X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..ce3c8656732c924baf7e88df75eab50891bdc471:/sectask/SecTask.c

diff --git a/sectask/SecTask.c b/sectask/SecTask.c
index 33dfd77d..cba86072 100644
--- a/sectask/SecTask.c
+++ b/sectask/SecTask.c
@@ -210,13 +210,33 @@ static bool SecTaskLoadEntitlements(SecTaskRef task, CFErrorRef *error)
     /* Any other combination means no entitlements */
 	if (ret == -1) {
 		if (errno != ERANGE) {
-			syslog(LOG_NOTICE, "SecTaskLoadEntitlements failed error=%d", errno);	// to ease diagnostics
+            int entitlementErrno = errno;
+
+			uint32_t cs_flags = -1;
+            if (-1 == csops_task(task, CS_OPS_STATUS, &cs_flags, sizeof(cs_flags))) {
+                syslog(LOG_NOTICE, "Failed to get cs_flags, error=%d", errno);
+            }
+
+            syslog(LOG_NOTICE, "SecTaskLoadEntitlements failed error=%d cs_flags=%x, task->pid_self=%d", entitlementErrno, cs_flags, task->pid_self);	// to ease diagnostics
+
+            CFStringRef description = SecTaskCopyDebugDescription(task);
+            char *descriptionBuf = NULL;
+            CFIndex descriptionSize = CFStringGetLength(description) * 4;
+            descriptionBuf = (char *)malloc(descriptionSize);
+            if (!CFStringGetCString(description, descriptionBuf, descriptionSize, kCFStringEncodingUTF8)) {
+                descriptionBuf[0] = 0;
+            }
+
+            syslog(LOG_NOTICE, "SecTaskCopyDebugDescription: %s", descriptionBuf);
+            CFRelease(description);
+            free(descriptionBuf);
+
 			// EINVAL is what the kernel says for unsigned code, so we'll have to let that pass
-			if (errno == EINVAL) {
+			if (entitlementErrno == EINVAL) {
 				task->entitlementsLoaded = true;
 				return true;
 			}
-			ret = errno;	// what really went wrong
+			ret = entitlementErrno;	// what really went wrong
 			goto out;		// bail out
 		}
         bufferlen = ntohl(header.length);