Skip to content

Commit

Permalink
Code cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@opa334
opa334 committed Jul 26, 2024
1 parent 67820ae commit 9cde835
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 40 deletions.
40 changes: 1 addition & 39 deletions BaseBin/systemhook/src/common.h
View file
Original file line number Diff line number Diff line change
@@ -1,54 +1,16 @@
#include <CoreFoundation/CoreFoundation.h>
#include <spawn.h>
#include <xpc/xpc.h>
#include "private.h"

#define HOOK_DYLIB_PATH "/usr/lib/systemhook.dylib"

#define SYS_execve 0x3B
#define SYS_posix_spawn 0xF4
#define SYS_csops 0xA9
#define SYS_csops_audittoken 0xAA
#define SYS_necp_match_policy 0x1CC
#define SYS_necp_open 0x1F5
#define SYS_necp_client_action 0x1F6
#define SYS_necp_session_open 0x20A
#define SYS_necp_session_action 0x20B

typedef enum
{
kSpawnConfigInject = 1 << 0,
kSpawnConfigTrust = 1 << 1,
} kSpawnConfig;

struct _posix_spawn_args_desc {
size_t attr_size;
posix_spawnattr_t attrp;

size_t file_actions_size;
void *file_actions;

size_t port_actions_size;
void *port_actions;

size_t mac_extensions_size;
void *mac_extensions;

size_t coal_info_size;
struct _posix_spawn_coalition_info *coal_info;

size_t persona_info_size;
void *persona_info;

size_t posix_cred_info_size;
void *posix_cred_info;

size_t subsystem_root_path_size;
char *subsystem_root_path;

size_t conclave_id_size;
char *conclave_id;
};

int __posix_spawn(pid_t *restrict pid, const char *restrict path, struct _posix_spawn_args_desc *desc, char *const argv[restrict], char *const envp[restrict]);
int __execve(const char *path, char *const argv[], char *const envp[]);

Expand Down
46 changes: 45 additions & 1 deletion BaseBin/systemhook/src/private.h
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,16 @@
#ifndef SYSTEMHOOK_PRIVATE
#define SYSTEMHOOK_PRIVATE

#define SYS_execve 0x3B
#define SYS_posix_spawn 0xF4
#define SYS_csops 0xA9
#define SYS_csops_audittoken 0xAA
#define SYS_necp_match_policy 0x1CC
#define SYS_necp_open 0x1F5
#define SYS_necp_client_action 0x1F6
#define SYS_necp_session_open 0x20A
#define SYS_necp_session_action 0x20B

int necp_match_policy(uint8_t *parameters, size_t parameters_size, void *returned_result);
int necp_open(int flags);
int necp_client_action(int necp_fd, uint32_t action, uuid_t client_id, size_t client_id_len, uint8_t *buffer, size_t buffer_size);
Expand All @@ -15,4 +28,35 @@ int posix_spawnattr_getprocesstype_np(const posix_spawnattr_t * __restrict, int
#define POSIX_SPAWNATTR_OFF_MEMLIMIT_INACTIVE 0x4C
#define POSIX_SPAWNATTR_OFF_LAUNCH_TYPE 0xA8

extern char **environ;
extern char **environ;

struct _posix_spawn_args_desc {
size_t attr_size;
posix_spawnattr_t attrp;

size_t file_actions_size;
void *file_actions;

size_t port_actions_size;
void *port_actions;

size_t mac_extensions_size;
void *mac_extensions;

size_t coal_info_size;
struct _posix_spawn_coalition_info *coal_info;

size_t persona_info_size;
void *persona_info;

size_t posix_cred_info_size;
void *posix_cred_info;

size_t subsystem_root_path_size;
char *subsystem_root_path;

size_t conclave_id_size;
char *conclave_id;
};

#endif

0 comments on commit 9cde835

Please sign in to comment.