Loading...
--- dyld/dyld-1340/mach_o/Policy.cpp
+++ dyld/dyld-1162/mach_o/Policy.cpp
@@ -21,13 +21,12 @@
* @APPLE_LICENSE_HEADER_END@
*/
+#include "Defines.h"
#include "Error.h"
#include "Platform.h"
#include "Architecture.h"
#include "Version32.h"
#include "Policy.h"
-#include <mach-o/fixup-chains.h>
-#include <mach-o/loader.h>
namespace mach_o {
@@ -37,24 +36,17 @@
// MARK: --- Policy methods ---
//
-Policy::Policy(Architecture arch, PlatformAndVersions pvs, uint32_t filetype, bool pathMayBeInSharedCache, bool kernel, bool staticExec)
+Policy::Policy(Architecture arch, PlatformAndVersions pvs, uint32_t filetype, bool pathMayBeInSharedCache)
: _featureEpoch(pvs.platform.epoch(pvs.minOS)), _enforcementEpoch(pvs.platform.epoch(pvs.sdk)),
- _arch(arch), _pvs(pvs), _filetype(filetype), _pathMayBeInSharedCache(pathMayBeInSharedCache), _kernel(kernel), _staticExec(staticExec)
+ _arch(arch), _pvs(pvs), _filetype(filetype), _pathMayBeInSharedCache(pathMayBeInSharedCache)
{
}
bool Policy::dyldLoadsOutput() const
{
- if ( _kernel )
- return false;
-
- if ( _staticExec )
- return false;
-
switch (_filetype) {
case MH_EXECUTE:
case MH_DYLIB:
- case MH_DYLIB_STUB:
case MH_BUNDLE:
case MH_DYLINKER:
return true;
@@ -62,43 +54,17 @@
return false;
}
-bool Policy::isDynamicFirmware() const
-{
- return dyldLoadsOutput() && (_pvs.platform == Platform::firmware);
-}
-
-bool Policy::kernelOrKext() const
-{
- if ( _kernel )
- return true;
- return _filetype == MH_KEXT_BUNDLE;
-}
// features
Policy::Usage Policy::useBuildVersionLoadCommand() const
{
if ( _pvs.platform == Platform::bridgeOS )
return Policy::mustUse;
-
- // all arm64 variants are new and use LC_BUILD_VERSION
- if ( _arch == Architecture::arm64 ) {
- // except for pre-12.0 iOS and tvOS devices
- if ( ((_pvs.platform == Platform::iOS) || (_pvs.platform == Platform::tvOS)) && (_featureEpoch < Platform::Epoch::fall2018) )
- return Policy::mustNotUse;
- return Policy::mustUse;
- }
-
return (_featureEpoch >= Platform::Epoch::fall2018) ? Policy::preferUse : Policy::mustNotUse;
}
Policy::Usage Policy::useDataConst() const
{
- if ( !dyldLoadsOutput() )
- return Policy::preferDontUse;
-
- if ( _pvs.platform == Platform::firmware )
- return Policy::preferDontUse;
-
return (_featureEpoch >= Platform::Epoch::fall2019) ? Policy::preferUse : Policy::mustNotUse;
}
@@ -112,25 +78,10 @@
return (_featureEpoch >= Platform::Epoch::fall2024) ? Policy::preferUse : Policy::mustNotUse;
}
-Policy::Usage Policy::useConstInterpose() const
-{
- if ( !dyldLoadsOutput() )
- return Policy::preferDontUse;
-
- return (_featureEpoch >= Platform::Epoch::fall2024) ? Policy::preferUse : Policy::mustNotUse;
-}
Policy::Usage Policy::useChainedFixups() const
{
- if ( kernelOrKext() ) {
- // arm64e kernel/kext use chained fixups
- if ( _arch.usesArm64AuthPointers() )
- return Policy::mustUse;
- // arm64/x86 kernel/kexts use classic relocations
- return Policy::mustNotUse;
- }
-
- // firmware may use chained fixups, but has to opt-in
+ // fixups are for userland binaries
if ( !dyldLoadsOutput() )
return Policy::preferDontUse;
@@ -141,9 +92,6 @@
// in general Fall2020 OSs supported chained fixups
Platform::Epoch chainedFixupsEpoch = Platform::Epoch::fall2020;
-
- if ( _pvs.platform == Platform::iOS ) // chained fixups on iOS since 13.4
- chainedFixupsEpoch = Platform::Epoch::spring2020;
// simulators support is later than OS support
if ( _pvs.platform.isSimulator() )
@@ -157,11 +105,6 @@
if ( _arch.usesx86_64Instructions() && (_filetype == MH_EXECUTE) ) {
chainedFixupsEpoch = Platform::Epoch::fall2022;
}
-
- // builders run on x86, for arm64e we allow chained fixups on 11.0 for the software update stack
- // rdar://118859281 (arm64e: Libraries need support for 11.0 deployment targets)
- if ( _arch.usesArm64AuthPointers() )
- chainedFixupsEpoch = Platform::Epoch::fall2020;
}
// use chained fixups for newer OS releases
@@ -171,47 +114,10 @@
return Policy::mustNotUse;
}
-uint16_t Policy::chainedFixupsFormat() const
-{
- if ( _arch.usesArm64AuthPointers() ) {
- // rdar://142631843 (ld uses inconsistent chained fixup format for firmware 'dylibs')
- if ( isDynamicFirmware() )
- return DYLD_CHAINED_PTR_ARM64E_USERLAND24;
-
- if ( !dyldLoadsOutput() )
- return DYLD_CHAINED_PTR_ARM64E_KERNEL;
-
- // 24-bit binds supported since iOS 15.0 and aligned releases
- if ( _featureEpoch >= Platform::Epoch::fall2021 )
- return DYLD_CHAINED_PTR_ARM64E_USERLAND24;
-
- return DYLD_CHAINED_PTR_ARM64E;
- } else if ( _arch.is64() ) {
- // rdar://142631843 (ld uses inconsistent chained fixup format for firmware 'dylibs')
- if ( isDynamicFirmware() )
- return DYLD_CHAINED_PTR_64_OFFSET;
-
- if ( !dyldLoadsOutput() )
- return DYLD_CHAINED_PTR_64_OFFSET;
-
- if ( _featureEpoch >= Platform::Epoch::fall2021 )
- return DYLD_CHAINED_PTR_64_OFFSET;
-
- return DYLD_CHAINED_PTR_64;
- } else {
- if ( dyldLoadsOutput() )
- return DYLD_CHAINED_PTR_32;
- return DYLD_CHAINED_PTR_32_FIRMWARE;
- }
-}
-
Policy::Usage Policy::useOpcodeFixups() const
{
// opcode fixups introduced in macOS 10.6
if ( _arch.usesx86_64Instructions() && (_pvs.platform == Platform::macOS) && (_pvs.minOS < Version32(10,6)) )
- return Policy::mustNotUse;
-
- if ( kernelOrKext() )
return Policy::mustNotUse;
// if not pre-macOS 10.6, then complement useChainedFixups()
@@ -244,28 +150,6 @@
return Policy::mustNotUse;
}
-Policy::Usage Policy::optimizeClassPatching() const
-{
- if ( _filetype != MH_DYLIB )
- return Policy::mustNotUse;
-
- if ( _featureEpoch >= Platform::Epoch::fall2022 )
- return Policy::preferUse;
-
- return Policy::mustNotUse;
-}
-
-Policy::Usage Policy::optimizeSingletonPatching() const
-{
- if ( _filetype != MH_DYLIB )
- return Policy::mustNotUse;
-
- if ( _featureEpoch >= Platform::Epoch::fall2022 )
- return Policy::preferUse;
-
- return Policy::mustNotUse;
-}
-
Policy::Usage Policy::useAuthStubsInKexts() const
{
if ( _arch.usesArm64AuthPointers() && (_filetype == MH_KEXT_BUNDLE) && (_featureEpoch >= Platform::Epoch::fall2021) )
@@ -288,24 +172,32 @@
Policy::Usage Policy::useSourceVersionLoadCommand() const
{
- // objects/firmware don't use LC_SOURCE_VERSION
- switch (_filetype) {
- case MH_OBJECT:
- case MH_PRELOAD:
- return Policy::preferDontUse;
- default:
- break;
- }
-
- if ( _featureEpoch >= Platform::Epoch::fall2012 )
+ // Only userland uses LC_SOURCE_VERSION
+ if ( !dyldLoadsOutput() )
+ return Policy::preferDontUse;
+
+ if ( _featureEpoch >= Platform::Epoch::fall2015 )
return Policy::preferUse;
return Policy::preferDontUse;
}
+Policy::Usage Policy::useLegacyLinkedit() const
+{
+ if ( dyldLoadsOutput() ) {
+ // older releases didn't have a regular year-based version bump, so check the exact versions
+ if ( _pvs.platform == Platform::macOS && _pvs.minOS < Version32(10, 6) )
+ return Policy::mustUse;
+ if ( _pvs.platform == Platform::iOS && _pvs.minOS < Version32(3, 1) )
+ return Policy::mustUse;
+ }
+
+ return Policy::preferDontUse;
+}
+
bool Policy::use4KBLoadCommandsPadding() const
{
- if ( (_filetype == MH_DYLIB || _filetype == MH_DYLIB_STUB) && _pathMayBeInSharedCache )
+ if ( _filetype == MH_DYLIB && _pathMayBeInSharedCache )
return true;
return false;
}
@@ -316,77 +208,11 @@
return ( _featureEpoch >= Platform::Epoch::fall2024 );
}
-bool Policy::useProtectedStack() const
-{
- return false;
-}
-
-bool Policy::canUseEntryName() const
-{
- if ( _pvs.platform == Platform::driverKit )
- return false;
-
- switch ( _filetype ) {
- case MH_EXECUTE:
- case MH_PRELOAD:
- case MH_DYLINKER:
- return true;
- default:
- return false;
- }
-}
-
-Policy::Usage Policy::useEntryPointLoadCommand() const
-{
- if ( _filetype != MH_EXECUTE )
- return Policy::Usage::mustNotUse;
-
- if ( _staticExec )
- return Policy::Usage::mustNotUse;
-
- if ( _pvs.platform == Platform::driverKit )
- return Policy::Usage::mustNotUse;
-
- if ( _arch.usesArm64Instructions() )
- return Policy::Usage::mustUse;
-
- return (_featureEpoch >= Platform::Epoch::fall2012 ? Policy::Usage::mustUse : Policy::Usage::mustNotUse);
-}
-
-bool Policy::keepDwarfUnwind() const
-{
- if ( _staticExec )
- return true;
- if ( kernelOrKext() )
- return true;
-
- switch ( _filetype ) {
- case MH_PRELOAD:
- case MH_OBJECT:
- return true;
- default:
- return (_featureEpoch < Platform::Epoch::fall2013);
- }
-}
-
-bool Policy::canInferEmptySignedClassROs() const
-{
- if ( !_arch.usesArm64AuthPointers() )
- return false;
-
- if ( !dyldLoadsOutput() )
- return false;
-
- return (_featureEpoch >= Platform::Epoch::fall2019);
-}
// enforcements
bool Policy::enforceReadOnlyLinkedit() const
{
- if ( _filetype == MH_EXECUTE )
- return (_enforcementEpoch >= Platform::Epoch::fall2025);
- else
- return (_enforcementEpoch >= Platform::Epoch::fall2015);
+ return (_enforcementEpoch >= Platform::Epoch::fall2015);
}
bool Policy::enforceLinkeditContentAlignment() const
@@ -401,10 +227,7 @@
bool Policy::enforceSegmentOrderMatchesLoadCmds() const
{
- if ( _filetype == MH_EXECUTE )
- return (_enforcementEpoch >= Platform::Epoch::fall2025);
- else
- return (_enforcementEpoch >= Platform::Epoch::fall2019);
+ return (_enforcementEpoch >= Platform::Epoch::fall2019);
}
bool Policy::enforceTextSegmentPermissions() const
@@ -429,7 +252,7 @@
bool Policy::enforceHasLinkedDylibs() const
{
- return (_enforcementEpoch >= Platform::Epoch::spring2025);
+ return (_enforcementEpoch >= Platform::Epoch::fall2021);
}
bool Policy::enforceInstallNamesAreRealPaths() const
@@ -439,15 +262,7 @@
bool Policy::enforceHasUUID() const
{
- switch ( _filetype ) {
- case MH_OBJECT:
- return false;
- case MH_EXECUTE:
- // dyld main executable validation was not enabled until Fall 2025
- return (_enforcementEpoch >= Platform::Epoch::fall2025);
- default:
- return (_enforcementEpoch >= Platform::Epoch::fall2021);
- }
+ return (_filetype != MH_OBJECT) && (_enforcementEpoch >= Platform::Epoch::fall2021);
}
bool Policy::enforceMainFlagsCorrect() const
@@ -457,43 +272,22 @@
bool Policy::enforceNoDuplicateDylibs() const
{
- return (_enforcementEpoch >= Platform::Epoch::fall2025);
+ return (_enforcementEpoch >= Platform::Epoch::fall2024);
}
bool Policy::enforceNoDuplicateRPaths() const
{
- return (_enforcementEpoch >= Platform::Epoch::fall2025);
+ return (_enforcementEpoch >= Platform::Epoch::fall2024);
}
bool Policy::enforceDataSegmentPermissions() const
-{
- return (_enforcementEpoch >= Platform::Epoch::fall2025);
-}
-
-bool Policy::enforceDataConstSegmentPermissions() const
{
// dylibs in shared region don't set SG_READ_ONLY because of __objc_const
if ( _pathMayBeInSharedCache )
return false;
- return (_enforcementEpoch >= Platform::Epoch::spring2025);
-}
-
-bool Policy::enforceImageListRemoveMainExecutable() const
-{
- // Old simulators add the main executable to all_image_info in the simulator process, not in the host
- return (_enforcementEpoch <= Platform::Epoch::fall2022);
-}
-
-bool Policy::enforceSetSimulatorSharedCachePath() const
-{
- // Old simulators do not correctly fill out the private cache fields in the all_image_info, so do it for them
- return (_enforcementEpoch <= Platform::Epoch::fall2021);
-}
-
-bool Policy::enforceUniqueSegmentNames() const
-{
- return (_enforcementEpoch >= Platform::Epoch::fall2025);
-}
+ return (_enforcementEpoch >= Platform::Epoch::fall2023);
+}
+