Changeset 82957 in vbox for trunk/src/VBox/HostDrivers/Support

Timestamp:

Feb 3, 2020 1:31:22 PM (5 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

135963

Message:

SUPHard/darwin: Ignore patching failures in supR3HardenedPosixInit if the hardened runtime option is active (can't easily modify text pages then). bugref:9466

File:

• trunk/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp (modified) (2 diffs)

trunk/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp

@@ -45 +45 @@
 # include <unistd.h>   /* readlink() */
 # include <stdlib.h>
+# include <sys/sysctl.h> /* sysctlbyname() */
 #elif defined(RT_OS_SOLARIS)
 # include <link.h>
@@ -640 +641 @@
 DECLHIDDEN(void) supR3HardenedPosixInit(void)
 {
+    int  rc;
+    bool fIgnoreFailure = false;
+
+#ifdef RT_OS_DARWIN
+    /*
+     * Try figure out / guess if we've got hardened runtime here.  For now we'll
+     * just ignore patching errors if when hardened runtime is active.
+     */
+    int (*pfnCsOps)(pid_t, unsigned int, void *, size_t);
+    *(void **)&pfnCsOps = dlsym(RTLD_DEFAULT, "csops");
+    if (!pfnCsOps)
+        supR3HardenedFatalMsg("supR3HardenedPosixInit", kSupInitOp_Integrity, VERR_SYMBOL_NOT_FOUND,
+                              "Failed locate the 'csops' function");
+
+    uint32_t fFlags = 0;
+    rc = pfnCsOps(getpid(), 0 /*CS_OPS_STATUS*/, &fFlags, sizeof(fFlags));
+# if 0
+    char szMsg[128];
+    write(2, szMsg, sprintf(szMsg,"DEBUG: p_csflags=%#x rc=%d\n", fFlags, rc));
+# endif
+    if (rc != 0)
+        supR3HardenedFatalMsg("supR3HardenedPosixInit", kSupInitOp_Integrity, VERR_GENERAL_FAILURE,
+                              "csops/CS_OPS_STATUS failed (%d)", rc);
+    fIgnoreFailure = RT_BOOL(fFlags & 0x00010000 /*CS_RUNTIME*/);
+#endif
+
     for (unsigned i = 0; i < RT_ELEMENTS(g_aHooks); i++)
     {
         PCSUPHARDENEDPOSIXHOOK pHook = &g_aHooks[i];
-        int rc = supR3HardenedMainPosixHookOne(pHook->pszSymbol, pHook->pfnHook, pHook->ppfnRealResume, pHook->pfnResolve);
-        if (RT_FAILURE(rc))
+        rc = supR3HardenedMainPosixHookOne(pHook->pszSymbol, pHook->pfnHook, pHook->ppfnRealResume, pHook->pfnResolve);
+        if (RT_FAILURE(rc) && !fIgnoreFailure)
             supR3HardenedFatalMsg("supR3HardenedPosixInit", kSupInitOp_Integrity, rc,
                                   "Failed to hook the %s interface", pHook->pszSymbol);