Add support for Process Blocking configuration (#10)

* RestrictEvents.cpp: Add process blocking configuration

* RestrictEvents.cpp: Add telemetry plugin block

* RestrictEvents.cpp: Fix declaration

* Revert non-functional telemetry patch

* RestrictEvents.cpp: Add MacPro7,1 model check

* RestrictEvents.cpp: Close statement

* Rename `pcie` arg to `pci`

Match revpatch argument

* RestrictEvents.cpp: Adjust

* Adjust to strlen

* Remove -1

* Set Post Increment and const to Blacklist

* Adjust variable handling

* Revert "Adjust variable handling”, use sizeof

This reverts commit bed2502.

Changelog.md

@@ -1,5 +1,14 @@
 RestrictEvents Changelog
 ========================
+#### v1.0.9
+- Added `revblock` for user configuration of blocking processes
+- Added additional process blocking:
+  - `gmux` - block displaypolicyd on Big Sur+ (for genuine MacBookPro9,1/10,1)
+  - `media` - block mediaanalysisd on Ventura+ (for Metal 1 GPUs)
+  - `pci` - block PCIe & memory notifications (for MacPro7,1 SMBIOS)
+    - Previous unconditional
+  - `auto` - same as `pci`, set by default
+
 #### v1.0.8
 - Added constants for macOS 13 support
 - Do not enable Memory and PCI UI patching on real Macs in `auto` mode

README.md

@@ -33,9 +33,15 @@ _Note_: Apple CPU identifier must be `0x0F01` for 8 core CPUs or higher and `0x0
   - `auto` - same as `memtab,pci,cpuname`, without `memtab` and `pci` patches being applied on real Macs
 - `revcpu=value` to enable (`1`, non-Intel default)/disable (`0`, Intel default) CPU brand string patching.
 - `revcpuname=value` custom CPU brand string (max 48 characters, 20 or less recommended, taken from CPUID otherwise)
+- `revblock=value` to block processes as comma separated options. Default value is `auto`.
+  - `pci` - block ExpansionSlotNotification and MemorySlotNotification on Catalina+ (for MacPro7,1 SMBIOS)
+  - `gmux` - block displaypolicyd on Big Sur+ (for genuine MacBookPro9,1/10,1)
+  - `media` - block mediaanalysisd on Ventura+ (for Metal 1 GPUs)
+  - `none` - disable all blocking
+  - `auto` - same as `pci`
 
-_Note_: `4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:revpatch`, `4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:revcpu` and `4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:revcpuname` NVRAM variables work the same as the boot arguments, but have lower priority.
+_Note_: `4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:revpatch`, `4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:revcpu`, `4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:revcpuname` and `4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:revblock` NVRAM variables work the same as the boot arguments, but have lower priority.
 
 #### Credits
-- [Apple](https://www.apple.com) for macOS  
-- [vit9696](https://github.com/vit9696) for [Lilu.kext](https://github.com/vit9696/Lilu) and great help in implementing some features 
+- [Apple](https://www.apple.com) for macOS
+- [vit9696](https://github.com/vit9696) for [Lilu.kext](https://github.com/vit9696/Lilu) and great help in implementing some features

RestrictEvents/RestrictEvents.cpp

@@ -76,18 +76,14 @@ static pmCallBacks_t pmCallbacks;
 static uint8_t findDiskArbitrationPatch[] = { 0x83, 0xF8, 0x02 };
 static uint8_t replDiskArbitrationPatch[] = { 0x83, 0xF8, 0x0F };
 
+const char *procBlacklist[10] = {};
+
 struct RestrictEventsPolicy {
 
 	/**
 	 *  Policy to restrict blacklisted process execution
 	 */
 	static int policyCheckExecve(kauth_cred_t cred, struct vnode *vp, struct vnode *scriptvp, struct label *vnodelabel, struct label *scriptlabel, struct label *execlabel, struct componentname *cnp, u_int *csflags, void *macpolicyattr, size_t macpolicyattrlen) {
-
-		static const char *procBlacklist[] {
-			"/System/Library/CoreServices/ExpansionSlotNotification",
-			"/System/Library/CoreServices/MemorySlotNotification",
-		};
-
 		char pathbuf[MAXPATHLEN];
 		int len = MAXPATHLEN;
 		int err = vn_getpath(vp, pathbuf, &len);
@@ -97,6 +93,7 @@ struct RestrictEventsPolicy {
 			DBGLOG_COND(verboseProcessLogging, "rev", "got request %s", pathbuf);
 
 			for (auto &proc : procBlacklist) {
+				if (proc == nullptr) break;
 				if (strcmp(pathbuf, proc) == 0) {
 					DBGLOG("rev", "restricting process %s", pathbuf);
 					return EPERM;
@@ -263,6 +260,52 @@ struct RestrictEventsPolicy {
 		return true;
 	}
 
+	static void getBlockedProcesses(BaseDeviceInfo *info) {
+		// Updates procBlacklist with list of processes to block
+		char duip[128] { "auto" };
+		if (PE_parse_boot_argn("revblock", duip, sizeof(duip))) {
+			DBGLOG("rev", "read revblock from boot-args");
+		} else if (readNvramVariable(NVRAM_PREFIX(LILU_VENDOR_GUID, "revblock"), u"revblock", &EfiRuntimeServices::LiluVendorGuid, duip, sizeof(duip))) {
+			DBGLOG("rev", "read revblock from NVRAM");
+		}
+
+		char *value = reinterpret_cast<char *>(&duip[0]);
+		value[sizeof(duip) - 1] = '\0';
+		size_t i = 0;
+
+		// Disable notification prompts for mismatched memory configuration on MacPro7,1
+		if (strcmp(info->modelIdentifier, "MacPro7,1") == 0) {
+			if (strstr(value, "pci", strlen("pci")) || strstr(value, "auto", strlen("auto"))) {
+				if (getKernelVersion() >= KernelVersion::Catalina) {
+					DBGLOG("rev", "disabling PCIe & memory notifications");
+					procBlacklist[i++] = (char *)"/System/Library/CoreServices/ExpansionSlotNotification";
+					procBlacklist[i++] = (char *)"/System/Library/CoreServices/MemorySlotNotification";
+				}
+			}
+		}
+
+		// MacBookPro9,1 and MacBookPro10,1 GMUX fails to switch with 'displaypolicyd' active in Big Sur and newer
+		if (strstr(value, "gmux", strlen("gmux"))) {
+			if (getKernelVersion() >= KernelVersion::BigSur) {
+				DBGLOG("rev", "disabling displaypolicyd");
+				procBlacklist[i++] = (char *)"/usr/libexec/displaypolicyd";
+			}
+		}
+
+		// Metal 1 GPUs will hard crash when 'mediaanalysisd' is active on Ventura and newer
+		if (strstr(value, "media", strlen("media"))) {
+			if (getKernelVersion() >= KernelVersion::Ventura) {
+				DBGLOG("rev", "disabling mediaanalysisd");
+				procBlacklist[i++] = (char *)"/System/Library/PrivateFrameworks/MediaAnalysis.framework/Versions/A/mediaanalysisd";
+			}
+		}
+
+		for (auto &proc : procBlacklist) {
+			if (proc == nullptr) break;
+			DBGLOG("rev", "blocking %s", proc);
+		}
+	}
+
 	static uint32_t getCoreCount() {
 		// I think AMD patches bork the topology structure, go over all the packages assuming single CPU systems.
 		// REF: https://github.com/acidanthera/bugtracker/issues/1625#issuecomment-831602457
@@ -458,6 +501,7 @@ PluginConfiguration ADDPR(config) {
 		DBGLOG("rev", "restriction policy plugin loaded");
 		verboseProcessLogging = checkKernelArgument("-revproc");
 		auto di = BaseDeviceInfo::get();
+		RestrictEventsPolicy::getBlockedProcesses(&di);
 		RestrictEventsPolicy::processEnableUIPatch(&di);
 		restrictEventsPolicy.policy.registerPolicy();
 		revassetIsSet = enableAssetPatching;
@@ -486,12 +530,12 @@ PluginConfiguration ADDPR(config) {
 					modelFindSize  = sizeof("MacBookPro10");
 					DBGLOG("rev", "detected MBP10");
 				}
-				
+
 				if (modelFindPatch != nullptr) {
 					binPathSystemInformation = getKernelVersion() >= KernelVersion::Catalina ? binPathSystemInformationCatalina : binPathSystemInformationLegacy;
 				}
 			}
-			
+
 			needsCpuNamePatch = enableCpuNamePatching ? RestrictEventsPolicy::needsCpuNamePatch() : false;
 			if (modelFindPatch != nullptr || needsCpuNamePatch || enableDiskArbitrationPatching ||
 				(getKernelVersion() >= KernelVersion::Monterey ||
@@ -509,7 +553,7 @@ PluginConfiguration ADDPR(config) {
 						if (!vnodePagerOpsKernel)
 							SYSLOG("rev", "failed to solve _vnode_pager_ops");
 					}
-					
+
 					if (!patcher.routeMultipleLong(KernelPatcher::KernelID, &csRoute, 1))
 						SYSLOG("rev", "failed to route cs validation pages");
 					if ((getKernelVersion() >= KernelVersion::Monterey ||