Higher privileges required on 10.12 for StartService

samdmarshall / SDMMobileDevice

MobileDevice Implementation

BSD 3-Clause "New" or "Revised" License

574 stars 97 forks source link

Higher privileges required on 10.12 for StartService #92

Closed ttys42 closed 7 years ago

ttys42 commented 8 years ago

Hi. It seems that in latest 10.12 higher privileges are required to run StartService.

SDMMD__CreateDataFromFileContents: Could not lstat.
SDMMD__CreateDictFromFileContents: Could not read from file.
SDMMD__CreateDataFromFileContents: Could not lstat.
SDMMD__CreateDictFromFileContents: Could not read from file.

Running with sudo works fine

samdmarshall commented 8 years ago

does this mean we need to embed the entitlements.plist into the command line app?

ttys42 commented 8 years ago

Excuse me, the issue appears on the StartSession part. I do not think this is an entitlement issue as I can see the issue on non sandboxed applications as well

samdmarshall commented 8 years ago

Interesting, can you narrow down the specific file or accessor that is returning the error?

ttys42 commented 8 years ago

Yes, it seems access to /var/db/lockdown has been restricted drwx------ 5 _usbmuxd _usbmuxd 170 Aug 12 07:28 lockdown Inside it looks same as in older versions of OS X -rw-rw-rw- 1 root _usbmuxd 9445 Aug 12 07:28 xxxxxxxxxxxxxxxxxxxxxxx.plist

samdmarshall commented 7 years ago

I think I am going to close this as I don't see a practical way around this other than to require sudo. There should probably be a OS check added and tell the user to sudo, but I think that is a separate issue from this.