mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2026-05-21 21:30:48 -05:00
Mounir IDRASSI
77e4830c99
APFS volume creation can still fail with Permission denied after preparing the raw and block device aliases because newfs_apfs performs privileged APFS container and volume operations beyond opening the device nodes. Route APFS formatting through the elevated CoreService path for non-root macOS runs. Keep the elevated interface narrow by sending only the target device and invoking user UID/GID, validate the device path on the privileged side, rebuild the formatter arguments there, and execute /sbin/newfs_apfs by absolute path to avoid PATH shadowing. Pass -U/-G so the created filesystem preserves the invoking user ownership. Apply the same path to GUI and text-mode creation.
97 lines
2.5 KiB
C++
97 lines
2.5 KiB
C++
/*
|
|
Derived from source code of TrueCrypt 7.1a, which is
|
|
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
|
|
by the TrueCrypt License 3.0.
|
|
|
|
Modifications and additions to the original source code (contained in this file)
|
|
and all other portions of this file are Copyright (c) 2013-2025 AM Crypto
|
|
and are governed by the Apache License 2.0 the full text of which is
|
|
contained in the file License.txt included in VeraCrypt binary and source
|
|
code distribution packages.
|
|
*/
|
|
|
|
#ifndef TC_HEADER_Core_Unix_CoreServiceResponse
|
|
#define TC_HEADER_Core_Unix_CoreServiceResponse
|
|
|
|
#include "Platform/Serializable.h"
|
|
#include "Core/Core.h"
|
|
|
|
namespace VeraCrypt
|
|
{
|
|
struct CoreServiceResponse : public Serializable
|
|
{
|
|
};
|
|
|
|
struct CheckFilesystemResponse : CoreServiceResponse
|
|
{
|
|
CheckFilesystemResponse () { }
|
|
TC_SERIALIZABLE (CheckFilesystemResponse);
|
|
};
|
|
|
|
struct DismountFilesystemResponse : CoreServiceResponse
|
|
{
|
|
DismountFilesystemResponse () { }
|
|
TC_SERIALIZABLE (DismountFilesystemResponse);
|
|
};
|
|
|
|
struct DismountVolumeResponse : CoreServiceResponse
|
|
{
|
|
DismountVolumeResponse () { }
|
|
TC_SERIALIZABLE (DismountVolumeResponse);
|
|
|
|
shared_ptr <VolumeInfo> DismountedVolumeInfo;
|
|
};
|
|
|
|
struct GetDeviceSectorSizeResponse : CoreServiceResponse
|
|
{
|
|
GetDeviceSectorSizeResponse () { }
|
|
GetDeviceSectorSizeResponse (uint32 size) : Size (size) { }
|
|
TC_SERIALIZABLE (GetDeviceSectorSizeResponse);
|
|
|
|
uint32 Size;
|
|
};
|
|
|
|
struct GetDeviceSizeResponse : CoreServiceResponse
|
|
{
|
|
GetDeviceSizeResponse () { }
|
|
GetDeviceSizeResponse (uint64 size) : Size (size) { }
|
|
TC_SERIALIZABLE (GetDeviceSizeResponse);
|
|
|
|
uint64 Size;
|
|
};
|
|
|
|
struct GetHostDevicesResponse : CoreServiceResponse
|
|
{
|
|
GetHostDevicesResponse () { }
|
|
GetHostDevicesResponse (const HostDeviceList &hostDevices) : HostDevices (hostDevices) { }
|
|
TC_SERIALIZABLE (GetHostDevicesResponse);
|
|
|
|
HostDeviceList HostDevices;
|
|
};
|
|
|
|
#ifdef TC_MACOSX
|
|
struct ExecuteMacOSXAPFSFormatterResponse : CoreServiceResponse
|
|
{
|
|
ExecuteMacOSXAPFSFormatterResponse () { }
|
|
TC_SERIALIZABLE (ExecuteMacOSXAPFSFormatterResponse);
|
|
};
|
|
#endif
|
|
|
|
struct MountVolumeResponse : CoreServiceResponse
|
|
{
|
|
MountVolumeResponse () { }
|
|
MountVolumeResponse (shared_ptr <VolumeInfo> volumeInfo) : MountedVolumeInfo (volumeInfo) { }
|
|
TC_SERIALIZABLE (MountVolumeResponse);
|
|
|
|
shared_ptr <VolumeInfo> MountedVolumeInfo;
|
|
};
|
|
|
|
struct SetFileOwnerResponse : CoreServiceResponse
|
|
{
|
|
SetFileOwnerResponse () { }
|
|
TC_SERIALIZABLE (SetFileOwnerResponse);
|
|
};
|
|
}
|
|
|
|
#endif // TC_HEADER_Core_Unix_CoreServiceResponse
|