问题
Years ago we wrote an application that needs to monitor resource usage of several processes. This was back in the days of Snow Leopard. The command line command ps had more than enough of what we needed so we got a copy of the source code for ps and figured out what functions they were calling and why, and then used similar calls used in ps for the basis of our project, but ours was written in Objective C, not C. This was NOT a ps copy we simply based the modeling of the code on how ps got the core of the info. This worked fine from Snow Leopard up through Yosemite.
Enter El Capitan and rootless mode. What was working is no longer working. Initially we blew this off because we were looking at beta versions of El Capitan and even ps itself was exhibiting similar behavior. As time progressed ps started working under El Capitan but not our code.
When we run our application it can provide generic information like the name of the process and the pid on all processes, but on any processes the user doesn’t actually “own” for memory and CPU use, it’s reporting zeros for everything. It appears to report these properly on processes the user owns/starts by themselves.
Looking at the log files, the rampant error is of the following type:
System Policy: deny(1) mach-priv-task-port
The above shows up on El Capitan 10.11.2. Previous versions of the OS indicated there were problems with the task_for_pid being "not allowed" or something like that (I don't have older log files handy right now).
Looking at the newer ps source code, I find the following .plist file is now part of the development kit. This was not in the code from years ago:
http://www.opensource.apple.com/source/adv_cmds/adv_cmds-163/ps/entitlements.plist
Here’s a link to the ps code in El Capitan for those interested:
http://www.opensource.apple.com/source/adv_cmds/adv_cmds-163/ps/
My question is pretty simple, what do I need to do to get the system to allow us to use task_for_pid() again, or maybe better yet, a better way to get this info from the kernel without running into rootless mode problems. FYI if rootless is disabled everything in our current application runs just fine. By the looks of that plist file it looks like they're signing it and allowing access to the function, but is this an "apple only" allowance?
FWIW our original code was compiled using gcc with an old fashioned make file.
来源:https://stackoverflow.com/questions/34468640/getting-task-for-pid-to-work-in-el-capitan