Gain root acces in iOS and launch Daemon - objective-c

I am an iPhone Developer, now I am making an App that need to run commands (like "launchctl")
The only way I can launcht is with root privileges, but i dont know how to get root privileges.
I want to call it with System("launchctl....") or there is other way?
Thanks in advance ;)

You cannot get root privileges if your going to distribute this in the App Store. However, you can get root access if you're developing this for jailbroken devices.

I built a jailbreak app once that was trying to do something similar. I wasn't using launchctl, but I was issuing a call using system().
What I found was that even if I let my app run as user root, which requires more than what edc1591 outlined in his comment above, system calls would still run whatever command you passed it (e.g. launchctl) with user mobile privileges. (Aside: I think the reason might be related to this issue).
If you want to do that, I found a rather convoluted way of doing so. See that answer here.

First of all, using system(); is a C method and is not very reliable at all for executing commands like that, (I know from experience).
What you would want to do, is copy the NSTask.h file from the foundation.framework into your project window and use it. the way to find it is by opening a new project for the mac and clicking show in finder on the foundation.framework and then copy it. (Make sure to remove the lines near the top that check if you have Mac OS 10.6 or greater)
Then try running it. If it still doesn't have the right privileges, try looking into setuid(); but other than that, i don't know how it's done.
Maybe you can contact the developer of iFile, he would know how...

Unfortunately, there is no Apple sanctioned way to do this. In other words, apps that require root access will not be approved for use in the App Store. It is possible that Apple will grant an exception, but that's is seriously, extremely, unlikely.

Related

How to set up a server for my app

At the moment I am making an app. I am relatively new but have experience with a lot of different languages like PHP and SQL. My app needs to communicate with a server to post/retrieve data for everyone to see. People also need to be able to login and register. Right now I am using parse because it gives a lot of the requirements in an easy package but parse is retiring soon and I have no experience with setting up my own server.
I was thinking of making my own 'server' from an old computer but not use parse because it will no longer support push notification. Then of course the app needs to communicate with this server. I started looking online and found a lot of terms but not a real clear explanation on how to proceed. I need it to be able to communicate with iOS and Android. Furthermore I was wondering how to execute a script on the server itself. I want to do something with time, once someone uploads something it needs to disappear after 48 hours, but of course it also needs to do this even if the app isn't active on a smartphone
Can anyone tell me how I need to proceed, what to use and where i can find useful info.
My plan for now is creating my own server with something like MongoDB but then i still need something called a backend and different SDK's to communicate with the apps. Maybe its possible to install parse on my own server and add something so i can still use Push and run a script on the server itself.
All help would be very much App-reciated ;)!
The reason of a backend service or framework is to let developer focus on front end app development. Maybe you can check other options like firebase, meoter, or even leancloud. Don't be hurry jump to the decision to make your own backend.
Parse Server is already supporting Push Notifications. I think should keep using Parse. It will become the best framework for backend and API development in a short time. You can also use services like https://www.back4app.com that helps you in all process of configuration of your server.
Do you mean by create your own server running a personal derver pr you mean create your own back end application?

Is there a way to update SMLoginItemBookmarks data on launchd overrides.plist

I'm working on an OS X app that most users choose to "launch at login", the kind you'd find at the menu bar.
In order to launch it at login I'm using SMLoginItemSetEnabled to launch a LoginHelper app that will open the main app, as described in this tutorial.
The app is failing to start up at login for just a handful of our users.
I was unable to reproduce this or to track the cause but I found (on a user's machine) that:
Deleting /Root/_com.apple.SMLoginItemBookmarks/[myapp] and /Root/[myapp] on /var/db/launchd.db/com.apple.launchd.peruser.$UID/overrides.plist and then resetting the Launch at login on the app fixed the issue. Also, we diff'd the files and the Data on the bookmark had changed.
For reference, I found about the overrides.plist here.
Since the app has both a Mac App Store and a Direct download version, I'm suspecting multiple copies of the app setting themselves as Launch at login may be the reason for this to fail, maybe these "bookmarks" are trying to open another instance of the app, that may or may not be deleted.
Now the questions, provided that this app needs to remain sandboxed:
Is there a way of updating that Data on the overrides.plist bookmarks?
Is there any way of deleting one self's app from the overrides.plist to start clean?
Is this maybe a known issue?
Any other suggestions on why the bookmark seems to point nowhere or how to fix it will be appreciated.
Note: This is my first question on StackOverflow, please excuse me if I failed to follow some of the suggested etiquette.
I don't know a definitive solution to this, I wasn't even aware of the overrides.plist. It could be related to multiple copies. As far as I understand, adding login through SMLoginItemSetEnabled sets a metadata flag that this Bundle ID should be launched on start. Then Spotlight, on start, will go do a metadata search on the file system and see which Bundle IDs need to be launched. Then, I guess, it will initiate the launch using the bundle ID. In my own application, Trickster, which uses the same technique for launching, I see that if I enable launch-on-login through the app itself, it might pop-up this strange message which refers to a debug build. I'm not even sure why it says about the first time. Very strange.
So, to have them launched, you have to make sure that the relevant bundles are in locations where Spotlight indexes (that the user hasn't disable Spotlight for these locations). Usually users don't disable Spotlight, especially for /Applications/ but I'm just saying.
What I usually suggest when support comes my way (and how I have it set up for me because I have multiple copies), is I to disable launch from within the app and instead add the correct one (from /Applications) manually in Login Items in System Preferences.

VB.NET Safe to have ftp details inside .exe?

I'm making a uploading program, though its just come to my thought of .exe .net decompliers. I want to know is it safe to put my FTP details in my program?
Depending on how you use the program. If it is only for you, then this should be OK, but I won't recommend doing it if you distribute the app somewhere.
Simplest way to see the strings in the program is using strings command on Linux or its equivalent on Windows - described here. This will show you the strings that are present in the file, and may be even simpler than obfuscating the code.
If you are going to distribute the app, I would suggest either:
Adding some configuring section, where the user himself enters the credentials, or
Permission the FTP to anonymous login correctly and let the users log in with anonymous login. It will have the same security strenght as adding the password to the file. This may be useful for just downloading the data, but won't really work for uploads, as anyone would be able to fill your FTP with any data. For that, you'll have to use the first way.

What is the standard method for writing a continuously running app that is allowed on the Mac App Store

I'm brand new to OS X and mac programming. I'm looking to write an app that runs continuously or is woken up every 30 seconds to do some minor task. It would do something like check the weather via a web service and shoot off an email if the temperature drops below freezing. In Windows I would just use a service or put a repeating task in the task scheduler. Is there a standard way to accomplish this in OS X which the mac app store allows? I would like to write something that I can put in the store but Apple seems to have vague restrictions against running background processes.
I've learned a little about launchd but I can't tell if I am allowed to use it. Ideally the process would get run even when no one is logged in, but it probably won't need root access. If someone does happen to be logged in, it would trigger some popup if it sent an email temperature alert out. I would also have some GUI which the user would be able to modify the configuration files that determine the behavior of the background process. I don't anticipate any app store restriction for that piece of the project though.
I'm pretty sure an app that runs invisibly like that would not be allowed into the App Store. What you're going to want is to create a menubar-only application, which can be enabled by setting a key in your app's info, namely LSUIElement. Although it won't be able to be run unless a user is signed in, it's your only way to get it into the store successfully.
The MAS guidelines have several prohibitions that would impact you. Go to the guidelines and read section 2. In particularly consider 2.15, 2.23, and 2.27. I don't know any way to get your application running prior to login without at some point requesting admin privileges (even if you don't use the privilege when you run).
I would probably make it a Login Item (System Preferences>Users>Login Items), probably as an LSUIElement app as sudo rm -rf suggests. Definitely if it's your first app, I wouldn't go diving into launchd in any case. It is one of the most infuriating system processes I've ever dealt with.

How to use BetterAuthorizationSample? - Cocoa

I am trying to use BetterAuthorizationSample rather then go the so called "malicious" way of using setuid in order to get root privileges.
Currently I am using AuthorizationCreate(); with BLAuthentication to have root access to changing some files, but I am somewhat irritated by the fact that I have to constantly enter my password in every time the app launches.
So I came across Apple's method of a HelperTool, and I just can't figure it out.
I've been working with Cocoa for a couple months now, but this is just out of my reach, yet I still need it. How would I implement this tool to do simple root-privileged tasks?
Is there a simpler way to use the concept of a HelperTool, so that my users can just enter their password once and it would grant root-privileges forever?
The "modern" way to do a helper tool on Mac OS X is to ship it as part of your app, and use the ServiceManagement framework to deploy it. Your users enter their password once, when deploying the tool. That installs it as a launchd job; from then on you use any launchd on-demand mechanism to launch the helper and get it to do work for you.
Notice that the blog post linked above recommends that you protect subsequent invocations of the helper with an Authorization Services escalation, to avoid having an arbitrary privilege escalation that anyone can use. This seems like it somewhat impacts the "users can just enter their password once" benefit, although you can use AuthorizationRightSet() to create your app's authorization token in the policy database, so you can actually define whether users need to present passwords on first deployment.
The sample code from that post is on GitHub, and demonstrates using ServiceManagement to deploy the helper tool and Authorization Services to control access to it.