Add support for one API used to detect if a process

is running under System Integrity Protection on 
Mac OS X 10.11.  The rootless_allows_task_for_pid() spi
(see debugserver RNBRemote.cpp) is the final SPI that
is used for this - should add support for that too at
some point.

llvm-svn: 252228
This commit is contained in:
Jason Molenda 2015-11-05 23:04:57 +00:00
parent a814f704d3
commit 943a42f924
1 changed files with 12 additions and 0 deletions

View File

@ -10,6 +10,11 @@
#include <errno.h>
#include <dispatch/dispatch.h>
// from System.framework/Versions/B/PrivateHeaders/sys/codesign.h
#define CS_OPS_STATUS 0 /* return status */
#define CS_RESTRICT 0x0000800 /* tell dyld to treat restricted */
int csops(pid_t pid, unsigned int ops, void * useraddr, size_t usersize);
/* Step through the process table, find a matching process name, return
the pid of that matched process.
If there are multiple processes with that name, issue a warning on stdout
@ -367,6 +372,13 @@ main (int argc, char **argv)
printf ("\n");
int csops_flags = 0;
if (csops (pid, CS_OPS_STATUS, &csops_flags, sizeof (csops_flags)) != -1
&& (csops_flags & CS_RESTRICT))
{
printf ("pid %d (%s) is restricted so nothing can attach to it.\n", pid, process_name);
}
kr = task_for_pid (mach_task_self (), pid, &task);
if (kr != KERN_SUCCESS)
{