Skip to content

Commit 98ed5ed

Browse files
committed
security: fixing up some permission checks
1 parent 773dee3 commit 98ed5ed

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

Config.xcconfig

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,4 @@
99
// https://developer.apple.com/documentation/xcode/adding-a-build-configuration-file-to-your-project
1010

1111
VERSION = 0.9.0
12-
BUILD_NUMBER = 20260223.90.US.seanistethered
12+
BUILD_NUMBER = 20260223.94.US.seanistethered

Nyxian/LindChain/ProcEnvironment/Surface/permit.m

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -78,12 +78,6 @@ BOOL permitive_over_pid_allowed(ksurface_proc_copy_t *proc,
7878
goto out_unlock;
7979
}
8080

81-
if(entitlementsNeeded != PEEntitlementNone &&
82-
!entitlement_got_entitlement(proc_getentitlements(proc), entitlementsNeeded))
83-
{
84-
goto out_unlock;
85-
}
86-
8781
/* handling sid bypass */
8882
if(allowSessionBypass &&
8983
caller_uid == proc_getruid(targetProc) &&
@@ -95,18 +89,24 @@ BOOL permitive_over_pid_allowed(ksurface_proc_copy_t *proc,
9589

9690
/* handling platform bypass */
9791
if(allowPlatformBypass &&
98-
(caller_uid == proc_getruid(targetProc) || caller_uid == 0) &&
9992
entitlement_got_entitlement(proc_getentitlements(proc), PEEntitlementPlatform))
10093
{
10194
allowed = YES;
10295
goto out_unlock;
10396
}
10497

98+
if(entitlementsNeeded != PEEntitlementNone &&
99+
!entitlement_got_entitlement(proc_getentitlements(proc), entitlementsNeeded))
100+
{
101+
/* nope */
102+
goto out_unlock;
103+
}
104+
105105
/* checking if target got entitlement if applicable */
106106
if(targetEntitlementsNeeded != PEEntitlementNone &&
107107
!entitlement_got_entitlement(proc_getentitlements(targetProc), targetEntitlementsNeeded))
108108
{
109-
/* nope! */
109+
/* still nope! */
110110
goto out_unlock;
111111
}
112112

0 commit comments

Comments
 (0)