X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/13f56ec4e58bf8687e2a68032c093c0213dd519b..316670eb35587141e969394ae8537d66b9211e80:/bsd/kern/mach_process.c

diff --git a/bsd/kern/mach_process.c b/bsd/kern/mach_process.c
index 7ec55c799..1a5cac88f 100644
--- a/bsd/kern/mach_process.c
+++ b/bsd/kern/mach_process.c
@@ -313,6 +313,11 @@ ptrace(struct proc *p, struct ptrace_args *uap, int32_t *retval)
 		 *	is resumed by adding NSIG to p_cursig. [see issig]
 		 */
 		proc_unlock(t);
+#if NOTYET
+		error = mac_proc_check_signal(p, t, SIGKILL);
+		if (0 != error)
+			goto resume;
+#endif
 		psignal(t, SIGKILL);
 		goto resume;
 
@@ -342,8 +347,15 @@ ptrace(struct proc *p, struct ptrace_args *uap, int32_t *retval)
 
 		if (uap->req == PT_STEP) {
 		        /*
-			 * set trace bit
+			 * set trace bit 
+			 * we use sending SIGSTOP as a comparable security check.
 			 */
+#if NOTYET
+			error = mac_proc_check_signal(p, t, SIGSTOP);
+			if (0 != error) {
+				goto out;
+			}
+#endif
 			if (thread_setsinglestep(th_act, 1) != KERN_SUCCESS) {
 				error = ENOTSUP;
 				goto out;
@@ -351,7 +363,14 @@ ptrace(struct proc *p, struct ptrace_args *uap, int32_t *retval)
 		} else {
 		        /*
 			 * clear trace bit if on
+			 * we use sending SIGCONT as a comparable security check.
 			 */
+#if NOTYET
+			error = mac_proc_check_signal(p, t, SIGCONT);
+			if (0 != error) {
+				goto out;
+			}
+#endif
 			if (thread_setsinglestep(th_act, 0) != KERN_SUCCESS) {
 				error = ENOTSUP;
 				goto out;