Add support for one API used to detect if a process
is running under System Integrity Protection on Mac OS X 10.11. The rootless_allows_task_for_pid() spi (see debugserver RNBRemote.cpp) is the final SPI that is used for this - should add support for that too at some point. llvm-svn: 252228
This commit is contained in:
Jason Molenda
parent
a814f704d3
commit
943a42f924
|
|
@ -10,6 +10,11 @@
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <dispatch/dispatch.h>
|
#include <dispatch/dispatch.h>
|
||||||
|
|
||||||
|
// from System.framework/Versions/B/PrivateHeaders/sys/codesign.h
|
||||||
|
#define CS_OPS_STATUS 0 /* return status */
|
||||||
|
#define CS_RESTRICT 0x0000800 /* tell dyld to treat restricted */
|
||||||
|
int csops(pid_t pid, unsigned int ops, void * useraddr, size_t usersize);
|
||||||
|
|
||||||
/* Step through the process table, find a matching process name, return
|
/* Step through the process table, find a matching process name, return
|
||||||
the pid of that matched process.
|
the pid of that matched process.
|
||||||
If there are multiple processes with that name, issue a warning on stdout
|
If there are multiple processes with that name, issue a warning on stdout
|
||||||
|
|
@ -367,6 +372,13 @@ main (int argc, char **argv)
|
||||||
|
|
||||||
printf ("\n");
|
printf ("\n");
|
||||||
|
|
||||||
|
int csops_flags = 0;
|
||||||
|
if (csops (pid, CS_OPS_STATUS, &csops_flags, sizeof (csops_flags)) != -1
|
||||||
|
&& (csops_flags & CS_RESTRICT))
|
||||||
|
{
|
||||||
|
printf ("pid %d (%s) is restricted so nothing can attach to it.\n", pid, process_name);
|
||||||
|
}
|
||||||
|
|
||||||
kr = task_for_pid (mach_task_self (), pid, &task);
|
kr = task_for_pid (mach_task_self (), pid, &task);
|
||||||
if (kr != KERN_SUCCESS)
|
if (kr != KERN_SUCCESS)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue