I’m going to tackle the System Configuration side of this. There’s a bigger picture question here, namely how a Core Audio server plug-in should manage preferences, that I’ll leave to folks who have expertise in that technology.
Is it possible to authenticate the CoreAudio server plugin to gain write permissions?
I presume we’re talking SCPreferences here. If so, its authorisation model is pretty straightforward:
-
You can connect using SCPreferencesCreate, in which case you’ll have write permission if you’re running as root.
-
You can connect using SCPreferencesCreateWithAuthorization, in which case you’ll have write permission if the supplied AuthorizationRef has been, or can be, authorised appropriately [1].
Are there any entitlements … that would allow this?
No [2].
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] I’m not sure if the actual rights are documented anyway, but you can see this in the authorisation database:
% security authorizationdb read system.preferences.location | plutil -p -
YES (0)
{
"class" => "rule"
"comment" => "For changing the network location from the Apple menu."
"created" => 723599790.4667161
"k-of-n" => 1
"modified" => 723599790.4667161
"rule" => [
0 => "on-console"
1 => "is-admin"
2 => "is-root"
]
"version" => 0
}
% security authorizationdb read system.services.systemconfiguration.network | plutil -p -
YES (0)
{
"class" => "rule"
"comment" => "For making change to network configuration via System Configuration."
"created" => 723599790.4667161
"k-of-n" => 1
"modified" => 723599790.4667161
"rule" => [
0 => "is-root"
1 => "entitled"
2 => "_mbsetupuser-nonshared"
3 => "authenticate-admin-nonshared"
]
"version" => 2
}
[2] If you rummage around in Darwin you’ll find that SCPreferences does support authorisation via entitlements, but those entitlements are not available for third-party use.
