/* Any other combination means no entitlements */
if (ret == -1) {
if (errno != ERANGE) {
- syslog(LOG_NOTICE, "SecTaskLoadEntitlements failed error=%d", errno); // to ease diagnostics
+ int entitlementErrno = errno;
+
+ uint32_t cs_flags = -1;
+ if (-1 == csops_task(task, CS_OPS_STATUS, &cs_flags, sizeof(cs_flags))) {
+ syslog(LOG_NOTICE, "Failed to get cs_flags, error=%d", errno);
+ }
+
+ syslog(LOG_NOTICE, "SecTaskLoadEntitlements failed error=%d cs_flags=%x, task->pid_self=%d", entitlementErrno, cs_flags, task->pid_self); // to ease diagnostics
+
+ CFStringRef description = SecTaskCopyDebugDescription(task);
+ char *descriptionBuf = NULL;
+ CFIndex descriptionSize = CFStringGetLength(description) * 4;
+ descriptionBuf = (char *)malloc(descriptionSize);
+ if (!CFStringGetCString(description, descriptionBuf, descriptionSize, kCFStringEncodingUTF8)) {
+ descriptionBuf[0] = 0;
+ }
+
+ syslog(LOG_NOTICE, "SecTaskCopyDebugDescription: %s", descriptionBuf);
+ CFRelease(description);
+ free(descriptionBuf);
+
// EINVAL is what the kernel says for unsigned code, so we'll have to let that pass
- if (errno == EINVAL) {
+ if (entitlementErrno == EINVAL) {
task->entitlementsLoaded = true;
return true;
}
- ret = errno; // what really went wrong
+ ret = entitlementErrno; // what really went wrong
goto out; // bail out
}
bufferlen = ntohl(header.length);
projects / apple / security.git / blobdiff