SUMMARY: FB9903967 | FAIL on SAN dylib are caused by file system sandbox blocked mmap()
xsscx opened this issue · 0 comments
xsscx commented
SUMMARY for PR42 using 15.4_19E5219e
- Opened: Apple Feedback Case ID FB9903967 | file system sandbox blocked
- Opened: Apple Feedback Case ID FB9904294: Springboard, runningboardd: Unable to obtain a task name port right: (os/kern) failure (0x5), prior Report of FB9643887
PR42
- entitlements applied to quiet AMFI.
- entitlement errors on the SAN dylib are caused by file system sandbox blocked mmap().
-
Here is the AMFI complaint for the SAN Dylibs as of SUN 13 FEB 2022: (file system sandbox blocked mmap()
ASI found [dyld] (sensitive) 'Library not loaded: @rpath/libclang_rt.asan_ios_dynamic.dylib
Referenced from: /mnt/com.example.cryptex.lYwXkJ/usr/bin/hello
Reason: tried: '/mnt/com.example.cryptex.lYwXkJ/usr/bin/libclang_rt.asan_ios_dynamic.dylib' (file system sandbox blocked mmap() of '/mnt/com.example.cryptex.lYwXkJ/usr/bin/libclang_rt.asan_ios_dynamic.dylib'), '/Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/13.1.6/lib/darwin/libclang_rt.asan_ios_dynamic.dylib' (no such file), '/mnt/com.example.cryptex.lYwXkJ/usr/bin/libclang_rt.asan_ios_dynamic.dylib' (file system sandbox blocked mmap() of '/mnt/com.example.cryptex.lYwXkJ/usr/bin/libclang_rt.asan_ios_dynamic.dylib'), '/Applications/Xcode-beta.app/Contents/Developer/Toolchains/Xcode<…>'
- The FIX could be to permit the file system sandbox to allow mmap of *SAN Dylibs, and other Tooling in the Trust Cache. Perhaps there are Workarounds @TorgoApple can provide, but this looks like a Milestone can be set to permit the file system sandbox to allow mmap of *SAN Dylibs, and other Tooling.
PR48
- Just for clarity, AMFI is complaining about the entitlements in https://github.com/apple/security-research-device/pull/48 and https://github.com/apple/security-research-device/pull/49
default 11:21:26.476366-0500 kernel AMFI: '/usr/bin/debugserver' is adhoc signed.
default 11:21:26.476457-0500 kernel AMFI: '/usr/bin/debugserver': unsuitable CT policy 0 for this platform/device, rejecting signature.
- Very Cool .. To see debugserver and Frida come alive. Looks like more PPL groming needed, more later in a different PR
Prior Fix
- https://github.com/apple/security-research-device/pull/48
- FB9643887 15.1_19B5042h SpringBoard Unable to obtain a task name port right for pid xxx: (os/kern) failure (0x5)
Knowledgebase
- https://github.com/apple/security-research-device/issues/27
- https://github.com/apple/security-research-device/issues/43
- https://github.com/apple/security-research-device/issues/44
- https://github.com/apple/security-research-device/issues/46
- https://github.com/apple/security-research-device/issues/47
- https://github.com/apple/security-research-device/issues/48
- https://github.com/apple/security-research-device/issues/49
- https://github.com/apple/security-research-device/issues/50
- Opened: Apple Feedback Case ID FB9903967 | file system sandbox blocked
- Opened: Apple Feedback Case ID FB9904294: Springboard, runningboardd: Unable to obtain a task name port right: (os/kern) failure (0x5), prior Report of FB9643887