// This file is part of BOINC. // http://boinc.berkeley.edu // Copyright (C) 2023 University of California // // BOINC is free software; you can redistribute it and/or modify it // under the terms of the GNU Lesser General Public License // as published by the Free Software Foundation, // either version 3 of the License, or (at your option) any later version. // // BOINC is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // See the GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with BOINC. If not, see . // gfx_switcher.C // // Used by screensaver to: // - launch graphics application at given slot number // - launch default graphics application // - kill graphics application with given process ID // // Special logic used only under OS 10.15 Catalina and later: // // BOINC screensaver plugin BOINCSaver.saver (BOINC Screensaver Coordinator) // sends a run_graphics_app RPC to the BOINC client. The BOINC client then // launches switcher, which submits a script to launchd as a LaunchAgent // for the user that invoked the screensaver (the currently logged in user.) // // We must go through launchd to establish a connection to the windowserver // in the currently logged in user's space for use by the project graphics // app. This script then launches gfx_switcher, which uses fork and execv to // launch the project graphics app. gfx_switcher writes the graphics app's // process ID to shared memory, to be read by the Screensaver Coordinator. // gfx_switcher waits for the graphics app to exit and then notifies the // Screensaver Coordinator by writing 0 to the shared memory. // // This Rube Goldberg process is necessary due to limitations on screensavers // introduced in OS 10.15 Catalina and OS 14.0 Sonoma. // #include #include #include #include #include #if HAVE_SYS_PARAM_H #include // for MAXPATHLEN #endif #include // getpwuid #include #include // For kill() #include #include "boinc_api.h" #include "common_defs.h" #include "util.h" #include "mac_util.h" #include "shmem.h" #include "mac_spawn.h" #define VERBOSE 0 #define CREATE_LOG VERBOSE #if VERBOSE #ifdef __cplusplus extern "C" { #endif static void print_to_log_file(const char *format, ...); #ifdef __cplusplus } static void strip_cr(char *buf); #endif #else #define print_to_log_file(...) #endif void * MonitorScreenSaverEngine(void* param); struct ss_shmem_data { pid_t gfx_pid; int gfx_slot; }; static struct ss_shmem_data* ss_shmem = NULL; int main(int argc, char** argv) { passwd *pw; group *grp; char user_name[256], group_name[256]; char cmd[2048]; char gfx_app_path[MAXPATHLEN], resolved_path[MAXPATHLEN]; char *BOINCDatSlotsPath = "/Library/Application Support/BOINC Data/slots/"; int retval; int pid; int i; const char *screensaverLoginUser = NULL; pthread_t monitorScreenSaverEngineThread = 0; if (argc < 2) return EINVAL; CFStringRef cf_gUserName = SCDynamicStoreCopyConsoleUser(NULL, NULL, NULL); CFStringGetCString(cf_gUserName, user_name, sizeof(user_name), kCFStringEncodingUTF8); // strlcpy(user_name, getenv("USER"), sizeof(user_name)); strlcpy(group_name, "boinc_project", sizeof(group_name)); // Under fast user switching, the BOINC client may be running under a // different login than the screensaver // // If we need to join a different process group, it must be the last argument. i = 0; while(argv[i]) { if (!strcmp(argv[i], "--ScreensaverLoginUser")) { screensaverLoginUser = argv[i+1]; // strlcpy(user_name, screensaverLoginUser, sizeof(user_name)); argv[i] = 0; // Strip off the --ScreensaverLoginUser argument argc -= 2; #if VERBOSE // For debugging only print_to_log_file("\n\ngfx_switcher: screensaverLoginUser = %s", screensaverLoginUser); #endif break; } ++i; } if (! screensaverLoginUser) { screensaverLoginUser = user_name; } #if 0 // For debugging only // Allow debugging without running as group boinc_project grp = getgrgid(getgid()); if (grp) strlcpy(group_name, grp->gr_name, sizeof(group_name)); #endif // We are running setuid root, so setgid() sets real group ID, // effective group ID and saved set_group-ID for this process grp = getgrnam(group_name); if (grp) setgid(grp->gr_gid); // As of MacOS 13.0 Ventura IOSurface cannot be used to share graphics // between apps unless they are running as the same user, so we no // longer run the graphics apps as user boinc_master. pw = getpwnam(user_name); if (pw) setuid(pw->pw_uid); // NOTE: call print_to_log_file only after switching user and group #if VERBOSE // For debugging only char current_dir[MAXPATHLEN]; getcwd( current_dir, sizeof(current_dir)); print_to_log_file("current directory = %s", current_dir); print_to_log_file("user_name is %s, euid=%d, uid=%d, egid=%d, gid=%d", user_name, geteuid(), getuid(), getegid(), getgid()); for (int i=0; igfx_pid = pid; ss_shmem->gfx_slot = -1; // Default GFX has no slot number } pthread_create(&monitorScreenSaverEngineThread, NULL, MonitorScreenSaverEngine, &pid); waitpid(pid, 0, 0); pthread_cancel(monitorScreenSaverEngineThread); if (ss_shmem != 0) { ss_shmem->gfx_pid = 0; } return 0; } } if (strcmp(argv[1], "-launch_gfx") == 0) { strlcpy(gfx_app_path, BOINCDatSlotsPath, sizeof(gfx_app_path)); strlcat(gfx_app_path, argv[2], sizeof(gfx_app_path)); strlcat(gfx_app_path, "/", sizeof(gfx_app_path)); strlcat(gfx_app_path, GRAPHICS_APP_FILENAME, sizeof(gfx_app_path)); retval = boinc_resolve_filename(gfx_app_path, resolved_path, sizeof(resolved_path)); if (retval) return retval; #if VERBOSE // For debugging only print_to_log_file("gfx_switcher using fork()");; #endif int pid = fork(); // As of MacOS 13.0 Ventura IOSurface cannot be used to share graphics // between apps unless they are running as the same user, so we no // longer run the graphics apps as user boinc_master. To replace the // security that was provided by running as a different user, we use // sandbox-exec() to launch the graphics apps. Note that sandbox-exec() // is marked deprecated because it is an Apple private API so the syntax // of the security specifications is subject to change without notice. // But it is used widely in Apple's software, and the security profile // elements we use are very unlikely to change. if (pid == 0) { // For unknown reasons, the graphics application exits with // "RegisterProcess failed (error = -50)" unless we pass its // full path twice in the argument list to execv. strlcpy(cmd, "sandbox-exec -f \"", sizeof(cmd)); strlcat(cmd, argv[0], sizeof(cmd)); // path to this executable char *slash = strrchr(cmd, '/'); if (slash) *slash = '\0'; // Directory containing this executable strlcat(cmd, "/mac_restrict_access.sb\" \"", sizeof(cmd)); // path to sandboxing profile strlcat(cmd, resolved_path, sizeof(cmd)); // path to graphics app strlcat(cmd, "\"", sizeof(cmd)); for (int i=3; igfx_pid = pid; ss_shmem->gfx_slot = atoi(argv[2]); } pthread_create(&monitorScreenSaverEngineThread, NULL, MonitorScreenSaverEngine, &pid); waitpid(pid, 0, 0); pthread_cancel(monitorScreenSaverEngineThread); if (ss_shmem != 0) { ss_shmem ->gfx_pid = 0; } return 0; } } if (strcmp(argv[1], "-kill_gfx") == 0) { pid = atoi(argv[2]); if (! pid) return EINVAL; if ( kill(pid, SIGKILL)) { #if VERBOSE // For debugging only print_to_log_file("kill(%d, SIGKILL) returned error %d", pid, errno); #endif return errno; } return 0; } return EINVAL; // Unknown command } // For extra safety, kill our graphics app if ScreenSaverEngine has exited void * MonitorScreenSaverEngine(void* param) { pid_t ScreenSaverEngine_Pid = 0; pid_t graphics_Pid = *(pid_t*)param; while (true) { boinc_sleep(1.0); // Test every second ScreenSaverEngine_Pid = getPidIfRunning("com.apple.ScreenSaver.Engine"); #if VERBOSE // For debugging only print_to_log_file("MonitorScreenSaverEngine: ScreenSaverEngine_Pid=%d", ScreenSaverEngine_Pid); #endif if (ScreenSaverEngine_Pid == 0) { // legacyScreenSaver name under MacOS 14 Sonoma ScreenSaverEngine_Pid = getPidIfRunning("com.apple.ScreenSaver.Engine.legacyScreenSaver"); } if (ScreenSaverEngine_Pid == 0) { #ifdef __x86_64__ ScreenSaverEngine_Pid = getPidIfRunning("com.apple.ScreenSaver.Engine.legacyScreenSaver.x86_64"); #elif defined(__arm64__) ScreenSaverEngine_Pid = getPidIfRunning("com.apple.ScreenSaver.Engine.legacyScreenSaver.arm64"); #endif #if VERBOSE // For debugging only print_to_log_file("MonitorScreenSaverEngine: ScreenSaverEngine_legacyScreenSaver_Pid=%d", ScreenSaverEngine_Pid); #endif } if (ScreenSaverEngine_Pid == 0) { kill(graphics_Pid, SIGKILL); #if VERBOSE // For debugging only print_to_log_file("MonitorScreenSaverEngine calling kill(%d, SIGKILL", graphics_Pid); #endif return 0; } } } #if CREATE_LOG #include static void print_to_log_file(const char *format, ...) { FILE *f; va_list args; char buf[256]; time_t t; f = fopen("/Users/Shared/test_log_gfx_switcher.txt", "a"); if (!f) return; // freopen(buf, "a", stdout); // freopen(buf, "a", stderr); time(&t); safe_strcpy(buf, asctime(localtime(&t))); strip_cr(buf); fputs(buf, f); fputs(" ", f); va_start(args, format); vfprintf(f, format, args); va_end(args); fputs("\n", f); fflush(f); fclose(f); chmod("/Users/Shared/test_log_gfx_switcher.txt", 0666); } static void strip_cr(char *buf) { char *theCR; theCR = strrchr(buf, '\n'); if (theCR) *theCR = '\0'; theCR = strrchr(buf, '\r'); if (theCR) *theCR = '\0'; } #endif // CREATE_LOG