1/*
2 * "$Id: cups-exec.c 11145 2013-07-17 02:46:19Z msweet $"
3 *
4 *   Sandbox helper for CUPS.
5 *
6 *   Copyright 2007-2013 by Apple Inc.
7 *
8 *   These coded instructions, statements, and computer programs are the
9 *   property of Apple Inc. and are protected by Federal copyright
10 *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
11 *   which should have been included with this file.  If this file is
12 *   file is missing or damaged, see the license at "http://www.cups.org/".
13 *
14 * Usage:
15 *
16 *     cups-exec /path/to/profile /path/to/program argv0 argv1 ... argvN
17 *
18 * Contents:
19 *
20 *   main() - Apply sandbox profile and execute program.
21 */
22
23/*
24 * Include necessary headers...
25 */
26
27#include <cups/string-private.h>
28#include <unistd.h>
29#ifdef HAVE_SANDBOX_H
30#  include <sandbox.h>
31#  ifndef SANDBOX_NAMED_EXTERNAL
32#    define SANDBOX_NAMED_EXTERNAL  0x0003
33#  endif /* !SANDBOX_NAMED_EXTERNAL */
34#  pragma GCC diagnostic ignored "-Wdeprecated-declarations"
35#endif /* HAVE_SANDBOX_H */
36
37
38/*
39 * 'main()' - Apply sandbox profile and execute program.
40 */
41
42int					/* O - Exit status */
43main(int  argc,				/* I - Number of command-line args */
44     char *argv[])			/* I - Command-line arguments */
45{
46#ifdef HAVE_SANDBOX_H
47  char	*sandbox_error = NULL;		/* Sandbox error, if any */
48#endif /* HAVE_SANDBOX_H */
49
50
51 /*
52  * Check that we have enough arguments...
53  */
54
55  if (argc < 4)
56  {
57    puts("Usage: cups-exec /path/to/profile /path/to/program argv0 argv1 ... "
58         "argvN");
59    return (1);
60  }
61
62#ifdef HAVE_SANDBOX_H
63 /*
64  * Run in a separate security profile...
65  */
66
67  if (strcmp(argv[1], "none") &&
68      sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error))
69  {
70    fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error,
71	    strerror(errno));
72    sandbox_free_error(sandbox_error);
73    return (1);
74  }
75#endif /* HAVE_SANDBOX_H */
76
77 /*
78  * Execute the program...
79  */
80
81  execv(argv[2], argv + 3);
82
83 /*
84  * If we get here, execv() failed...
85  */
86
87  fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno));
88  return (1);
89}
90
91
92/*
93 * End of "$Id: cups-exec.c 11145 2013-07-17 02:46:19Z msweet $".
94 */
95