Ticket #29228: patch-src-darwintrace1.0.in.diff

access.c

@@ -41 +41 @@
 #include <sys/syscall.h>
 #include <unistd.h>
 
-int access(const char *path, int amode) {
+int _dt_access(const char *path, int amode) {
 #define access(x, y) syscall(SYS_access, (x), (y))
         __darwintrace_setup();
 
@@ -59 +59 @@
         return result;
 #undef access
 }
+DARWINTRACE_INTERPOSE(_dt_access,access);

close.c

@@ -50 +50 @@
  * need to. This possibility is the \c __darwintrace_close_sock variable, which
  * will be set to the FD to be closed when closing should be allowed.
  */
-int close(int fd) {
+int _dt_close(int fd) {
 #define close(x) syscall(SYS_close, (x))
         __darwintrace_setup();
 
@@ -66 +66 @@
         return close(fd);
 #undef close
 }
+DARWINTRACE_INTERPOSE(_dt_close,close);

darwintrace.c

@@ -77 +77 @@
         return result;
 }
 #endif
+DARWINTRACE_INTERPOSE(strlcpy,strlcpy);
 
 #include "../pextlib1.0/strlcat.c"
 
@@ -158 +159 @@
         return (pthread_t) pthread_getspecific(tid_key);
 }
 
+
 /**
  * Convenience setter function for the thread-local darwintrace socket
  */

darwintrace.h

@@ -44 +44 @@
 #include <stdio.h>
 
 /**
+ * DARWINTRACE_INTERPOSE: provides a way to override standard library functions with your own implementations
+ */
+#ifndef DARWINTRACE_INTERPOSE
+#define DARWINTRACE_INTERPOSE(_replacement,_replacee) \
+__attribute__((used)) static struct { \
+        const void* replacement; \
+        const void* replacee; \
+} _interpose_##_replacee \
+__attribute__ ((section ("__DATA,__interpose"))) = { \
+        (const void*)(unsigned long)&_replacement, \
+        (const void*)(unsigned long)&_replacee \
+}
+#endif
+
+/**
  * DARWINTRACE_DEBUG: verbose output of operations to debug darwintrace
  */
 #ifndef DARWINTRACE_DEBUG

dup2.c

@@ -48 +48 @@
  * attempts to overwrite it using \c dup(2). Shells tend to do that a lot when
  * FDs are numbered in ascending order.
  */
-int dup2(int filedes, int filedes2) {
+int _dt_dup2(int filedes, int filedes2) {
 #define dup2(x, y) syscall(SYS_dup2, (x), (y))
         __darwintrace_setup();
 
@@ -75 +75 @@
         return dup2(filedes, filedes2);
 #undef dup2
 }
+DARWINTRACE_INTERPOSE(_dt_dup2,dup2);

mkdir.c

@@ -53 +53 @@
  * the sandbox. Will silently do nothing and return success for directories
  * outside the sandbox that already exist.
  */
-int mkdir(const char *path, mode_t mode) {
+int _dt_mkdir(const char *path, mode_t mode) {
 #define mkdir(x,y) syscall(SYS_mkdir, (x), (y))
 #define lstat(x,y) syscall(LSTATSYSNUM, (x), (y))
         __darwintrace_setup();
@@ -78 +78 @@
 #undef lstat
 #undef mkdir
 }
+DARWINTRACE_INTERPOSE(_dt_mkdir,mkdir);

open.c

@@ -48 +48 @@
  * Indicates the file does not exist on sandbox violation, or permission denied
  * when attempting to create a file, i.e., when \c O_CREAT is set.
  */
-int open(const char *path, int flags, ...) {
+int _dt_open(const char *path, int flags, ...) {
 #define open(x,y,z) syscall(SYS_open, (x), (y), (z))
         __darwintrace_setup();
         int result = 0;
@@ -70 +70 @@
         return result;
 #undef open
 }
+DARWINTRACE_INTERPOSE(_dt_open,open);

proc.c

@@ -254 +254 @@
  * exist, if it's outside the sandbox. Also checks for potential interpreters
  * using \c check_interpreter.
  */
-int execve(const char *path, char *const argv[], char *const envp[]) {
+int _dt_execve(const char *path, char *const argv[], char *const envp[]) {
 #define execve(x,y,z) syscall(SYS_execve, (x), (y), (z))
         __darwintrace_setup();
 
@@ -288 +288 @@
         return result;
 #undef execve
 }
+DARWINTRACE_INTERPOSE(_dt_execve,execve);
 
 #if defined(HAVE_SPAWN_H) && defined(HAVE_POSIX_SPAWN)
 // Let's save some typing work...
@@ -303 +304 @@
  * exist, if it's outside the sandbox. Also checks for potential interpreters
  * using \c check_interpreter.
  */
-int posix_spawn(pid_t *restrict pid, const char *restrict path, const posix_spawn_file_actions_t *file_actions,
+int _dt_posix_spawn(pid_t *restrict pid, const char *restrict path, const posix_spawn_file_actions_t *file_actions,
                 const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) {
         __darwintrace_setup();
 
@@ -355 +356 @@
         return result;
 }
 #endif
+DARWINTRACE_INTERPOSE(_dt_posix_spawn,posix_spawn);

readlink.c

@@ -46 +46 @@
  * Deny \c readlink(2) if the file is not within the sandbox bounds.
  */
 #ifdef READLINK_IS_NOT_P1003_1A
-int readlink(const char *path, char *buf, int bufsiz) {
+int _dt_readlink(const char *path, char *buf, int bufsiz) {
 #else
-ssize_t readlink(const char *path, char *buf, size_t bufsiz) {
+ssize_t _dt_readlink(const char *path, char *buf, size_t bufsiz) {
 #endif
 #define readlink(x,y,z) syscall(SYS_readlink, (x), (y), (z))
         __darwintrace_setup();
@@ -69 +69 @@
         return result;
 #undef readlink
 }
+DARWINTRACE_INTERPOSE(_dt_readlink,readlink);

rename.c

@@ -46 +46 @@
  * Wrapper around \c rename(2) to prevent moving a file outside, or out of the
  * sandbox.
  */
-int rename(const char *from, const char *to) {
+int _dt_rename(const char *from, const char *to) {
 #define rename(x,y) syscall(SYS_rename, (x), (y))
         __darwintrace_setup();
 
@@ -67 +67 @@
         return result;
 #undef rename
 }
+DARWINTRACE_INTERPOSE(_dt_rename,rename);

rmdir.c

@@ -46 +46 @@
  * Wrapper around \c rmdir(2) to deny deleting directories outside of the
  * sandbox.
  */
-int rmdir(const char *path) {
+int _dt_rmdir(const char *path) {
 #define rmdir(x) syscall(SYS_rmdir, (x))
         __darwintrace_setup();
 
@@ -64 +64 @@
         return result;
 #undef rmdir
 }
+DARWINTRACE_INTERPOSE(_dt_rmdir,rmdir);

stat.c

@@ -47 +47 @@
  * Wrapper around \c stat(2) to hide information about files outside the
  * sandbox.
  */
-int stat(const char *path, void *sb) {
+int _dt_stat(const char *path, void *sb) {
 #define stat(path, sb) syscall(SYS_stat, path, sb)
         __darwintrace_setup();
 
@@ -66 +66 @@
 #undef stat
 }
 
+int stat(const char *path, void *sb);
+DARWINTRACE_INTERPOSE(_dt_stat,stat);
+
 // Don't provide stat64 on systems that have no stat64 syscall
 #ifdef SYS_stat64
-int stat64(const char *path, void *sb) {
+int _dt_stat64(const char *path, void *sb) {
 #define stat64(path, sb) syscall(SYS_stat64, path, sb)
         __darwintrace_setup();
 
@@ -87 +90 @@
 #undef stat64
 }
 
-int stat$INODE64(const char *path, void *sb) {
-        return stat64(path, sb);
-}
+int stat64(const char *path, void *sb);
+DARWINTRACE_INTERPOSE(_dt_stat64,stat64);
+
+
+int stat$INODE64(const char *path, void *sb);
+
+DARWINTRACE_INTERPOSE(_dt_stat64,stat$INODE64);
+
 #endif /* defined(SYS_stat64) */
 
-int lstat(const char *path, void *sb) {
+
+int _dt_lstat(const char *path, void *sb) {
 #define lstat(path, sb) syscall(SYS_lstat, path, sb)
         __darwintrace_setup();
 
@@ -112 +121 @@
 #undef lstat
 }
 
+int lstat(const char *path, void *sb);
+DARWINTRACE_INTERPOSE(_dt_lstat,lstat);
+
 // Don't provide lstat64 on systems that have no lstat64 syscall
 #ifdef SYS_lstat64
-int lstat64(const char *path, void *sb) {
+int _dt_lstat64(const char *path, void *sb) {
 #define lstat64(path, sb) syscall(SYS_lstat64, path, sb)
         __darwintrace_setup();
 
@@ -134 +146 @@
 #undef lstat64
 }
 
-int lstat$INODE64(const char *path, void *sb) {
-        return lstat64(path, sb);
-}
+int lstat64(const char *path, void *sb);
+DARWINTRACE_INTERPOSE(_dt_lstat64,lstat64);
+
+int lstat$INODE64(const char *path, void *sb);
+
+DARWINTRACE_INTERPOSE(_dt_lstat64,lstat$INODE64);
+
 #endif /* defined(SYS_lstat64) */
+

unlink.c

@@ -46 +46 @@
  * Wrapper around \c unlink(2) that will deny attempts to delete files outside
  * of the sandbox and simulate non-existence of the file instead.
  */
-int unlink(const char *path) {
+int _dt_unlink(const char *path) {
 #define unlink(x) syscall(SYS_unlink, (x))
         __darwintrace_setup();
 
@@ -64 +64 @@
         return result;
 #undef unlink
 }
+DARWINTRACE_INTERPOSE(_dt_unlink,unlink);