[Lldb-commits] [lldb] 7fa342b - Remove attach-failed-due-to-SIP checks which were not working

[Jason Molenda via lldb-commits]

Author: Jason Molenda
Date: 2020-04-16T15:22:14-07:00
New Revision: 7fa342bd2a6be51998c399f145143d8f45da1f4d

URL: https://github.com/llvm/llvm-project/commit/7fa342bd2a6be51998c399f145143d8f45da1f4d
DIFF: https://github.com/llvm/llvm-project/commit/7fa342bd2a6be51998c399f145143d8f45da1f4d.diff

LOG: Remove attach-failed-due-to-SIP checks which were not working

The SIP debugserver was calling in attach_failed_due_to_sip
haven't worked for a while; remove them.  To check this
properly we'd need debugsever to call out to codesign(1) to
inspect the entitlements, or the equivalant API,
and I'm not interested in adding that at this point.  SIP
is has been the default on macOS for a couple of releases
and it's expected behavior now.

<rdar://problem/59198052>

Added: 
    

Modified: 
    lldb/tools/debugserver/source/RNBRemote.cpp

Removed: 
    


################################################################################
diff  --git a/lldb/tools/debugserver/source/RNBRemote.cpp b/lldb/tools/debugserver/source/RNBRemote.cpp
index 8eed06381d3a..df358065f877 100644
--- a/lldb/tools/debugserver/source/RNBRemote.cpp
+++ b/lldb/tools/debugserver/source/RNBRemote.cpp
@@ -3663,30 +3663,6 @@ static bool process_does_not_exist (nub_process_t pid) {
   return true; // process does not exist
 }
 
-static bool attach_failed_due_to_sip (nub_process_t pid) {
-  bool retval = false;
-#if defined(__APPLE__) &&                                                      \
-  (__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ >= 101000)
-
-  // csr_check(CSR_ALLOW_TASK_FOR_PID) will be nonzero if System Integrity
-  // Protection is in effect.
-  if (csr_check(CSR_ALLOW_TASK_FOR_PID) == 0) 
-    return false;
-
-  if (rootless_allows_task_for_pid(pid) == 0)
-    retval = true;
-
-  int csops_flags = 0;
-  int csops_ret = ::csops(pid, CS_OPS_STATUS, &csops_flags,
-                       sizeof(csops_flags));
-  if (csops_ret != -1 && (csops_flags & CS_RESTRICT)) {
-    retval = true;
-  }
-#endif
-
-  return retval;
-}
-
 // my_uid and process_uid are only initialized if this function
 // returns true -- that there was a uid mismatch -- and those
 // id's may want to be used in the error message.
@@ -4065,13 +4041,6 @@ rnb_err_t RNBRemote::HandlePacket_v(const char *p) {
                                            "processes.");
           return SendPacket(return_message.c_str());
         }
-        if (attach_failed_due_to_sip (pid_attaching_to)) {
-          DNBLogError("Attach failed because of SIP protection.");
-          std::string return_message = "E96;";
-          return_message += cstring_to_asciihex_string("cannot attach "
-                            "to process due to System Integrity Protection");
-          return SendPacket(return_message.c_str());
-        }
       }
 
       std::string error_explainer = "attach failed";