Xiaozheng Zou
Reputation: 1
Why my disabled SIP can not bypass the entitlements check?
I am trying to build a local endpoint for log collection using the Endpoint Security framework for research purposes. However, due to the agile nature of the project, I cannot apply for the necessary entitlements.
According to Apple's documentation, disabling SIP (System Integrity Protection) should allow binaries to run without entitlement checks. However, after compiling my binary and running it on a macOS system with SIP disabled, I still encounter a "permission denied" error.
Here are the steps I’ve taken so far:
- Disabled SIP by booting into recovery mode and running
csrutil disable. - Verified SIP is disabled using
csrutil status. - wrote a demo
import Foundation
import EndpointSecurity
var client: OpaquePointer?
// create client and catch message
let res = es_new_client(&client) { (client, message) in
// messge process
}
// print error code
print("Result code: \(res)")
switch res {
case ES_NEW_CLIENT_RESULT_SUCCESS:
print("sucess")
case ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED:
print("error:lack of entitlement")
case ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED:
print("error: application does not have required system permissions")
case ES_NEW_CLIENT_RESULT_ERR_NOT_PRIVILEGED:
print("error: root privileges required")
case ES_NEW_CLIENT_RESULT_ERR_INVALID_ARGUMENT:
print("error: invalid argument")
case ES_NEW_CLIENT_RESULT_ERR_TOO_MANY_CLIENTS:
print("error: maximum number of clients reached")
case ES_NEW_CLIENT_RESULT_ERR_INTERNAL:
print("error: internal error")
default:
print("unknown error: \(res)")
}
if res != ES_NEW_CLIENT_RESULT_SUCCESS {
exit(EXIT_FAILURE)
}
- compile the demo
swiftc main.swift -o es_demo \
-framework Foundation \
-I /Library/Developer/CommandLineTools/SDKs/MacOSX14.4.sdk/usr/include \
-L /Library/Developer/CommandLineTools/SDKs/MacOSX14.4.sdk/usr/lib \
-lEndpointSecurity \
-sdk /Library/Developer/CommandLineTools/SDKs/MacOSX14.4.sdk
- get the error output below
Result code: es_new_client_result_t(rawValue: 3)
error:lack of entitlement
I’d like to understand:
- how to get my demo run?
- has SIP rule changed during the update of macos15?
Upvotes: 0
Views: 38
Answers (0)
Related Questions
- "code ." is not working in on the command line for Visual Studio Code on OS X/Mac
- Xcode - How to fix 'NSUnknownKeyException', Reason: "… this class is not key value coding-compliant for the key X" error?
- How can I check for an active Internet connection on iOS or macOS?
- package configuration for libffi is not found in macOS while installing travis-cli
- Mac OS Catalina gfortran - "ld: library not found for -lgcrt1.o"
- Installing xgboost==0.6a2 on Mac Mojave
- file not found: /usr/lib/system/libdnsinfo.dylib for architecture i386