Changeset 87030 in vbox

Timestamp:

Dec 2, 2020 10:46:49 AM (4 years ago)

Author:

vboxsync

Message:

Forward port r141521, r141567, r141568, r141588, r141589, r141590, r141592, r141593, r141594, r141595 and r141652 from 6.1 (Fixes for BigSur with SIP disabled, bugref:9836)

Location:

trunk

Files:

• . (modified) (1 prop)
• src/VBox (modified) (1 prop)
• src/VBox/HostDrivers/Support/Makefile.kmk (modified) (1 diff)
• src/VBox/HostDrivers/Support/SUPLibInternal.h (modified) (1 diff)
• src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp (modified) (1 diff)
• src/VBox/HostDrivers/Support/darwin/SUPR3HardenedMain-darwin.cpp (added)
• src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp (modified) (4 diffs)

trunk

@@ -10 +10 @@
 /branches/VBox-5.2:119536,120083,120099,120213,120221,120239,123597-123598,123600-123601,123755,124260,124263,124271,124273,124277-124279,124284-124286,124288-124290,125768,125779-125780,125812
 /branches/VBox-6.0:130474-130475,130477,130479,131352
-/branches/VBox-6.1:139660,139797
+/branches/VBox-6.1:139660,139797,141521,141567-141568,141588-141590,141592-141595,141652
 /branches/aeichner/vbox-chromium-cleanup:129816,129818-129851,129853-129861,129871-129872,129876,129880,129882,130013-130015,130036,130094-130095
 /branches/andy/draganddrop:90781-91268

@@ -10 +10 @@
 /branches/VBox-5.2:119536,120083,120099,120213,120221,120239,123597-123598,123600-123601,123755,124260,124263,124271,124273,124277-124279,124284-124286,124288-124290,125768,125779-125780,125812
 /branches/VBox-6.0:130474-130475,130477,130479,131352
-/branches/VBox-6.1:139660,139797
+/branches/VBox-6.1:139660,139797,141521,141567-141568,141588-141590,141592-141595,141652
 /branches/aeichner/vbox-chromium-cleanup:129816,129818-129851,129853-129861,129871-129872,129876,129880,129882,130013-130015,130036,130094-130095
 /branches/andy/draganddrop:90781-91268

trunk/src/VBox

@@ -10 +10 @@
 /branches/VBox-5.2/src/VBox:119536,120083,120099,120213,120221,120239,123597-123598,123600-123601,123755,124263,124273,124277-124279,124284-124286,124288-124290,125768,125779-125780,125812,127158-127159,127162-127167,127180
 /branches/VBox-6.0/src/VBox:130474-130475,130477,130479,131352
+/branches/VBox-6.1/src/VBox:141521,141567-141568,141588-141590,141592-141595,141652
 /branches/aeichner/vbox-chromium-cleanup/src/VBox:129818-129851,129853-129861,129871-129872,129876,129880,129882,130013-130015,130094-130095
 /branches/andy/draganddrop/src/VBox:90781-91268

@@ -10 +10 @@
 /branches/VBox-5.2/src/VBox:119536,120083,120099,120213,120221,120239,123597-123598,123600-123601,123755,124263,124273,124277-124279,124284-124286,124288-124290,125768,125779-125780,125812,127158-127159,127162-127167,127180
 /branches/VBox-6.0/src/VBox:130474-130475,130477,130479,131352
+/branches/VBox-6.1/src/VBox:141521,141567-141568,141588-141590,141592-141595,141652
 /branches/aeichner/vbox-chromium-cleanup/src/VBox:129818-129851,129853-129861,129871-129872,129876,129880,129882,130013-130015,130094-130095
 /branches/andy/draganddrop/src/VBox:90781-91268

trunk/src/VBox/HostDrivers/Support/Makefile.kmk

@@ -414 +414 @@
 endif
 
-# Things specific to the posix crowd.
-if1of ($(KBUILD_TARGET), linux darwin solaris)
+# macOS specifics.
+ifeq ($(KBUILD_TARGET),darwin)
+ SUPR3HardenedStatic_DEFS += \
+        LOG_DISABLED
+
+ SUPR3HardenedStatic_INCS += $(VBOX_PATH_RUNTIME_SRC)/include
+
+ SUPR3HardenedStatic_SOURCES += \
+        darwin/SUPR3HardenedMain-darwin.cpp \
+       \
+        $(VBOX_PATH_RUNTIME_SRC)/common/misc/RTAssertMsg1Weak.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/misc/RTAssertMsg2.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/misc/RTAssertMsg2Weak.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/misc/RTAssertMsg2WeakV.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/generic/RTAssertShouldPanic-generic.cpp
+endif
+
+# Things specific to the rest of the posix crowd.
+if1of ($(KBUILD_TARGET), linux solaris)
  SUPR3HardenedStatic_DEFS += \
         IN_DIS \

trunk/src/VBox/HostDrivers/Support/SUPLibInternal.h

@@ -495 +495 @@
                                                         const char *pszFormat, va_list va);
 #else   /* !RT_OS_WINDOWS */
+# if !defined(RT_OS_DARWIN)
 DECLHIDDEN(void)    supR3HardenedPosixInit(void);
+# else  /* !RT_OS_DARWIN */
+DECLHIDDEN(void)    supR3HardenedDarwinInit(void);
+#endif  /* !RT_OS_DARWIN */
 #endif  /* !RT_OS_WINDOWS */
 

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

@@ -2635 +2635 @@
     g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_WIN_VERIFY_TRUST_READY;
 #else /* !RT_OS_WINDOWS */
-# ifndef RT_OS_FREEBSD /** @todo portme */
+# if defined(RT_OS_DARWIN)
+    supR3HardenedDarwinInit();
+# elif !defined(RT_OS_FREEBSD) /** @todo Portme. */
     /*
      * Posix: Hook the load library interface interface.

trunk/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp

@@ -39 +39 @@
 #include <dlfcn.h>
 #include <sys/mman.h>
-#ifdef RT_OS_DARWIN
-# include <errno.h>
-# include <fcntl.h>
-# include <sys/stat.h> /* fstat() */
-# include <unistd.h>   /* readlink() */
-# include <stdlib.h>
-# include <sys/sysctl.h> /* sysctlbyname() */
-#elif defined(RT_OS_SOLARIS)
+#if defined(RT_OS_SOLARIS)
 # include <link.h>
 #endif
@@ -58 +51 @@
 *   Defined Constants And Macros                                                                                                 *
 *********************************************************************************************************************************/
-
-/** For OS X. */
-#ifndef MAP_ANONYMOUS
-# define MAP_ANONYMOUS MAP_ANON
-#endif
 
 /**
@@ -192 +180 @@
         && strchr(pszFilename, '/') != NULL)
     {
-#if defined(RT_OS_DARWIN) || defined(RT_OS_LINUX)
+#if defined(RT_OS_LINUX)
         int rc = supR3HardenedVerifyFileFollowSymlinks(pszFilename, RTHCUINTPTR_MAX, true /* fMaybe3rdParty */,
                                                        NULL /* pErrInfo */);
@@ -642 +630 @@
 DECLHIDDEN(void) supR3HardenedPosixInit(void)
 {
-    int  rc;
-    bool fIgnoreFailure = false;
-
-#ifdef RT_OS_DARWIN
-    /*
-     * Try figure out / guess if we've got hardened runtime here.  For now we'll
-     * just ignore patching errors if when hardened runtime is active.
-     */
-    int (*pfnCsOps)(pid_t, unsigned int, void *, size_t);
-    *(void **)&pfnCsOps = dlsym(RTLD_DEFAULT, "csops");
-    if (!pfnCsOps)
-        supR3HardenedFatalMsg("supR3HardenedPosixInit", kSupInitOp_Integrity, VERR_SYMBOL_NOT_FOUND,
-                              "Failed locate the 'csops' function");
-
-    uint32_t fFlags = 0;
-    rc = pfnCsOps(getpid(), 0 /*CS_OPS_STATUS*/, &fFlags, sizeof(fFlags));
-# if 0
-    char szMsg[128];
-    write(2, szMsg, sprintf(szMsg,"DEBUG: p_csflags=%#x rc=%d\n", fFlags, rc));
-# endif
-    if (rc != 0)
-        supR3HardenedFatalMsg("supR3HardenedPosixInit", kSupInitOp_Integrity, VERR_GENERAL_FAILURE,
-                              "csops/CS_OPS_STATUS failed (%d)", rc);
-    fIgnoreFailure = RT_BOOL(fFlags & 0x00010000 /*CS_RUNTIME*/);
-#endif
-
     for (unsigned i = 0; i < RT_ELEMENTS(g_aHooks); i++)
     {
         PCSUPHARDENEDPOSIXHOOK pHook = &g_aHooks[i];
-        rc = supR3HardenedMainPosixHookOne(pHook->pszSymbol, pHook->pfnHook, pHook->ppfnRealResume, pHook->pfnResolve);
-        if (RT_FAILURE(rc) && !fIgnoreFailure)
+        int rc = supR3HardenedMainPosixHookOne(pHook->pszSymbol, pHook->pfnHook, pHook->ppfnRealResume, pHook->pfnResolve);
+        if (RT_FAILURE(rc))
             supR3HardenedFatalMsg("supR3HardenedPosixInit", kSupInitOp_Integrity, rc,
                                   "Failed to hook the %s interface", pHook->pszSymbol);

@@ -10 +10 @@
 /branches/VBox-5.2:119536,120083,120099,120213,120221,120239,123597-123598,123600-123601,123755,124260,124263,124271,124273,124277-124279,124284-124286,124288-124290,125768,125779-125780,125812
 /branches/VBox-6.0:130474-130475,130477,130479,131352
-/branches/VBox-6.1:139660,139797
+/branches/VBox-6.1:139660,139797,141521,141567-141568,141588-141590,141592-141595,141652
 /branches/aeichner/vbox-chromium-cleanup:129816,129818-129851,129853-129861,129871-129872,129876,129880,129882,130013-130015,130036,130094-130095
 /branches/andy/draganddrop:90781-91268

@@ -10 +10 @@
 /branches/VBox-5.2/src/VBox:119536,120083,120099,120213,120221,120239,123597-123598,123600-123601,123755,124263,124273,124277-124279,124284-124286,124288-124290,125768,125779-125780,125812,127158-127159,127162-127167,127180
 /branches/VBox-6.0/src/VBox:130474-130475,130477,130479,131352
+/branches/VBox-6.1/src/VBox:141521,141567-141568,141588-141590,141592-141595,141652
 /branches/aeichner/vbox-chromium-cleanup/src/VBox:129818-129851,129853-129861,129871-129872,129876,129880,129882,130013-130015,130094-130095
 /branches/andy/draganddrop/src/VBox:90781-91268