Nov 7, 2013, 1:50:28 AM (7 years ago)

darwintrace: major overhaul, now successfully compiles all ports I have installed (except go)

  • Split darwintrace.c into separate files for different syscalls to clean up the mess. This does prevent some inlining that used to take place before, makes some global variables necessary and required me to define a darwintrace functions API, but it makes the whole thing so much cleaner.
  • Now compiles without -Wno-deprecated-declarations, because stat.c no longer includes sys/stat.h. While that might seem wrong at first, it actually makes things easier for us, because we can avoid the function renaming magic Apple introduced to support 64-bit inodes.
  • darwintrace now prints all syscalls with their returned result in debug mode (except for syscalls that do not return on success, those are printed with a question mark instead, but with the return value, if they do return).
  • Dropped legacy code supporting non C99 compilers in darwintrace.c
  • Removed the code that enabled redirecting opened locations into a different directory, since it was completely untested, very likely broken and hard to maintain.
  • Added handler for posix_spawn(2). This fixes a lot of problems that would previously break builds (e.g. using /opt/local/bin/ar, although that should have been outside the sandbox, which in turn used /opt/local/bin/ranlib, which failed and broke builds).
  • Avoid memory leak when execve(2) failed that was also affecting posix_spawn(2).
  • Use compare and swap primitives provided by Apple in libkern/OSAtomic.h instead of GCC's sync_bool_compare_and_swap. Should fix the build on some older systems that don't support the compiler builtin.
  • Use getattrlist(2) instead of fcntl(F_GETPATH) to get the absolute path of files referenced using the volfs at /.vol/. TODO: Do this before checking against sandbox bounds (it's currently only used before reporting sandbox violations).
  • Improve support for tracing symlinks: Previously, only the symlink's name would be checked against the sandbox, not its target. Now both the name and the target is checked, if it is the last component of a path to be checked against the sandbox bounds. While there are some directory symlinks in some ports I doubt any of them cross a port boundary, which would be incorrectly detected at the moment.
  • Add a flag to support allowing access to directories completely for syscalls that do not operate on directories (i.e., all except rename, rmdir and mkdir).
  • Increase the size of the communication buffer used between tracelib and darwintrace.
  • Abort in tracelib, if the filemap buffer size is exceeded, rather than reading invalid memory later in darwintrace.
  • Fix a segfault in tracelib when installing a port with no dependents.
1 added

Note: See TracChangeset for help on using the changeset viewer.