From 2e6553ab2b4b3314a80f39ddbfd6f9ba107f7dfa Mon Sep 17 00:00:00 2001 From: Tw93 Date: Sat, 14 Mar 2026 22:32:53 +0800 Subject: [PATCH] Protect user launch agents during clean --- SECURITY_AUDIT.md | 2 + bin/clean.sh | 2 +- lib/clean/apps.sh | 192 +---------------------------------------- lib/clean/hints.sh | 114 ++++++++++++++++++++++++ tests/clean_apps.bats | 137 +++-------------------------- tests/clean_core.bats | 24 +++++- tests/clean_hints.bats | 62 +++++++++++++ 7 files changed, 219 insertions(+), 314 deletions(-) diff --git a/SECURITY_AUDIT.md b/SECURITY_AUDIT.md index 7606abc..3663832 100644 --- a/SECURITY_AUDIT.md +++ b/SECURITY_AUDIT.md @@ -119,6 +119,7 @@ In addition to path blocking, these categories are protected: - Browser history and cookies - Time Machine data (during active backup) - `com.apple.*` LaunchAgents/LaunchDaemons +- user-owned `~/Library/LaunchAgents/*.plist` automation/configuration - iCloud-synced `Mobile Documents` ## Implementation Details @@ -145,6 +146,7 @@ Protected or conservatively handled categories include: - browser history and cookies - Time Machine data while backup state is active or ambiguous - `com.apple.*` LaunchAgents and LaunchDaemons +- user-owned `~/Library/LaunchAgents/*.plist` automation/configuration - iCloud-synced `Mobile Documents` data Project purge also uses conservative heuristics: diff --git a/bin/clean.sh b/bin/clean.sh index 039fd33..4549454 100755 --- a/bin/clean.sh +++ b/bin/clean.sh @@ -976,7 +976,7 @@ perform_cleanup() { start_section "Orphaned data" clean_orphaned_app_data clean_orphaned_system_services - clean_orphaned_launch_agents + show_user_launch_agent_hint_notice end_section # ===== 11. Apple Silicon ===== diff --git a/lib/clean/apps.sh b/lib/clean/apps.sh index 75402f3..9966ed0 100644 --- a/lib/clean/apps.sh +++ b/lib/clean/apps.sh @@ -597,195 +597,11 @@ clean_orphaned_system_services() { } # ============================================================================ -# Orphaned LaunchAgent/LaunchDaemon Cleanup (Generic Detection) +# User LaunchAgents # ============================================================================ -# Extract program path from plist (supports both ProgramArguments and Program) -_extract_program_path() { - local plist="$1" - local program="" - - program=$(plutil -extract ProgramArguments.0 raw "$plist" 2> /dev/null) - if [[ -z "$program" ]]; then - program=$(plutil -extract Program raw "$plist" 2> /dev/null) - fi - - echo "$program" -} - -# Extract associated bundle identifier from plist -_extract_associated_bundle() { - local plist="$1" - local associated="" - - # Try array format first - associated=$(plutil -extract AssociatedBundleIdentifiers.0 raw "$plist" 2> /dev/null) - if [[ -z "$associated" ]] || [[ "$associated" == "1" ]]; then - # Try string format - associated=$(plutil -extract AssociatedBundleIdentifiers raw "$plist" 2> /dev/null) - # Filter out dict/array markers - if [[ "$associated" == "{"* ]] || [[ "$associated" == "["* ]]; then - associated="" - fi - fi - - echo "$associated" -} - -# Check if a LaunchAgent/LaunchDaemon is orphaned using multi-layer verification -# Returns 0 if orphaned, 1 if not orphaned -is_launch_item_orphaned() { - local plist="$1" - - # Layer 1: Check if program path exists - local program=$(_extract_program_path "$plist") - - # No program path - skip (not a standard launch item) - [[ -z "$program" ]] && return 1 - - # Program exists -> not orphaned - [[ -e "$program" ]] && return 1 - - # Layer 2: Check AssociatedBundleIdentifiers - local associated=$(_extract_associated_bundle "$plist") - if [[ -n "$associated" ]]; then - # Check if associated app exists via mdfind - if run_with_timeout 2 mdfind "kMDItemCFBundleIdentifier == '$associated'" 2> /dev/null | head -1 | grep -q .; then - return 1 # Associated app found -> not orphaned - fi - - # Extract vendor name from bundle ID (com.vendor.app -> vendor) - local vendor=$(echo "$associated" | cut -d'.' -f2) - if [[ -n "$vendor" ]] && [[ ${#vendor} -ge 3 ]]; then - # Check if any app from this vendor exists - if find /Applications ~/Applications -maxdepth 2 -iname "*${vendor}*" -type d 2> /dev/null | grep -iq "\.app"; then - return 1 # Vendor app exists -> not orphaned - fi - fi - fi - - # Layer 3: Check Application Support directory activity - if [[ "$program" =~ /Library/Application\ Support/([^/]+)/ ]]; then - local app_support_name="${BASH_REMATCH[1]}" - - # Check both user and system Application Support - for base in "$HOME/Library/Application Support" "/Library/Application Support"; do - local support_path="$base/$app_support_name" - if [[ -d "$support_path" ]]; then - # Check if there are files modified in last 7 days (active usage) - local recent_file=$(find "$support_path" -type f -mtime -7 2> /dev/null | head -1) - if [[ -n "$recent_file" ]]; then - return 1 # Active Application Support -> not orphaned - fi - fi - done - fi - - # Layer 4: Check if app name from program path exists - if [[ "$program" =~ /Applications/([^/]+)\.app/ ]]; then - local app_name="${BASH_REMATCH[1]}" - # Look for apps with similar names (case-insensitive) - if find /Applications ~/Applications -maxdepth 2 -iname "*${app_name}*" -type d 2> /dev/null | grep -iq "\.app"; then - return 1 # Similar app exists -> not orphaned - fi - fi - - # Layer 5: PrivilegedHelper special handling - if [[ "$program" =~ ^/Library/PrivilegedHelperTools/ ]]; then - local filename=$(basename "$plist") - local bundle_id="${filename%.plist}" - - # Extract app hint from bundle ID (com.vendor.app.helper -> vendor) - local app_hint=$(echo "$bundle_id" | sed 's/com\.//; s/\..*helper.*//') - - if [[ -n "$app_hint" ]] && [[ ${#app_hint} -ge 3 ]]; then - # Look for main app - if find /Applications ~/Applications -maxdepth 2 -iname "*${app_hint}*" -type d 2> /dev/null | grep -iq "\.app"; then - return 1 # Helper's main app exists -> not orphaned - fi - fi - fi - - # All checks failed -> likely orphaned +# User-level LaunchAgents are user-owned automation/configuration, not generic +# cleanup targets. `mo clean` must not delete them automatically. +clean_orphaned_launch_agents() { return 0 } - -# Clean orphaned user-level LaunchAgents -# Only processes ~/Library/LaunchAgents (safer than system-level) -clean_orphaned_launch_agents() { - local launch_agents_dir="$HOME/Library/LaunchAgents" - - [[ ! -d "$launch_agents_dir" ]] && return 0 - - start_section_spinner "Scanning orphaned launch agents..." - - local -a orphaned_items=() - local total_orphaned_kb=0 - - # Scan user LaunchAgents - while IFS= read -r -d '' plist; do - local filename=$(basename "$plist") - - # Skip Apple's LaunchAgents - [[ "$filename" == com.apple.* ]] && continue - - local bundle_id="${filename%.plist}" - - # Check if orphaned using multi-layer verification - if is_launch_item_orphaned "$plist"; then - local size_kb=$(get_path_size_kb "$plist") - orphaned_items+=("$bundle_id|$plist") - total_orphaned_kb=$((total_orphaned_kb + size_kb)) - fi - done < <(find "$launch_agents_dir" -maxdepth 1 -name "*.plist" -print0 2> /dev/null) - - stop_section_spinner - - local orphaned_count=${#orphaned_items[@]} - - if [[ $orphaned_count -eq 0 ]]; then - return 0 - fi - - # Clean the orphaned items automatically - local removed_count=0 - local dry_run_count=0 - local is_dry_run=false - if [[ "${MOLE_DRY_RUN:-0}" == "1" ]]; then - is_dry_run=true - fi - for item in "${orphaned_items[@]}"; do - IFS='|' read -r bundle_id plist_path <<< "$item" - - if [[ "$is_dry_run" == "true" ]]; then - dry_run_count=$((dry_run_count + 1)) - log_operation "clean" "DRY_RUN" "$plist_path" "orphaned launch agent" - continue - fi - - # Try to unload first (if currently loaded) - launchctl unload "$plist_path" 2> /dev/null || true - - # Remove the plist file - if safe_remove "$plist_path" false; then - removed_count=$((removed_count + 1)) - log_operation "clean" "REMOVED" "$plist_path" "orphaned launch agent" - else - log_operation "clean" "FAILED" "$plist_path" "permission denied" - fi - done - - if [[ "$is_dry_run" == "true" ]]; then - if [[ $dry_run_count -gt 0 ]]; then - local cleaned_mb=$(echo "$total_orphaned_kb" | awk '{printf "%.1f", $1/1024}') - echo " ${YELLOW}${ICON_DRY_RUN}${NC} Would remove $dry_run_count orphaned launch agent(s), ${cleaned_mb}MB" - note_activity - fi - else - if [[ $removed_count -gt 0 ]]; then - local cleaned_mb=$(echo "$total_orphaned_kb" | awk '{printf "%.1f", $1/1024}') - echo " ${GREEN}${ICON_SUCCESS}${NC} Removed $removed_count orphaned launch agent(s), ${cleaned_mb}MB" - note_activity - fi - fi -} diff --git a/lib/clean/hints.sh b/lib/clean/hints.sh index f6538bf..0ac04dd 100644 --- a/lib/clean/hints.sh +++ b/lib/clean/hints.sh @@ -54,6 +54,65 @@ hint_get_path_size_kb_with_timeout() { printf '%s\n' "$size_kb" } +# shellcheck disable=SC2329 +hint_extract_launch_agent_program_path() { + local plist="$1" + local program="" + + program=$(plutil -extract ProgramArguments.0 raw "$plist" 2> /dev/null || echo "") + if [[ -z "$program" ]]; then + program=$(plutil -extract Program raw "$plist" 2> /dev/null || echo "") + fi + + printf '%s\n' "$program" +} + +# shellcheck disable=SC2329 +hint_extract_launch_agent_associated_bundle() { + local plist="$1" + local associated="" + + associated=$(plutil -extract AssociatedBundleIdentifiers.0 raw "$plist" 2> /dev/null || echo "") + if [[ -z "$associated" ]] || [[ "$associated" == "1" ]]; then + associated=$(plutil -extract AssociatedBundleIdentifiers raw "$plist" 2> /dev/null || echo "") + if [[ "$associated" == "{"* ]] || [[ "$associated" == "["* ]]; then + associated="" + fi + fi + + printf '%s\n' "$associated" +} + +# shellcheck disable=SC2329 +hint_is_app_scoped_launch_target() { + local program="$1" + + case "$program" in + /Applications/Setapp/*.app/* | \ + /Applications/*.app/* | \ + "$HOME"/Applications/*.app/* | \ + /Library/Input\ Methods/*.app/* | \ + /Library/PrivilegedHelperTools/*) + return 0 + ;; + esac + + return 1 +} + +# shellcheck disable=SC2329 +hint_launch_agent_bundle_exists() { + local bundle_id="$1" + + [[ -z "$bundle_id" ]] && return 1 + + if run_with_timeout 2 mdfind "kMDItemCFBundleIdentifier == '$bundle_id'" 2> /dev/null | head -1 | grep -q .; then + return 0 + fi + + return 1 +} + # shellcheck disable=SC2329 record_project_artifact_hint() { local path="$1" @@ -351,3 +410,58 @@ show_project_artifact_hint_notice() { fi echo -e " ${GRAY}${ICON_REVIEW}${NC} Review: mo purge" } + +# shellcheck disable=SC2329 +show_user_launch_agent_hint_notice() { + local launch_agents_dir="$HOME/Library/LaunchAgents" + [[ -d "$launch_agents_dir" ]] || return 0 + + local max_hits=3 + local -a labels=() + local -a reasons=() + local -a targets=() + local plist + + while IFS= read -r -d '' plist; do + local filename + filename=$(basename "$plist") + [[ "$filename" == com.apple.* ]] && continue + + local reason="" + local target="" + local program="" + local associated="" + + program=$(hint_extract_launch_agent_program_path "$plist") + if [[ -n "$program" ]] && hint_is_app_scoped_launch_target "$program" && [[ ! -e "$program" ]]; then + reason="Missing app/helper target" + target="${program/#$HOME/~}" + else + associated=$(hint_extract_launch_agent_associated_bundle "$plist") + if [[ -n "$associated" ]] && ! hint_launch_agent_bundle_exists "$associated"; then + reason="Associated app not found" + target="$associated" + fi + fi + + if [[ -n "$reason" ]]; then + labels+=("$filename") + reasons+=("$reason") + targets+=("$target") + if [[ ${#labels[@]} -ge $max_hits ]]; then + break + fi + fi + done < <(find "$launch_agents_dir" -maxdepth 1 -name "*.plist" -print0 2> /dev/null) + + [[ ${#labels[@]} -eq 0 ]] && return 0 + + note_activity + + local i + for i in "${!labels[@]}"; do + echo -e " ${GREEN}${ICON_LIST}${NC} Potential stale login item: ${labels[$i]}" + echo -e " ${GRAY}${ICON_SUBLIST}${NC} ${reasons[$i]}: ${GRAY}${targets[$i]}${NC}" + done + echo -e " ${GRAY}${ICON_REVIEW}${NC} Review: open ~/Library/LaunchAgents and remove only items you recognize" +} diff --git a/tests/clean_apps.bats b/tests/clean_apps.bats index 0fafe10..2fc7cdd 100644 --- a/tests/clean_apps.bats +++ b/tests/clean_apps.bats @@ -412,142 +412,31 @@ EOF [[ "$output" != *"launchctl-called"* ]] } -@test "is_launch_item_orphaned detects orphan when program missing" { - run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF' -set -euo pipefail -source "$PROJECT_ROOT/lib/core/common.sh" -source "$PROJECT_ROOT/lib/clean/apps.sh" - -tmp_dir="$(mktemp -d)" -tmp_plist="$tmp_dir/com.test.orphan.plist" - -cat > "$tmp_plist" << 'PLIST' - - - - - Label - com.test.orphan - ProgramArguments - - /nonexistent/app/program - - - -PLIST - -run_with_timeout() { shift; "$@"; } - -if is_launch_item_orphaned "$tmp_plist"; then - echo "orphan" -fi - -rm -rf "$tmp_dir" -EOF - - [ "$status" -eq 0 ] - [[ "$output" == *"orphan"* ]] -} - -@test "is_launch_item_orphaned protects when program exists" { - run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF' -set -euo pipefail -source "$PROJECT_ROOT/lib/core/common.sh" -source "$PROJECT_ROOT/lib/clean/apps.sh" - -tmp_dir="$(mktemp -d)" -tmp_plist="$tmp_dir/com.test.active.plist" -tmp_program="$tmp_dir/program" -touch "$tmp_program" - -cat > "$tmp_plist" << PLIST - - - - - Label - com.test.active - ProgramArguments - - $tmp_program - - - -PLIST - -run_with_timeout() { shift; "$@"; } - -if is_launch_item_orphaned "$tmp_plist"; then - echo "orphan" -else - echo "not-orphan" -fi - -rm -rf "$tmp_dir" -EOF - - [ "$status" -eq 0 ] - [[ "$output" == *"not-orphan"* ]] -} - -@test "is_launch_item_orphaned protects when app support active" { - run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF' -set -euo pipefail -source "$PROJECT_ROOT/lib/core/common.sh" -source "$PROJECT_ROOT/lib/clean/apps.sh" - -tmp_dir="$(mktemp -d)" -tmp_plist="$tmp_dir/com.test.appsupport.plist" - -mkdir -p "$HOME/Library/Application Support/TestApp" -touch "$HOME/Library/Application Support/TestApp/recent.txt" - -cat > "$tmp_plist" << 'PLIST' - - - - - Label - com.test.appsupport - ProgramArguments - - $HOME/Library/Application Support/TestApp/Current/app - - - -PLIST - -run_with_timeout() { shift; "$@"; } - -if is_launch_item_orphaned "$tmp_plist"; then - echo "orphan" -else - echo "not-orphan" -fi - -rm -rf "$tmp_dir" -rm -rf "$HOME/Library/Application Support/TestApp" -EOF - - [ "$status" -eq 0 ] - [[ "$output" == *"not-orphan"* ]] -} - -@test "clean_orphaned_launch_agents skips when no orphans" { +@test "clean_orphaned_launch_agents preserves user launch agents" { run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF' set -euo pipefail source "$PROJECT_ROOT/lib/core/common.sh" source "$PROJECT_ROOT/lib/clean/apps.sh" mkdir -p "$HOME/Library/LaunchAgents" +cat > "$HOME/Library/LaunchAgents/com.example.custom-task.plist" <<'PLIST' + + + + + Label + com.example.custom-task + + +PLIST start_section_spinner() { :; } stop_section_spinner() { :; } note_activity() { :; } -get_path_size_kb() { echo "1"; } -run_with_timeout() { shift; "$@"; } clean_orphaned_launch_agents + +[[ -f "$HOME/Library/LaunchAgents/com.example.custom-task.plist" ]] EOF [ "$status" -eq 0 ] diff --git a/tests/clean_core.bats b/tests/clean_core.bats index 836c15e..30bed50 100644 --- a/tests/clean_core.bats +++ b/tests/clean_core.bats @@ -98,6 +98,29 @@ run_clean_dry_run() { [ -f "$HOME/Library/Caches/TestApp/cache.tmp" ] } +@test "mo clean --dry-run reports stale login item without deleting it" { + mkdir -p "$HOME/Library/LaunchAgents" + cat > "$HOME/Library/LaunchAgents/com.example.stale.plist" <<'PLIST' + + + + + Label + com.example.stale + ProgramArguments + + /Applications/Missing.app/Contents/MacOS/Missing + + + +PLIST + + run env HOME="$HOME" MOLE_TEST_MODE=1 "$PROJECT_ROOT/mole" clean --dry-run + [ "$status" -eq 0 ] + [[ "$output" == *"Potential stale login item: com.example.stale.plist"* ]] + [ -f "$HOME/Library/LaunchAgents/com.example.stale.plist" ] +} + @test "mo clean honors whitelist entries" { mkdir -p "$HOME/Library/Caches/WhitelistedApp" echo "keep me" > "$HOME/Library/Caches/WhitelistedApp/data.tmp" @@ -322,4 +345,3 @@ EOF [ "$status" -eq 0 ] [[ "$output" == *"Time Machine backup in progress, skipping cleanup"* ]] } - diff --git a/tests/clean_hints.bats b/tests/clean_hints.bats index 04ab24f..c3138a6 100644 --- a/tests/clean_hints.bats +++ b/tests/clean_hints.bats @@ -97,3 +97,65 @@ EOT3 [[ "$output" == *"~/Library/Developer/Xcode/DerivedData"* ]] [[ "$output" == *"Review: mo analyze, Device backups, docker system df"* ]] } + +@test "show_user_launch_agent_hint_notice reports missing app-backed target" { + mkdir -p "$HOME/Library/LaunchAgents" + cat > "$HOME/Library/LaunchAgents/com.example.stale.plist" <<'PLIST' + + + + + Label + com.example.stale + ProgramArguments + + /Applications/Missing.app/Contents/MacOS/Missing + + + +PLIST + + run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOT4' +set -euo pipefail +source "$PROJECT_ROOT/lib/core/common.sh" +source "$PROJECT_ROOT/lib/clean/hints.sh" +note_activity() { :; } +show_user_launch_agent_hint_notice +EOT4 + + [ "$status" -eq 0 ] + [[ "$output" == *"Potential stale login item: com.example.stale.plist"* ]] + [[ "$output" == *"Missing app/helper target"* ]] + [[ "$output" == *"Review: open ~/Library/LaunchAgents"* ]] +} + +@test "show_user_launch_agent_hint_notice skips custom shell wrappers" { + mkdir -p "$HOME/Library/LaunchAgents" + cat > "$HOME/Library/LaunchAgents/com.example.custom.plist" <<'PLIST' + + + + + Label + com.example.custom + ProgramArguments + + /bin/bash + -c + $HOME/bin/custom-task + + + +PLIST + + run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOT5' +set -euo pipefail +source "$PROJECT_ROOT/lib/core/common.sh" +source "$PROJECT_ROOT/lib/clean/hints.sh" +note_activity() { :; } +show_user_launch_agent_hint_notice +EOT5 + + [ "$status" -eq 0 ] + [[ -z "$output" ]] +}