-
Re: What is the replacement to TrustedBSD?
eskimo Oct 30, 2018 2:41 AM (in response to joconnor)It appears that the headers for Trusted BSD have been removed in High Sierra/Xcode 9 and up.
Indeed. The kernel MAC framework has never been a supported KPI, something I documented in QA1574 Kernel's MAC framework. In the 10.13 SDK we finally got around to changing the headers (r. 5645458)) to reflect that reality.
btw In future you can check whether a KPI is supported or not using the process described in QA1575 Supported KPIs.
Is there a replacement technology which we can use similar to
mac_policy_register
andmac_policy_unregister
?Probably not )-: What are you doing in your MAC policy?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: What is the replacement to TrustedBSD?
joconnor Oct 30, 2018 10:29 AM (in response to eskimo)I kept googling and found your old post on the old lists about that.
Looks like kauth is my option. -
Re: What is the replacement to TrustedBSD?
Wellington Apr 15, 2019 2:12 AM (in response to eskimo)> Probably not )-: What are you doing in your MAC policy
In my case I was hoping to use KAUTH_PROCESS_CANSIGNAL to prevent 'unwanted' processes from signalling my security-related daemons, but it seems that has (still) never been implemented. So mpo_proc_check_signal seems the only way to go, unless I've missed another route.
-
Re: What is the replacement to TrustedBSD?
eskimo Apr 16, 2019 1:35 AM (in response to Wellington)In my case I was hoping to use
KAUTH_PROCESS_CANSIGNAL
to prevent ‘unwanted’ processes from signalling my security-related daemons, but it seems that has (still) never been implemented.Indeed. The bug I filed about that (r. 3931697) just got returned to me as “not to be fixed” )-:
So
mpo_proc_check_signal
seems the only way to go, unless I've missed another route.I don’t consider this a “way to go”, given that this is not KPI.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
-