SMJobBless gives error CFErrorDomainLaunchd Code=8

Asked 24/6, 2015 at 7:58 Answered 28/10, 2021 at 5:2

I am trying to install a helper tool via SMJobBless and I am getting the following error,

Error Domain=CFErrorDomainLaunchd Code=8 "The operation couldn’t be completed. (CFErrorDomainLaunchd error 8.)

I verified the code sign, plist of application and helper tool, copied the tool in launchServices and also linked the plists.

Can anyone please help me?

Thank you,

Mackler answered 24/6, 2015 at 7:58 Comment(0)

Verify Following Things:

1.Code

- (BOOL)blessHelperWithLabel:(NSString *)label
                       error:(NSError **)error {   

    BOOL result = NO;

    AuthorizationItem authItem      = { kSMRightBlessPrivilegedHelper, 0, NULL, 0 };
    AuthorizationRights authRights  = { 1, &authItem };
    AuthorizationFlags flags        =   kAuthorizationFlagDefaults              |
    kAuthorizationFlagInteractionAllowed    |
    kAuthorizationFlagPreAuthorize          |
    kAuthorizationFlagExtendRights;

    AuthorizationRef authRef = NULL;

    /* Obtain the right to install privileged helper tools (kSMRightBlessPrivilegedHelper). */
    OSStatus status = AuthorizationCreate(&authRights, kAuthorizationEmptyEnvironment, flags, &authRef);
    if (status != errAuthorizationSuccess) {
        NSLog(@"%@", [NSString stringWithFormat:@"Failed to create AuthorizationRef. Error code: %d", (int)status]);

    } else {
        /* This does all the work of verifying the helper tool against the application
         * and vice-versa. Once verification has passed, the embedded launchd.plist
         * is extracted and placed in /Library/LaunchDaemons and then loaded. The
         * executable is placed in /Library/PrivilegedHelperTools.
         */
        result = SMJobBless(kSMDomainSystemLaunchd, (CFStringRef)label, authRef, (CFErrorRef *)error);
    }
    return result;
}

2.Tools owned after installation field in info.plist(main app)

helper bundle : identifier <Helper Bundle Identifier> and certificate leaf[subject.CN] = "Developer ID Application: xxxxx (YYXSFDHZ6W)"

3.Clients allowed to add and remove tool field in helper info.plist.

item 0 : identifier <Main App Bundle Identifier> and certificate leaf[subject.CN] = "Developer ID Application: xxxxxx (YYXSFDHZ6W)"

4.Check MachServices filed in xxxxHelperTool-Launchd.plist.it should be

helper tool bundle : YES

Lymphangitis answered 24/6, 2015 at 11:3 Comment(0)

Find the tool SMJobBlessUtil.py in the (otherwise superseded sample code) SMJobBless sample code: https://developer.apple.com/library/archive/samplecode/SMJobBless/Introduction/Intro.html

NOTE: SMJobBless IS the correct way to bless jobs. The old way, AuthorizationExecuteWithPrivileges, is deprecated and will be actively shunned in the near future. The "SMJobBless" sample code is deprecated, because the following example code is superior in pretty much every way.

OK, get the tool, and now get the current example code: https://developer.apple.com/library/archive/samplecode/EvenBetterAuthorizationSample/Introduction/Intro.html

Use the SMJobBlessUtil.py script to verify and or set the Info.plist stuff inside your main program and helper.

Kenishakenison answered 17/8, 2018 at 22:26 Comment(1)

The python script's check mode showed "tool __TEXT / __info_plist section dump malformed". So I checked the embedded plist with this command: otool -P /path/to/helper. With that, I found that the Info.plist was inserted twice because I had also allowed another Info.plist be inserted, which I must rather deny ("Create Info.plist Section in Binary") – Streeto 9/11, 2022 at 18:49

Based on the error, I suspect that while you've created the info and launchd property lists, you haven't instructed the linker to embed them into the executable.

You do this by setting the build variable OTHER_LDFLAGS to -sectcreate __TEXT __info_plist $(INFOPLIST_FILE) -sectcreate __TEXT __launchd_plist $(LAUNCHDPLIST_FILE) where INFOPLIST_FILE and LAUNCHDPLIST_FILE are variables with values of paths to those two files. Alternatively you can directly specify the file paths there and not make them their own build variables.

If you're still running into issues with this, in the main file for your helper tool you can import the EmbeddedPropertyList framework and have it print out the values for its embedded info and launchd property lists. You don't need your executable to be installed via SMJobBless to do this, you can just run the executable normally from Terminal. It won't run as root in this case, but that's fine if you're just trying to validate the property lists have been properly embedded.

Vespid answered 28/10, 2021 at 5:2 Comment(1)

One can also see the property lists with these commands: otool -P /path/to/helper and otool -X -s __TEXT __launchd_plist /path/to/helper | xxd -r In my case, I found that the Info.plist was inserted twice because I had also allowed another Info.plist be inserted, which I must rather deny ("Create Info.plist Section in Binary") – Streeto 9/11, 2022 at 18:43

1、You can use SMJobBlessUtil.py to check your app; maybe it will come to some error decribtion like dump malformed;

2、then you can compare the sample code's project setting, finding the helper target other linker flags ,see if you should set this.

Garris answered 24/4, 2019 at 0:8 Comment(0)

Recommended topics

Hot tags