]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/kern/mach_process.c
xnu-4903.231.4.tar.gz
[apple/xnu.git] / bsd / kern / mach_process.c
index d8bc4f07acc2f53f855dc0cb8d5c670fb6f0114b..72d262defd0588bcda6e376288ea1107eaa1c2a1 100644 (file)
 
 #include <pexpert/pexpert.h>
 
+#if CONFIG_MACF
+#include <security/mac_framework.h>
+#endif
+
 /* XXX ken/bsd_kern.c - prototype should be in common header */
 int get_task_userstop(task_t);
 
@@ -128,6 +132,10 @@ ptrace(struct proc *p, struct ptrace_args *uap, int32_t *retval)
        AUDIT_ARG(value32, uap->data);
 
        if (uap->req == PT_DENY_ATTACH) {
+#if (DEVELOPMENT || DEBUG) && CONFIG_EMBEDDED
+               if (PE_i_can_has_debugger(NULL))
+                       return(0);
+#endif
                proc_lock(p);
                if (ISSET(p->p_lflag, P_LTRACED)) {
                        proc_unlock(p);
@@ -227,6 +235,12 @@ retry_trace_me:;
 #pragma clang diagnostic pop
                int             err;
 
+#if CONFIG_EMBEDDED
+               if (tr_sigexc == 0) {
+                       error = ENOTSUP;
+                       goto out;
+               }
+#endif
 
                if ( kauth_authorize_process(proc_ucred(p), KAUTH_PROCESS_CANTRACE, 
                                                                         t, (uintptr_t)&err, 0, 0) == 0 ) {
@@ -369,8 +383,13 @@ retry_trace_me:;
                }
 
                if (uap->data != 0) {
+#if CONFIG_MACF
+                       error = mac_proc_check_signal(p, t, uap->data);
+                       if (0 != error)
+                               goto out;
+#endif
                        psignal(t, uap->data);
-                }
+               }
 
                if (uap->req == PT_STEP) {
                        /*