LSOpenCFURLRef(pathRef, NULL); + CFRelease(pathRef); + } + CFRelease(URL); + } + } +} \ No newline at end of file diff --git a/meshcore/KVM/MacOS/mac_kvm.h b/meshcore/KVM/MacOS/mac_kvm.h index df988f9..719e7b4 100644 --- a/meshcore/KVM/MacOS/mac_kvm.h +++ b/meshcore/KVM/MacOS/mac_kvm.h @@ -26,6 +26,8 @@ typedef ILibTransport_DoneState(*ILibKVM_WriteHandler)(char *buffer, int bufferLen, void *reserved); +void kvm_check_permission(); + int kvm_relay_feeddata(char* buf, int len); void kvm_pause(int pause); void* kvm_relay_setup(char *exePath, void *processPipeMgr, ILibKVM_WriteHandler writeHandler, void *reserved, int uid); diff --git a/meshcore/agentcore.c b/meshcore/agentcore.c index 32bce3d..bbae1ec 100644 --- a/meshcore/agentcore.c +++ b/meshcore/agentcore.c @@ -4489,6 +4489,13 @@ void agentDumpKeysSink(ILibSimpleDataStore sender, char* Key, int KeyLen, void * MeshAgentHostContainer* MeshAgent_Create(MeshCommand_AuthInfo_CapabilitiesMask capabilities) { + +#if defined(_LINKVM) && defined(_POSIX) && !defined(__APPLE__) + //Before anything, check for permissions (macos requirement) + kvm_check_permission(); +#endif + + MeshAgentHostContainer* retVal = (MeshAgentHostContainer*)ILibMemory_Allocate(sizeof(MeshAgentHostContainer), 0, NULL, NULL); #ifdef WIN32 SYSTEM_POWER_STATUS stats;