diff options
| author | Emīls Piņķis <emils@mullvad.net> | 2021-05-18 18:28:47 +0100 |
|---|---|---|
| committer | Emīls <emils@mullvad.net> | 2021-12-10 09:58:51 +0000 |
| commit | 2b48ee7a513651f65e2db5ff48eeb2fdb14d881a (patch) | |
| tree | 540c00042091c75de08685020d1f110182c7c920 /mullvad-daemon/src | |
| parent | 05ae3cad58eea7319a566323e7fdc326f8035470 (diff) | |
| download | mullvadvpn-2b48ee7a513651f65e2db5ff48eeb2fdb14d881a.tar.xz mullvadvpn-2b48ee7a513651f65e2db5ff48eeb2fdb14d881a.zip | |
Add exclusion GID fetcher
Diffstat (limited to 'mullvad-daemon/src')
| -rw-r--r-- | mullvad-daemon/src/exclusion_gid.rs | 29 | ||||
| -rw-r--r-- | mullvad-daemon/src/lib.rs | 8 |
2 files changed, 37 insertions, 0 deletions
diff --git a/mullvad-daemon/src/exclusion_gid.rs b/mullvad-daemon/src/exclusion_gid.rs new file mode 100644 index 0000000000..441b66cb2b --- /dev/null +++ b/mullvad-daemon/src/exclusion_gid.rs @@ -0,0 +1,29 @@ +use std::ffi::CStr; +/// name of the group that should be excluded +const EXCLUSION_GROUP: &[u8] = b"mullvad-exclusion\0"; + +/// Returns the GID of `mullvad-exclusion` group if it exists. +pub fn get_exclusion_gid() -> Option<u32> { + let exclusion_group_name = unsafe { CStr::from_bytes_with_nul_unchecked(EXCLUSION_GROUP) }; + talpid_core::macos::get_group_id(exclusion_group_name) +} + +/// Attempts to set the GID of the current process to `mullvad-exclusion`. +#[cfg(target_os = "macos")] +pub fn set_exclusion_gid() { + if let Some(gid) = get_exclusion_gid() { + if let Err(err) = talpid_core::macos::set_gid(gid) { + log::error!("Failed to set group ID: {}", err); + } + } else { + log::error!("No exclusion ID available"); + } +} + +#[cfg(test)] +mod test { + #[test] + fn test_exclusion_gid() { + let _ = super::get_exclusion_gid(); + } +} diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs index 5557590b09..93ec0106cf 100644 --- a/mullvad-daemon/src/lib.rs +++ b/mullvad-daemon/src/lib.rs @@ -7,6 +7,9 @@ extern crate serde; mod account; pub mod account_history; pub mod exception_logging; +#[cfg(target_os = "macos")] +pub mod exclusion_gid; +>>>>>>> 51cc8287d (Fix daemon code for GID exclusion) mod geoip; pub mod logging; #[cfg(not(target_os = "android"))] @@ -555,6 +558,11 @@ where command_channel: DaemonCommandChannel, #[cfg(target_os = "android")] android_context: AndroidContext, ) -> Result<Self, Error> { + #[cfg(target_os = "macos")] + { + exclusion_gid::set_exclusion_gid(); + }; + let (tunnel_state_machine_shutdown_tx, tunnel_state_machine_shutdown_signal) = oneshot::channel(); let runtime = tokio::runtime::Handle::current(); |