Class app.authkit.tools.AppBundleLockdown

All Packages  This Package  Class Hierarchy  Class Search  Index

Class app.authkit.tools.AppBundleLockdown

java.lang.Object
   |
   +----app.authkit.envoy.Tool
           |
           +----app.authkit.tools.AppBundleLockdown

Summary

public class  AppBundleLockdown
     extends app.authkit.envoy.Tool
{
          // Constructors 1
     public AppBundleLockdown();

          // Methods 2
     public static void main(String[]);

     public void perform(String[]);
}

AppBundleLockdown is a Tool that locks down an app-bundle. It takes pathnames as args, or prompts for an app-bundle using a FileDialog when no args are given.

This tool refuses to run on Mac OS 10.0. The version of Java on that version of Mac OS X won't permit a FileDialog to choose an app-bundle, among other problems. Mac OS 10.0 also has different Authorization Services rules, which I think are too lax. In all, it's not a reliable enough platform to be doing this kind of thing on, so the simplest approach is to identify it and exclude it.

If no args are given, a FileDialog is presented, but first the user is preauthorize()'d. The reason for preauthorizing is so users don't get the chance to select an app-bundle if they can't ultimately carry out the lockdown on it. There is no other reason for preauthorizing. Preauthorizing only occurs when no args are given.

Command-line args, if any, are canonicalized and validated as app-bundles before being passed to the privileged process. Canonicalization implies that symlinks in command-line args are followed. Validation as an app-bundle is limited, though it shouldn't ever reject a valid app-bundle, as long as it contains a well-formed 'APPL' PkgInfo file. Without a PkgInfo, rejection is certain.

Finder-aliases are not followed, unless one is chosen interactively.

Symlinks found while traversing the app-bundle's contents are not followed, under control of the command execution in the Task app.authkit.tools.tasks.AppBundleLockdownTask.

System Properties Used

Uses the app.authkit.envoy.Tool properties, including "alert".

"keep.DS_Store" boolean, default false: should all '*.DS_Store' files in the app-bundle be kept (T) or deleted (F)?
"verbose" boolean, default false: should the Envoy process's encoded output be echoed to stdout (T) or discarded (F)?

Exit Status Codes

0: Envoy process exited OK, implying that privileged Task returned successfully.
1: IOException for some reason briefly explained on stderr and/or in alert.
2: UnauthorizedException for some reason briefly explained on stderr and/or in alert.
3: any other Throwable, as explained on stderr and/or in alert..

See Also: Tool, AppBundleLockdownTask

Constructors

· AppBundleLockdown
Summary | Top

   public AppBundleLockdown()

Default constructor

Methods

· main

Summary | Top

   public static void main(String[] args)

Static entry point when used as an application or command-line tool.

· perform

Summary | Top

   public void perform(String[] args)

Perform this Tool's actions on the given args.

Overrides:
perform in class Tool

All Packages  This Package  Class Hierarchy  Class Search  Index

Freshly brewed Java API Documentation automatically generated with polardoc Version 1.0.7