Apple notarization break vm_protect

PostPosted: Tue Jun 04, 2019 7:27 am
by adam81

For using Apple dyld API NSCreateObjectFileImageFromMemory that allows on-demand code section loader, I need to prepare memory with valid permissions (write and execute).

However, after sending my macho file to Apple notarization service, I get the following error:

Code: Select all
 kernel: CODE SIGNING: 568[myapp] vm_map_protect can't have both write and exec at the same time

Denote, that if the product is signed but not notarized, this error doesn't happening.

my code looks basically this way :

Code: Select all
start = getsectiondata(&_mh_execute_header, "__TEXT", "__mysection", &size);

if (vm_protect(mach_task_self(), (vm_address_t)start, (vm_size_t)size, 0, VM_PROT_WRITE) != KERN_SUCCESS)
    // bad

Any idea How can I overcome this issue (maybe it's optional to set permission to write only although it's in __TEXT area) ?

thanks !

Re: Apple notarization break vm_protect

PostPosted: Wed Jul 10, 2019 4:27 am
by morpheus
Is your app signed 20500? If so, did you entitle yourself with or the debugger entitlement?