Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-06-17 10:06:06 -05:00
Code Activity

macOS: run APFS formatter elevated

Browse Source 
APFS volume creation can still fail with Permission denied after preparing the raw and block device aliases because newfs_apfs performs privileged APFS container and volume operations beyond opening the device nodes.

Route APFS formatting through the elevated CoreService path for non-root macOS runs. Keep the elevated interface narrow by sending only the target device and invoking user UID/GID, validate the device path on the privileged side, rebuild the formatter arguments there, and execute /sbin/newfs_apfs by absolute path to avoid PATH shadowing.

Pass -U/-G so the created filesystem preserves the invoking user ownership. Apply the same path to GUI and text-mode creation.
This commit is contained in:
Mounir IDRASSI
2026-05-15 10:51:27 +09:00
parent 213dd2e74a
commit 77e4830c99
9 changed files with 224 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Main/MacOSXFormatterDevice.h
+43
View File
@@ -14,6 +14,8 @@
#ifdef TC_MACOSX
#include <unistd.h>
#include "Core/Unix/CoreService.h"
#include "Platform/Unix/Process.h"
namespace VeraCrypt
{
@@ -59,6 +61,33 @@ namespace VeraCrypt
return deviceIdentifier;
}
inline bool IsMacOSXAPFSFormatter (const string &fsFormatter)
{
size_t namePos = fsFormatter.find_last_of ('/');
string fsFormatterName = namePos == string::npos ? fsFormatter : fsFormatter.substr (namePos + 1);
return fsFormatterName == "newfs_apfs";
}
inline bool UseElevatedMacOSXAPFSFormatter (const string &fsFormatter)
{
return IsMacOSXAPFSFormatter (fsFormatter) && !Core->HasAdminPrivileges();
}
inline void AddMacOSXAPFSFormatterUserArgs (list <string> &args)
{
stringstream uid;
stringstream gid;
// The APFS formatter may run elevated, so preserve the invoking user's ownership.
uid << getuid();
gid << getgid();
args.push_back ("-U");
args.push_back (uid.str());
args.push_back ("-G");
args.push_back (gid.str());
}
struct MacOSXFormatterDeviceOwnerRestore
{
MacOSXFormatterDeviceOwnerRestore (const FilesystemPath &path, const UserId &owner)
@@ -125,6 +154,20 @@ namespace VeraCrypt
catch (...) { }
}
}
inline void ExecuteMacOSXFilesystemFormatter (const string &fsFormatter, const list <string> &args)
{
if (UseElevatedMacOSXAPFSFormatter (fsFormatter))
{
if (args.empty())
throw ParameterIncorrect (SRC_POS);
CoreService::RequestExecuteMacOSXAPFSFormatter (DevicePath (args.back()), getuid(), getgid());
return;
}
Process::Execute (IsMacOSXAPFSFormatter (fsFormatter) ? CoreService::GetMacOSXAPFSFormatterPath() : fsFormatter, args);
}
}
#endif // TC_MACOSX