Proof-of-concept code for understanding the allow-jit entitlement on macOS.

Internals:

• multiple-regions - Allocates multiple regions with the MAP_JIT flag to demonstrate that the allow-jit entitlement does not limit the number of JIT regions.
• different-threads - Demonstrates that pthread_jit_write_protect_np is thread-specific.
• chained-alloc - Allocation of JIT memory from previously-allocated JIT regions.

Shellcode execution:

• sc-loader - A simple shellcode loader (dylib).
• target - A standalone executable that accepts two arguments: the path to a dylib and an exported function name.
• target-allowlist - A variant of target with the jit-write-allowlist entitlement.

For more information, please see our blog post.