Cannot run execve on files that are blocked to amfid

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Cannot run execve on files that are blocked to amfid

Postby adam81 » Wed Oct 18, 2017 7:41 am

I wanted to use Kauth in order to block some files from being accessed by no other processes except mine.

However, it seems like there's a unwanted side effect to this request since I also block the file from `/usr/libexec/amfid` (The mobile file integrity daemon, funny it's also existed in macOS).

does my assumption right ? does any mach-o file need to be accessed by amfid for inspection prior to execution ?
adam81
 
Posts: 19
Joined: Mon Jan 25, 2016 9:26 am

Re: Cannot run execve on files that are blocked to amfid

Postby morpheus » Wed Oct 18, 2017 9:58 am

Third party signed binaries (i.e. not ad-hoc) MUST go through AMFId because AMFI.kext detects a signature and realizes there's no adhoc flag. For lack of PKI verification in kernel (and other requirements such as expiration, revocation ,etc), it calls up to amfid.
morpheus
Site Admin
 
Posts: 532
Joined: Thu Apr 11, 2013 6:24 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 4 guests