buzzert/Kordophone
Private
Public Access
1
0
Fork 0
Code Packages Activity

Don't build using restricted entitlements by default.

Browse Source
This commit is contained in:
James Magahern
2022-08-03 16:56:53 -07:00
parent c7087a394e
commit bd01480ad6
3 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
MessagesBridge.xcodeproj/project.pbxproj
View File

@@ -238,7 +238,7 @@
CD83E161219BE91500F4CCEA /* libagentHook.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; includeInIndex = 0; path = libagentHook.dylib; sourceTree = BUILT_PRODUCTS_DIR; };
CD83E165219BE91600F4CCEA /* agentHook.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = agentHook.m; sourceTree = "<group>"; };
CD83E1B5219BF78E00F4CCEA /* hookAgent.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = hookAgent.sh; sourceTree = "<group>"; };
CD936A2F289B31740093A1AC /* kordophoned-Entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "kordophoned-Entitlements.plist"; sourceTree = "<group>"; };
CD936A2F289B31740093A1AC /* kordophoned-RestrictedEntitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "kordophoned-RestrictedEntitlements.plist"; sourceTree = "<group>"; };
CD936A30289B353F0093A1AC /* MBIMErrorResponse.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MBIMErrorResponse.h; sourceTree = "<group>"; };
CD936A31289B353F0093A1AC /* MBIMErrorResponse.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MBIMErrorResponse.m; sourceTree = "<group>"; };
CDDCF78B283F398C0087ABDF /* MBIMDeleteConversationOperation.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MBIMDeleteConversationOperation.h; sourceTree = "<group>"; };
@@ -580,7 +580,7 @@
1A0C446D219A4BCD00F2AC00 /* Bridge */,
CDF62334219A895D00690038 /* main.m */,
1AAB32B221F835BD004A2A72 /* KPServer.pch */,
CD936A2F289B31740093A1AC /* kordophoned-Entitlements.plist */,
CD936A2F289B31740093A1AC /* kordophoned-RestrictedEntitlements.plist */,
);
path = kordophone;
sourceTree = "<group>";
@@ -1132,7 +1132,6 @@
isa = XCBuildConfiguration;
buildSettings = {
CLANG_ENABLE_MODULES = NO;
CODE_SIGN_ENTITLEMENTS = "kordophone/kordophoned-Entitlements.plist";
CODE_SIGN_IDENTITY = "-";
CODE_SIGN_STYLE = Automatic;
GCC_PREFIX_HEADER = kordophone/KPServer.pch;
@@ -1149,7 +1148,6 @@
isa = XCBuildConfiguration;
buildSettings = {
CLANG_ENABLE_MODULES = NO;
CODE_SIGN_ENTITLEMENTS = "kordophone/kordophoned-Entitlements.plist";
CODE_SIGN_IDENTITY = "-";
CODE_SIGN_STYLE = Automatic;
GCC_PREFIX_HEADER = kordophone/KPServer.pch;

3
README.md
View File

@@ -7,6 +7,9 @@ sudo defaults write /Library/Preferences/com.apple.security.coderequirements Ent
Maybe a better thing to do is to DYLD_PRELOAD `imagent` and swizzle `IMDAuditTokenTaskHasEntitlement` to always return YES.
Included in the project is "kordophoned-RestrictedEntitlements.plist", which contains all necessary restricted entitlements.
On production macOS builds, the kernel will kill kordophoned immediately if it's signed using restricted entitlements, so agent hook is a
better option when running on prod machines. By default, the project is configured to ignore kordophoned-RestrictedEntitlements.plist when building.
## Building/linking
If you get dyld errors running from the command line, use `install_name_tool` to update the @rpath (where @rpath points to where linked Frameworks like GCDWebServer is).

0
kordophone/kordophoned-Entitlements.plist → kordophone/kordophoned-RestrictedEntitlements.plist
View File