Mac中:给debugserver加上可调试的权限

关于加上合适的权限,尤其是可调试的权限,很多人,其他人,都是说的思路是:

  • 多步:先导出权限,再编辑,最后加上

但是后来确认,直接:

  • 一步 = 直接写入合适的权限

即可。

具体步骤:

准备好权限entitlement文件

把下面内容保存为:debugserver_debuggable.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.springboard.debugapplications</key>
    <true/>
    <key>com.apple.backboardd.launchapplications</key>
    <true/>
    <key>com.apple.backboardd.debugapplications</key>
    <true/>
    <key>com.apple.frontboard.launchapplications</key>
    <true/>
    <key>com.apple.frontboard.debugapplications</key>
    <true/>
    <key>com.apple.private.logging.diagnostic</key>
    <true/>
    <key>com.apple.private.memorystatus</key>
    <true/>
    <key>com.apple.private.cs.debugger</key>
    <true/>
    <key>com.apple.private.thread-set-state</key>
    <true/>
    <key>com.apple.private.security.no-container</key>
    <true/>
    <key>com.apple.private.skip-library-validation</key>
    <true/>
    <key>com.apple.system-task-ports</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>task_for_pid-allow</key>
    <true/>
    <key>run-unsigned-code</key>
    <true/>
    <key>platform-application</key>
    <true/>
</dict>
</plist>

说明:

(先导出原始的debugserver的entitlement权限,再经过如下处理)

  • 已加上权限:
    • 包括:
      • 基础权限:get-task-allowtask_for_pid-allowrun-unsigned-code
      • 其他扩展权限:platform-applicationcom.apple.private.skip-library-validationcom.apple.system-task-portscom.apple.private.thread-set-statecom.apple.private.security.no-container
    • 目的:允许debugserver调试其他app
  • 已去掉权限:com.apple.security.network.servercom.apple.security.network.client
    • 目的:防止后续lldb调试报错Failed to get connection from a remote gdb process
  • 已去掉权限:seatbelt-profiles
    • 目的:防止后续debugserver加上-l的日志文件时报错:Failed to open log file for writing errno = 1 Operation not permitted

把entitlement权限加到debugserver中

  • 概述
    • 推荐用codesign
      codesign -f -s - --entitlements debugserver_debuggable.xml debugserver
  • 详解

results matching ""

    No results matching ""