taskgated [-s] [-t timeout] [-i pid]
daemon that implements a policy for the task_for_pid system service.
When the kernel is asked for
the task port of a process, and preliminary access control checks pass, it invokes this daemon (via launchd) to make the
decision.
/System/Library/LaunchDaemons/com.apple.taskgated.plist
<key>ProgramArguments</key> <array> <string>/usr/libexec/taskgated</string> <string>-s</string> </array> <key>Label</key> <string>com.apple.taskgated</string> <key>MachServices</key> <dict> <key>com.apple.taskgated</key> <dict> <key>TaskSpecialPort</key> <integer>9</integer> </dict> </dict> <key>POSIXSpawnType</key> <string>Interactive</string> <key>EnableTransactions</key> <true/> <key>Label</key> <string>com.apple.taskgated-helper</string> <key>ProgramArguments</key> <array> <string>/usr/libexec/taskgated-helper</string> </array> <key>POSIXSpawnType</key> <string>Interactive</string> <key>MachServices</key> <dict> <key>com.apple.taskgated.helper</key> <true/> </dict>
-s |
system.privilege.taskport
Authorization right used to check access of allowed (but not safe) callers.
SecTaskAccess
allowed
is required for any program that wants access to task ports. safe
bypasses authorization checks if so configured. Code must be signed by any system-trusted signing authority.
/etc/authorization
to configure the authorization used. Not present as of 9/6/18/System/Library/LaunchDaemons/com.apple.taskgated
startup configuration file Not present as of 9/6/18