CalvinBackup/SnakeAppleSecurityFiles
1
0
Fork 0
mirror of https://github.com/Karmaz95/Snake_Apple.git synced 2026-03-30 14:00:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
SnakeAppleSecurityFiles/VIII. Sandbox/custom/sandbox_validator.c
Karmaz95 01721cfba4 Sandbox Validator patch
2024-07-29 17:59:13 +02:00

125 lines
3.6 KiB
C
Raw Permalink Blame History

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/sysctl.h>
#include <unistd.h>
enum sandbox_filter_type {
SANDBOX_FILTER_NONE,
SANDBOX_FILTER_PATH,
SANDBOX_FILTER_GLOBAL_NAME,
SANDBOX_FILTER_LOCAL_NAME,
SANDBOX_FILTER_APPLEEVENT_DESTINATION,
SANDBOX_FILTER_RIGHT_NAME,
SANDBOX_FILTER_PREFERENCE_DOMAIN,
SANDBOX_FILTER_KEXT_BUNDLE_ID,
SANDBOX_FILTER_INFO_TYPE,
SANDBOX_FILTER_NOTIFICATION,
SANDBOX_FILTER_XPC_SERVICE_NAME = 12,
SANDBOX_FILTER_IOKIT_CONNECTION,
};
const char* filter_type_strings[] = {
"NONE",
"PATH",
"GLOBAL_NAME",
"LOCAL_NAME",
"APPLEEVENT_DESTINATION",
"RIGHT_NAME",
"PREFERENCE_DOMAIN",
"KEXT_BUNDLE_ID",
"INFO_TYPE",
"NOTIFICATION",
"XPC_SERVICE_NAME",
"IOKIT_CONNECTION"
};
void print_filter_types() {
printf("\nAvailable filter types:\n");
for (size_t i = 0; i < sizeof(filter_type_strings) / sizeof(filter_type_strings[0]); i++) {
printf(" %s\n", filter_type_strings[i]);
}
}
int sandbox_check(pid_t, const char *operation, enum sandbox_filter_type, ...);
int pid_exists(pid_t pid) {
int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
struct kinfo_proc info;
size_t info_size = sizeof(info);
return (sysctl(mib, 4, &info, &info_size, NULL, 0) == 0 && info_size > 0);
}
void usage() {
fprintf(stderr, "Usage: %s <pid> [<operation> [<filter_type> <filter_value>]]\n", getprogname());
fprintf(stderr, "Checks if the specified process is sandboxed or if a specific operation is allowed.\n\n");
fprintf(stderr, "Examples:\n");
fprintf(stderr, " %s 93298\n", getprogname());
fprintf(stderr, " %s 93298 \"file-read*\"\n", getprogname());
fprintf(stderr, " %s 93298 \"file-read*\" PATH \"/users/karmaz/.trash\"\n", getprogname());
fprintf(stderr, " %s 93298 \"authorization-right-obtain\" RIGHT_NAME \"system.burn\"\n", getprogname());
print_filter_types();
exit(1);
}
enum sandbox_filter_type get_filter_type(const char* filter_type_str) {
for (size_t i = 0; i < sizeof(filter_type_strings) / sizeof(filter_type_strings[0]); i++) {
if (strcmp(filter_type_str, filter_type_strings[i]) == 0) {
return i;
}
}
return SANDBOX_FILTER_NONE;
}
int main(int argc, char **argv) {
if (argc < 2 || argc == 4 || argc > 5) {
usage();
}
pid_t pid = atoi(argv[1]);
if (!pid_exists(pid)) {
fprintf(stderr, "%d: No such process\n", pid);
exit(2);
}
const char *operation = NULL;
enum sandbox_filter_type filter_type = SANDBOX_FILTER_NONE;
const char *filter_value = NULL;
if (argc >= 3) {
operation = argv[2];
}
if (argc == 5) {
filter_type = get_filter_type(argv[3]);
if (filter_type == SANDBOX_FILTER_NONE) {
fprintf(stderr, "Invalid filter type: %s\n", argv[3]);
exit(3);
}
filter_value = argv[4];
}
int rc = (argc == 2)
? sandbox_check(pid, NULL, SANDBOX_FILTER_NONE)
: sandbox_check(pid, operation, filter_type, filter_value);
if (rc == 0) {
printf("Operation '%s' is %s for process %d",
(operation ? operation : "sandbox status"),
(argc == 2 ? "not sandboxed" : "allowed"),
pid);
} else {
printf("Operation '%s' is not allowed for process %d",
(operation ? operation : "sandbox status"),
pid);
}
if (argc == 5) {
printf(" (Filter type: %s, Value: %s)", argv[3], filter_value);
}
printf("\n");
return rc;
}
Reference in New Issue View Git Blame Copy Permalink