taskgated —
task_for_pid access control daemon
taskgated is a system daemon that implements a
policy for the task_for_pid system service. When the kernel is asked for the
task port of a process, and preliminary access control checks pass, it
invokes this daemon (via launchd) to make the decision.
- system.privilege.taskport
- Authorization right used to check access of processes with the
com.apple.security.cs.debugger entitlement.
- system.privilege.taskport.safe
- Authorization right used to check access of processes with the
com.apple.private.cs.debugger.safe entitlement.
- system.privilege.taskport.debug
- Authorization right used to check access of processes with the
com.apple.private.cs.debugger entitlement.
- SecTaskAccess
- (DEPRECATED as of macOS 10.14, use the
com.apple.security.cs.debugger entitlement instead) A value of
"allowed" can be set for any program that wants access to task
ports.
- /etc/authorization
- to configure the authorization used.
- /System/Library/LaunchDaemons/com.apple.taskgated
- startup configuration file for
taskgated