This is an archive of the discontinued LLVM Phabricator instance.

Differential D85237

[lldb] Add an option to inherit TCC permissions from parent.
ClosedPublic

Authored by JDevlieghere on Aug 4 2020, 12:08 PM.

Details

Reviewers
mib
friss
jasonmolenda
Commits
rG249a1d4f1bed: [lldb] Add an option to inherit TCC permissions from parent.
Summary

Add an option that allows the user to decide to not make the inferior is responsible for its own TCC permissions. If you don't make the inferior responsible, it inherits the permissions of its parent. The motivation is the scenario of running the LLDB test suite from an external hard drive. If the inferior is responsible, every test needs to be granted access to the external volume. When the permissions are inherited, approval needs to be granted only once.

Diff Detail

Event Timeline

JDevlieghere requested review of this revision.Aug 4 2020, 12:08 PM
JDevlieghere created this revision.
JDevlieghere added a parent revision: D85235: [lldb] Make SBTarget::LaunchSimple start form the target's LaunchInfo.Aug 4 2020, 12:11 PM
friss added a comment.Aug 4 2020, 2:55 PM

The logic of the patch itself looks fine, but the names, description and commit message are off. A process cannot disable TCC, it's always active. What your patch decides is whether the inferior is responsible for its own TCC permissions. If you don't make the inferior responsible, it inherits the permissions of its parent (which might have inherited them from its own parent). On the command line, you'll most likely get the Terminal.app permissions if nothing in the middle resets the responsible process.

JDevlieghere updated this revision to Diff 283054.Aug 4 2020, 4:14 PM
JDevlieghere retitled this revision from [lldb] Add an option to disable TCC to [lldb] Add an option to inherit TCC permissions from parent..
JDevlieghere edited the summary of this revision. (Show Details)

Make it clear that TCC cannot be disabled but instead we're inheriting the permissions.

JDevlieghere updated this revision to Diff 283057.Aug 4 2020, 4:30 PM
friss accepted this revision.Aug 4 2020, 4:32 PM

LGTM

This revision is now accepted and ready to land.Aug 4 2020, 4:32 PM
Closed by commit rG249a1d4f1bed: [lldb] Add an option to inherit TCC permissions from parent. (authored by JDevlieghere). · Explain WhyAug 5 2020, 10:08 AM
This revision was automatically updated to reflect the committed changes.
JDevlieghere added a commit: rG249a1d4f1bed: [lldb] Add an option to inherit TCC permissions from parent..

Revision Contents

PathSize
lldb/
include/
lldb/
Target/
5 lines
3 lines
packages/
Python/
lldbsuite/
test/
3 lines
source/
Commands/
3 lines
Host/
macosx/
objcxx/
9 lines
Target/
23 lines
3 lines
test/
Shell/
1 line

Diff 283284

lldb/include/lldb/Target/Target.h

Show First 20 LinesShow All 87 Lines▼ Show 20 Linespublic:
bool GetPreloadSymbols() const; bool GetPreloadSymbols() const;
void SetPreloadSymbols(bool b); void SetPreloadSymbols(bool b);
bool GetDisableASLR() const; bool GetDisableASLR() const;
void SetDisableASLR(bool b); void SetDisableASLR(bool b);
bool GetInheritTCC() const;
void SetInheritTCC(bool b);
bool GetDetachOnError() const; bool GetDetachOnError() const;
void SetDetachOnError(bool b); void SetDetachOnError(bool b);
bool GetDisableSTDIO() const; bool GetDisableSTDIO() const;
void SetDisableSTDIO(bool b); void SetDisableSTDIO(bool b);
▲ Show 20 LinesShow All 116 Lines▼ Show 20 Linesprivate:
void Arg0ValueChangedCallback(); void Arg0ValueChangedCallback();
void RunArgsValueChangedCallback(); void RunArgsValueChangedCallback();
void EnvVarsValueChangedCallback(); void EnvVarsValueChangedCallback();
void InputPathValueChangedCallback(); void InputPathValueChangedCallback();
void OutputPathValueChangedCallback(); void OutputPathValueChangedCallback();
void ErrorPathValueChangedCallback(); void ErrorPathValueChangedCallback();
void DetachOnErrorValueChangedCallback(); void DetachOnErrorValueChangedCallback();
void DisableASLRValueChangedCallback(); void DisableASLRValueChangedCallback();
void InheritTCCValueChangedCallback();
void DisableSTDIOValueChangedCallback(); void DisableSTDIOValueChangedCallback();
Environment ComputeEnvironment() const; Environment ComputeEnvironment() const;
// Member variables. // Member variables.
ProcessLaunchInfo m_launch_info; ProcessLaunchInfo m_launch_info;
std::unique_ptr<TargetExperimentalProperties> m_experimental_properties_up; std::unique_ptr<TargetExperimentalProperties> m_experimental_properties_up;
Target *m_target; Target *m_target;
▲ Show 20 LinesShow All 1,150 LinesShow Last 20 Lines

lldb/include/lldb/lldb-enumerations.h

Show First 20 LinesShow All 120 Lines▼ Show 20 LinesFLAGS_ENUM(LaunchFlags){
///< set this flag so lldb & the handee don't race to set its exit status. ///< set this flag so lldb & the handee don't race to set its exit status.
eLaunchFlagDetachOnError = (1u << 9), ///< If set, then the client stub eLaunchFlagDetachOnError = (1u << 9), ///< If set, then the client stub
///< should detach rather than killing ///< should detach rather than killing
///< the debugee ///< the debugee
///< if it loses connection with lldb. ///< if it loses connection with lldb.
eLaunchFlagShellExpandArguments = eLaunchFlagShellExpandArguments =
(1u << 10), ///< Perform shell-style argument expansion (1u << 10), ///< Perform shell-style argument expansion
eLaunchFlagCloseTTYOnExit = (1u << 11), ///< Close the open TTY on exit eLaunchFlagCloseTTYOnExit = (1u << 11), ///< Close the open TTY on exit
eLaunchFlagInheritTCCFromParent =
(1u << 12), ///< Don't make the inferior responsible for its own TCC
///< permissions but instead inherit them from its parent.
}; };
/// Thread Run Modes. /// Thread Run Modes.
enum RunMode { eOnlyThisThread, eAllThreads, eOnlyDuringStepping }; enum RunMode { eOnlyThisThread, eAllThreads, eOnlyDuringStepping };
/// Byte ordering definitions. /// Byte ordering definitions.
enum ByteOrder { enum ByteOrder {
eByteOrderInvalid = 0, eByteOrderInvalid = 0,
▲ Show 20 LinesShow All 966 LinesShow Last 20 Lines

lldb/packages/Python/lldbsuite/test/lldbtest.py

Show First 20 LinesShow All 711 Lines▼ Show 20 Lines def setUpCommands(cls):
# First of all, clear all settings to have clean state of global properties. # First of all, clear all settings to have clean state of global properties.
"settings clear -all", "settings clear -all",
# Disable Spotlight lookup. The testsuite creates # Disable Spotlight lookup. The testsuite creates
# different binaries with the same UUID, because they only # different binaries with the same UUID, because they only
# differ in the debug info, which is not being hashed. # differ in the debug info, which is not being hashed.
"settings set symbols.enable-external-lookup false", "settings set symbols.enable-external-lookup false",
# Inherit the TCC permissions from the inferior's parent.
"settings set target.inherit-tcc true",
# Disable fix-its by default so that incorrect expressions in tests don't # Disable fix-its by default so that incorrect expressions in tests don't
# pass just because Clang thinks it has a fix-it. # pass just because Clang thinks it has a fix-it.
"settings set target.auto-apply-fixits false", "settings set target.auto-apply-fixits false",
# Testsuite runs in parallel and the host can have also other load. # Testsuite runs in parallel and the host can have also other load.
"settings set plugin.process.gdb-remote.packet-timeout 60", "settings set plugin.process.gdb-remote.packet-timeout 60",
'settings set symbols.clang-modules-cache-path "{}"'.format( 'settings set symbols.clang-modules-cache-path "{}"'.format(
▲ Show 20 LinesShow All 1,847 LinesShow Last 20 Lines

lldb/source/Commands/CommandObjectProcess.cpp

Show First 20 LinesShow All 178 Lines▼ Show 20 Lines if (m_options.disable_aslr != eLazyBoolCalculate) {
disable_aslr = target->GetDisableASLR(); disable_aslr = target->GetDisableASLR();
} }
if (disable_aslr) if (disable_aslr)
m_options.launch_info.GetFlags().Set(eLaunchFlagDisableASLR); m_options.launch_info.GetFlags().Set(eLaunchFlagDisableASLR);
else else
m_options.launch_info.GetFlags().Clear(eLaunchFlagDisableASLR); m_options.launch_info.GetFlags().Clear(eLaunchFlagDisableASLR);
if (target->GetInheritTCC())
m_options.launch_info.GetFlags().Set(eLaunchFlagInheritTCCFromParent);
if (target->GetDetachOnError()) if (target->GetDetachOnError())
m_options.launch_info.GetFlags().Set(eLaunchFlagDetachOnError); m_options.launch_info.GetFlags().Set(eLaunchFlagDetachOnError);
if (target->GetDisableSTDIO()) if (target->GetDisableSTDIO())
m_options.launch_info.GetFlags().Set(eLaunchFlagDisableSTDIO); m_options.launch_info.GetFlags().Set(eLaunchFlagDisableSTDIO);
// Merge the launch info environment with the target environment. // Merge the launch info environment with the target environment.
Environment target_env = target->GetEnvironment(); Environment target_env = target->GetEnvironment();
▲ Show 20 LinesShow All 1,417 LinesShow Last 20 Lines

lldb/source/Host/macosx/objcxx/Host.mm

Show First 20 LinesShow All 1,089 Lines▼ Show 20 Lines#if TARGET_OS_OSX
SecuritySessionId session_id; SecuritySessionId session_id;
SessionAttributeBits session_attributes; SessionAttributeBits session_attributes;
OSStatus status = OSStatus status =
SessionGetInfo(callerSecuritySession, &session_id, &session_attributes); SessionGetInfo(callerSecuritySession, &session_id, &session_attributes);
if (status == errSessionSuccess) if (status == errSessionSuccess)
is_graphical = session_attributes & sessionHasGraphicAccess; is_graphical = session_attributes & sessionHasGraphicAccess;
#endif #endif
// When lldb is ran through a graphical session, this makes the debuggee // When lldb is ran through a graphical session, make the debuggee process
// process responsible for the TCC prompts. Otherwise, lldb will use the // responsible for its own TCC permissions instead of inheriting them from
// launching process privileges. // its parent.
if (is_graphical && launch_info.GetFlags().Test(eLaunchFlagDebug)) { if (is_graphical && launch_info.GetFlags().Test(eLaunchFlagDebug) &&
!launch_info.GetFlags().Test(eLaunchFlagInheritTCCFromParent)) {
error.SetError(setup_posix_spawn_responsible_flag(&attr), eErrorTypePOSIX); error.SetError(setup_posix_spawn_responsible_flag(&attr), eErrorTypePOSIX);
if (error.Fail()) { if (error.Fail()) {
LLDB_LOG(log, "error: {0}, setup_posix_spawn_responsible_flag(&attr)", LLDB_LOG(log, "error: {0}, setup_posix_spawn_responsible_flag(&attr)",
error); error);
return error; return error;
} }
} }
▲ Show 20 LinesShow All 379 LinesShow Last 20 Lines

lldb/source/Target/Target.cpp

Show First 20 LinesShow All 3,425 Lines▼ Show 20 Lines if (target) {
m_collection_sp->SetValueChangedCallback( m_collection_sp->SetValueChangedCallback(
ePropertyErrorPath, [this] { ErrorPathValueChangedCallback(); }); ePropertyErrorPath, [this] { ErrorPathValueChangedCallback(); });
m_collection_sp->SetValueChangedCallback(ePropertyDetachOnError, [this] { m_collection_sp->SetValueChangedCallback(ePropertyDetachOnError, [this] {
DetachOnErrorValueChangedCallback(); DetachOnErrorValueChangedCallback();
}); });
m_collection_sp->SetValueChangedCallback( m_collection_sp->SetValueChangedCallback(
ePropertyDisableASLR, [this] { DisableASLRValueChangedCallback(); }); ePropertyDisableASLR, [this] { DisableASLRValueChangedCallback(); });
m_collection_sp->SetValueChangedCallback( m_collection_sp->SetValueChangedCallback(
ePropertyInheritTCC, [this] { InheritTCCValueChangedCallback(); });
m_collection_sp->SetValueChangedCallback(
ePropertyDisableSTDIO, [this] { DisableSTDIOValueChangedCallback(); }); ePropertyDisableSTDIO, [this] { DisableSTDIOValueChangedCallback(); });
m_experimental_properties_up = m_experimental_properties_up =
std::make_unique<TargetExperimentalProperties>(); std::make_unique<TargetExperimentalProperties>();
m_collection_sp->AppendProperty( m_collection_sp->AppendProperty(
ConstString(Properties::GetExperimentalSettingsName()), ConstString(Properties::GetExperimentalSettingsName()),
ConstString("Experimental settings - setting these won't produce " ConstString("Experimental settings - setting these won't produce "
"errors if the setting is not present."), "errors if the setting is not present."),
Show All 21 Linesvoid TargetProperties::UpdateLaunchInfoFromProperties() {
Arg0ValueChangedCallback(); Arg0ValueChangedCallback();
RunArgsValueChangedCallback(); RunArgsValueChangedCallback();
EnvVarsValueChangedCallback(); EnvVarsValueChangedCallback();
InputPathValueChangedCallback(); InputPathValueChangedCallback();
OutputPathValueChangedCallback(); OutputPathValueChangedCallback();
ErrorPathValueChangedCallback(); ErrorPathValueChangedCallback();
DetachOnErrorValueChangedCallback(); DetachOnErrorValueChangedCallback();
DisableASLRValueChangedCallback(); DisableASLRValueChangedCallback();
InheritTCCValueChangedCallback();
DisableSTDIOValueChangedCallback(); DisableSTDIOValueChangedCallback();
} }
bool TargetProperties::GetInjectLocalVariables( bool TargetProperties::GetInjectLocalVariables(
ExecutionContext *exe_ctx) const { ExecutionContext *exe_ctx) const {
const Property *exp_property = m_collection_sp->GetPropertyAtIndex( const Property *exp_property = m_collection_sp->GetPropertyAtIndex(
exe_ctx, false, ePropertyExperimental); exe_ctx, false, ePropertyExperimental);
OptionValueProperties *exp_values = OptionValueProperties *exp_values =
▲ Show 20 LinesShow All 66 Lines▼ Show 20 Lines return m_collection_sp->GetPropertyAtIndexAsBoolean(
nullptr, idx, g_target_properties[idx].default_uint_value != 0); nullptr, idx, g_target_properties[idx].default_uint_value != 0);
} }
void TargetProperties::SetDisableASLR(bool b) { void TargetProperties::SetDisableASLR(bool b) {
const uint32_t idx = ePropertyDisableASLR; const uint32_t idx = ePropertyDisableASLR;
m_collection_sp->SetPropertyAtIndexAsBoolean(nullptr, idx, b); m_collection_sp->SetPropertyAtIndexAsBoolean(nullptr, idx, b);
} }
bool TargetProperties::GetInheritTCC() const {
const uint32_t idx = ePropertyInheritTCC;
return m_collection_sp->GetPropertyAtIndexAsBoolean(
nullptr, idx, g_target_properties[idx].default_uint_value != 0);
}
void TargetProperties::SetInheritTCC(bool b) {
const uint32_t idx = ePropertyInheritTCC;
m_collection_sp->SetPropertyAtIndexAsBoolean(nullptr, idx, b);
}
bool TargetProperties::GetDetachOnError() const { bool TargetProperties::GetDetachOnError() const {
const uint32_t idx = ePropertyDetachOnError; const uint32_t idx = ePropertyDetachOnError;
return m_collection_sp->GetPropertyAtIndexAsBoolean( return m_collection_sp->GetPropertyAtIndexAsBoolean(
nullptr, idx, g_target_properties[idx].default_uint_value != 0); nullptr, idx, g_target_properties[idx].default_uint_value != 0);
} }
void TargetProperties::SetDetachOnError(bool b) { void TargetProperties::SetDetachOnError(bool b) {
const uint32_t idx = ePropertyDetachOnError; const uint32_t idx = ePropertyDetachOnError;
▲ Show 20 LinesShow All 375 Lines▼ Show 20 Linesvoid TargetProperties::SetProcessLaunchInfo(
} }
const FileAction *error_file_action = const FileAction *error_file_action =
launch_info.GetFileActionForFD(STDERR_FILENO); launch_info.GetFileActionForFD(STDERR_FILENO);
if (error_file_action) { if (error_file_action) {
SetStandardErrorPath(error_file_action->GetPath()); SetStandardErrorPath(error_file_action->GetPath());
} }
SetDetachOnError(launch_info.GetFlags().Test(lldb::eLaunchFlagDetachOnError)); SetDetachOnError(launch_info.GetFlags().Test(lldb::eLaunchFlagDetachOnError));
SetDisableASLR(launch_info.GetFlags().Test(lldb::eLaunchFlagDisableASLR)); SetDisableASLR(launch_info.GetFlags().Test(lldb::eLaunchFlagDisableASLR));
SetInheritTCC(
launch_info.GetFlags().Test(lldb::eLaunchFlagInheritTCCFromParent));
SetDisableSTDIO(launch_info.GetFlags().Test(lldb::eLaunchFlagDisableSTDIO)); SetDisableSTDIO(launch_info.GetFlags().Test(lldb::eLaunchFlagDisableSTDIO));
} }
bool TargetProperties::GetRequireHardwareBreakpoints() const { bool TargetProperties::GetRequireHardwareBreakpoints() const {
const uint32_t idx = ePropertyRequireHardwareBreakpoints; const uint32_t idx = ePropertyRequireHardwareBreakpoints;
return m_collection_sp->GetPropertyAtIndexAsBoolean( return m_collection_sp->GetPropertyAtIndexAsBoolean(
nullptr, idx, g_target_properties[idx].default_uint_value != 0); nullptr, idx, g_target_properties[idx].default_uint_value != 0);
} }
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Lines
void TargetProperties::DisableASLRValueChangedCallback() { void TargetProperties::DisableASLRValueChangedCallback() {
if (GetDisableASLR()) if (GetDisableASLR())
m_launch_info.GetFlags().Set(lldb::eLaunchFlagDisableASLR); m_launch_info.GetFlags().Set(lldb::eLaunchFlagDisableASLR);
else else
m_launch_info.GetFlags().Clear(lldb::eLaunchFlagDisableASLR); m_launch_info.GetFlags().Clear(lldb::eLaunchFlagDisableASLR);
} }
void TargetProperties::InheritTCCValueChangedCallback() {
if (GetInheritTCC())
m_launch_info.GetFlags().Set(lldb::eLaunchFlagInheritTCCFromParent);
else
m_launch_info.GetFlags().Clear(lldb::eLaunchFlagInheritTCCFromParent);
}
void TargetProperties::DisableSTDIOValueChangedCallback() { void TargetProperties::DisableSTDIOValueChangedCallback() {
if (GetDisableSTDIO()) if (GetDisableSTDIO())
m_launch_info.GetFlags().Set(lldb::eLaunchFlagDisableSTDIO); m_launch_info.GetFlags().Set(lldb::eLaunchFlagDisableSTDIO);
else else
m_launch_info.GetFlags().Clear(lldb::eLaunchFlagDisableSTDIO); m_launch_info.GetFlags().Clear(lldb::eLaunchFlagDisableSTDIO);
} }
// Target::TargetEventData // Target::TargetEventData
▲ Show 20 LinesShow All 58 LinesShow Last 20 Lines

lldb/source/Target/TargetProperties.td

Show First 20 LinesShow All 105 Lines▼ Show 20 Lines def PreloadSymbols: Property<"preload-symbols", "Boolean">,
DefaultTrue, DefaultTrue,
Desc<"Enable loading of symbol tables before they are needed.">; Desc<"Enable loading of symbol tables before they are needed.">;
def DisableASLR: Property<"disable-aslr", "Boolean">, def DisableASLR: Property<"disable-aslr", "Boolean">,
DefaultTrue, DefaultTrue,
Desc<"Disable Address Space Layout Randomization (ASLR)">; Desc<"Disable Address Space Layout Randomization (ASLR)">;
def DisableSTDIO: Property<"disable-stdio", "Boolean">, def DisableSTDIO: Property<"disable-stdio", "Boolean">,
DefaultFalse, DefaultFalse,
Desc<"Disable stdin/stdout for process (e.g. for a GUI application)">; Desc<"Disable stdin/stdout for process (e.g. for a GUI application)">;
def InheritTCC: Property<"inherit-tcc", "Boolean">,
DefaultFalse,
Desc<"Inherit the TCC permissions from the inferior's parent instead of making the process itself responsible.">;
def InlineStrategy: Property<"inline-breakpoint-strategy", "Enum">, def InlineStrategy: Property<"inline-breakpoint-strategy", "Enum">,
DefaultEnumValue<"eInlineBreakpointsAlways">, DefaultEnumValue<"eInlineBreakpointsAlways">,
EnumValues<"OptionEnumValues(g_inline_breakpoint_enums)">, EnumValues<"OptionEnumValues(g_inline_breakpoint_enums)">,
Desc<"The strategy to use when settings breakpoints by file and line. Breakpoint locations can end up being inlined by the compiler, so that a compile unit 'a.c' might contain an inlined function from another source file. Usually this is limited to breakpoint locations from inlined functions from header or other include files, or more accurately non-implementation source files. Sometimes code might #include implementation files and cause inlined breakpoint locations in inlined implementation files. Always checking for inlined breakpoint locations can be expensive (memory and time), so if you have a project with many headers and find that setting breakpoints is slow, then you can change this setting to headers. This setting allows you to control exactly which strategy is used when setting file and line breakpoints.">; Desc<"The strategy to use when settings breakpoints by file and line. Breakpoint locations can end up being inlined by the compiler, so that a compile unit 'a.c' might contain an inlined function from another source file. Usually this is limited to breakpoint locations from inlined functions from header or other include files, or more accurately non-implementation source files. Sometimes code might #include implementation files and cause inlined breakpoint locations in inlined implementation files. Always checking for inlined breakpoint locations can be expensive (memory and time), so if you have a project with many headers and find that setting breakpoints is slow, then you can change this setting to headers. This setting allows you to control exactly which strategy is used when setting file and line breakpoints.">;
def DisassemblyFlavor: Property<"x86-disassembly-flavor", "Enum">, def DisassemblyFlavor: Property<"x86-disassembly-flavor", "Enum">,
DefaultEnumValue<"eX86DisFlavorDefault">, DefaultEnumValue<"eX86DisFlavorDefault">,
EnumValues<"OptionEnumValues(g_x86_dis_flavor_value_types)">, EnumValues<"OptionEnumValues(g_x86_dis_flavor_value_types)">,
Desc<"The default disassembly flavor to use for x86 or x86-64 targets.">; Desc<"The default disassembly flavor to use for x86 or x86-64 targets.">;
▲ Show 20 LinesShow All 132 LinesShow Last 20 Lines

lldb/test/Shell/lit-lldb-init.in

# LLDB init file for the LIT tests. # LLDB init file for the LIT tests.
settings set symbols.enable-external-lookup false settings set symbols.enable-external-lookup false
settings set plugin.process.gdb-remote.packet-timeout 60 settings set plugin.process.gdb-remote.packet-timeout 60
settings set interpreter.echo-comment-commands false settings set interpreter.echo-comment-commands false
settings set symbols.clang-modules-cache-path "@LLDB_TEST_MODULE_CACHE_LLDB@" settings set symbols.clang-modules-cache-path "@LLDB_TEST_MODULE_CACHE_LLDB@"
settings set target.auto-apply-fixits false settings set target.auto-apply-fixits false
settings set target.inherit-tcc true