Apple notarization break vm_protect

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Apple notarization break vm_protect

Postby adam81 » Tue Jun 04, 2019 7:27 am

Hi,

For using Apple dyld API NSCreateObjectFileImageFromMemory that allows on-demand code section loader, I need to prepare memory with valid permissions (write and execute).

However, after sending my macho file to Apple notarization service, I get the following error:

Code: Select all
 kernel: CODE SIGNING: 568[myapp] vm_map_protect can't have both write and exec at the same time


Denote, that if the product is signed but not notarized, this error doesn't happening.

my code looks basically this way :

Code: Select all
start = getsectiondata(&_mh_execute_header, "__TEXT", "__mysection", &size);

if (vm_protect(mach_task_self(), (vm_address_t)start, (vm_size_t)size, 0, VM_PROT_WRITE) != KERN_SUCCESS)
{
    // bad
}



Any idea How can I overcome this issue (maybe it's optional to set permission to write only although it's in __TEXT area) ?

thanks !
adam81
 
Posts: 28
Joined: Mon Jan 25, 2016 9:26 am

Re: Apple notarization break vm_protect

Postby morpheus » Wed Jul 10, 2019 4:27 am

Is your app signed 20500? If so, did you entitle yourself with com.apple.cs.allow-unsigned-memory... or the debugger entitlement?
morpheus
Site Admin
 
Posts: 729
Joined: Thu Apr 11, 2013 6:24 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 0 guests