Remove attach-failed-due-to-SIP checks which were not working

The SIP debugserver was calling in attach_failed_due_to_sip haven't worked for a while; remove them. To check this properly we'd need debugsever to call out to codesign(1) to inspect the entitlements, or the equivalant API, and I'm not interested in adding that at this point. SIP is has been the default on macOS for a couple of releases and it's expected behavior now. <rdar://problem/59198052>
2020-04-16 15:22:14 -07:00 · 2020-04-16 15:22:14 -07:00 · 7fa342bd2a
parent 40d139c620
commit 7fa342bd2a
1 changed files with 0 additions and 31 deletions
--- a/lldb/tools/debugserver/source/RNBRemote.cpp
+++ b/lldb/tools/debugserver/source/RNBRemote.cpp
@ -3663,30 +3663,6 @@ static bool process_does_not_exist (nub_process_t pid) {
  return true; // process does not exist
 }

-static bool attach_failed_due_to_sip (nub_process_t pid) {
-  bool retval = false;
-#if defined(__APPLE__) &&                                                      \
-  (__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ >= 101000)
-
-  // csr_check(CSR_ALLOW_TASK_FOR_PID) will be nonzero if System Integrity
-  // Protection is in effect.
-  if (csr_check(CSR_ALLOW_TASK_FOR_PID) == 0) 
-    return false;
-
-  if (rootless_allows_task_for_pid(pid) == 0)
-    retval = true;
-
-  int csops_flags = 0;
-  int csops_ret = ::csops(pid, CS_OPS_STATUS, &csops_flags,
-                       sizeof(csops_flags));
-  if (csops_ret != -1 && (csops_flags & CS_RESTRICT)) {
-    retval = true;
-  }
-#endif
-
-  return retval;
-}
-
 // my_uid and process_uid are only initialized if this function
 // returns true -- that there was a uid mismatch -- and those
 // id's may want to be used in the error message.
@ -4065,13 +4041,6 @@ rnb_err_t RNBRemote::HandlePacket_v(const char *p) {
                                           "processes.");
          return SendPacket(return_message.c_str());
        }
-        if (attach_failed_due_to_sip (pid_attaching_to)) {
-          DNBLogError("Attach failed because of SIP protection.");
-          std::string return_message = "E96;";
-          return_message += cstring_to_asciihex_string("cannot attach "
-                            "to process due to System Integrity Protection");
-          return SendPacket(return_message.c_str());
-        }
      }

      std::string error_explainer = "attach failed";