]> git.saurik.com Git - apple/launchd.git/blob - launchd/src/bootstrap.defs
cc7f9e8169af6a1385ff9afb1dcd32d2d1973f49
[apple/launchd.git] / launchd / src / bootstrap.defs
1 /*
2 * Copyright (c) 1999-2004 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * "Portions Copyright (c) 1999 Apple Computer, Inc. All Rights
7 * Reserved. This file contains Original Code and/or Modifications of
8 * Original Code as defined in and that are subject to the Apple Public
9 * Source License Version 1.0 (the 'License'). You may not use this file
10 * except in compliance with the License. Please obtain a copy of the
11 * License at http://www.apple.com/publicsource and read it before using
12 * this file.
13 *
14 * The Original Code and all software distributed under the License are
15 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
16 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
17 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
19 * License for the specific language governing rights and limitations
20 * under the License."
21 *
22 * @APPLE_LICENSE_HEADER_END@
23 */
24 /*
25 * bootstrap -- fundamental service initiator and port server
26 * Mike DeMoney, NeXT, Inc.
27 * Copyright, 1990. All rights reserved.
28 *
29 * bootstrap.defs -- Mig interface definition
30 */
31
32 subsystem bootstrap 400;
33
34 /*
35 * Interface: Bootstrap server
36 *
37 * The bootstrap server is the first user-mode task initiated by the Mach
38 * kernel at system boot time. The bootstrap server provides two services,
39 * it initiates other system tasks, and manages a table of name-port bindings
40 * for fundamental system services (e.g. lookupd, Window Manager, etc...).
41 *
42 * Name-port bindings can be established with the bootstrap server by either
43 * of two mechanisms:
44 *
45 * 1. The binding can be indicated, in advance of the service that backs it
46 * being available, via a "service create" request. In this case, bootstrap
47 * will immediately create a port and bind the indicated name with that port.
48 * At a later time, a service may "checkin" for the name-port
49 * binding and will be returned receive rights for the bound port. Lookup's
50 * on bindings created by this mechanism will return send rights to the port,
51 * even if no service has "checked-in". In this case, requests sent to the
52 * bound port will be queued until a server has checked-in and can satisfy the
53 * request.
54 *
55 * 2. Bindings can be established dynamically via a "register" request. In
56 * this case, the register request provides bootstrap with a name and send
57 * rights for a port. Bootstrap will provide send rights for the bound port
58 * to any requestor via the lookup request.
59 *
60 * Bootstrap provides its service port to descendant tasks via the Mach
61 * "bootstrap" special task port. All direct descendants of bootstrap receive
62 * a "privileged" bootstrap service port. System services that initiate
63 * untrusted tasks should replace the Mach bootstrap task special port with
64 * a subset bootstrap port to prevent them from infecting the namespace.
65 *
66 * The bootstrap server creates a "backup" port for each service that it
67 * creates. This is used to detect when a checked out service is no longer
68 * being served. The bootstrap server regains all rights to the port and
69 * it is marked available for check-out again. This allows crashed servers to
70 * resume service to previous clients. Lookup's on this named port will
71 * continue to be serviced by bootstrap while holding receive rights for the
72 * bound port. A client may detect that the service is inactive via the
73 * bootstrap status request. If an inactive service re-registers rather
74 * than "checking-in" the original bound port is destroyed.
75 *
76 * The status of a named service may be obtained via the "status" request.
77 * A service is "active" if a name-port binding exists and receive rights
78 * to the bound port are held by a task other than bootstrap.
79 *
80 * The bootstrap server may also (re)start server processes associated with
81 * with a set of services. The definition of the server process is done
82 * through the "create server" request. The server will be launched in the
83 * same bootstrap context in which it was registered.
84 */
85
86 #include <mach/std_types.defs>
87 #include <mach/mach_types.defs>
88 import <servers/bootstrap_defs.h>;
89
90 type cmd_t = c_string[512];
91 type name_t = c_string[128];
92 type cmd_array_t = ^array [] of cmd_t;
93 type name_array_t = ^array [] of name_t;
94 type bootstrap_status_t = integer_t;
95 type bootstrap_status_array_t = ^array [] of bootstrap_status_t;
96
97 serverprefix x_;
98
99 /*
100 * kern_return_t
101 * bootstrap_create_server(mach_port_t __bs_port,
102 * cmd_t __server_command,
103 * natural_t __server_uid,
104 * boolean_t __on_demand,
105 * mach_port_t *__server_port)
106 *
107 * Declares a server that mach_init will re-spawn within the specified
108 * bootstrap context. The server is considered already "active"
109 * (i.e. will not be re-spawned) until the returned server_port is
110 * deallocated.
111 *
112 * In the meantime, services can be declared against the server,
113 * by using the server_port as the privileged bootstrap target of
114 * subsequent bootstrap_create_service() calls.
115 *
116 * When mach_init re-spawns the server, its task bootstrap port
117 * is set to the privileged sever_port. Through this special
118 * bootstrap port, it can access all of parent bootstrap's context
119 * (and all services are created in the parent's namespace). But
120 * all additional service declarations (and declaration removals)
121 * will be associated with this particular server.
122 *
123 * Only a holder of the server_port privilege bootstrap port can
124 * check in or register over those services.
125 *
126 * When all services associated with a server are deleted, and the server
127 * exits, it will automatically be deleted itself.
128 *
129 * If the server is declared "on_demand," then a non-running server
130 * will be re-launched on first use of one of the service ports
131 * registered against it. Otherwise, it will be re-launched
132 * immediately upon exiting (whether any client is actively using
133 * any of the service ports or not).
134 *
135 * Errors: Returns appropriate kernel errors on rpc failure.
136 * Returns BOOTSTRAP_NOT_PRIVILEGED, bootstrap or uid invalid.
137 */
138 routine bootstrap_create_server(
139 __bs_port : mach_port_t;
140 __server_cmd : cmd_t;
141 __server_uid : natural_t;
142 __on_demand : boolean_t;
143 ServerAuditToken token : audit_token_t;
144 out __server_port : mach_port_make_send_t);
145
146 /*
147 * kern_return_t
148 * bootstrap_unprivileged(mach_port_t __bs_port,
149 * mach_port_t *__unpriv_port)
150 *
151 * Given a bootstrap port, return its unprivileged equivalent. If
152 * the port is already unprivileged, another reference to the same
153 * port is returned.
154 *
155 * This is most often used by servers, which are launched with their
156 * bootstrap port set to the privileged port for the server, to get
157 * an unprivileged version of the same port for use by its unprivileged
158 * children (or any offspring that it does not want to count as part
159 * of the "server" for mach_init registration and re-launch purposes).
160 */
161 routine bootstrap_unprivileged(
162 __bs_port : mach_port_t;
163 out __unpriv_port : mach_port_t);
164
165 /*
166 * kern_return_t
167 * bootstrap_check_in(mach_port_t __bs_port,
168 * name_t __service_name,
169 * mach_port_t *__service_port)
170 *
171 * Returns the receive right for the service named by service_name. The
172 * service must have previously been declared in this bootstrap context via
173 * a call to bootstrap_create_service(). Attempts to check_in a service
174 * which is already active are not allowed.
175 *
176 * If the service was declared as being associated with a server, the
177 * check_in must come from the server's privileged port (server_port).
178 *
179 * Errors: Returns appropriate kernel errors on rpc failure.
180 * Returns BOOTSTRAP_UNKNOWN_SERVICE, if service does not exist.
181 * Returns BOOTSTRAP_NOT_PRIVILEGED, if request directed to
182 * bootstrap port without privilege.
183 * Returns BOOTSTRAP_SERVICE_ACTIVE, if service has already been
184 * registered or checked-in.
185 */
186 routine bootstrap_check_in(
187 __bs_port : mach_port_t;
188 __service_name : name_t;
189 out __service_port : mach_port_move_receive_t);
190
191 /*
192 * kern_return_t
193 * bootstrap_register(mach_port_t __bs_port,
194 * name_t __service_name,
195 * mach_port_t __service_port)
196 *
197 * Registers a send right for service_port with the service identified by
198 * service_name. Attempts to register a service where an active binding
199 * already exists are rejected.
200 *
201 * If the service was previously declared with bootstrap_create_service(),
202 * but is not currently active, this call can be used to undeclare the
203 * service. The bootstrap port used must have sufficient privilege to
204 * do so. (Registering MACH_PORT_NULL is especially useful for shutting
205 * down declared services).
206 *
207 * Errors: Returns appropriate kernel errors on rpc failure.
208 * Returns BOOTSTRAP_NOT_PRIVILEGED, if request directed to
209 * bootstrap port without privilege.
210 * Returns BOOTSTRAP_NAME_IN_USE, if service has already been
211 * register or checked-in.
212 */
213 routine bootstrap_register(
214 __bs_port : mach_port_t;
215 __service_name : name_t;
216 __service_port : mach_port_t);
217
218 /*
219 * kern_return_t
220 * bootstrap_look_up(mach_port_t __bs_port,
221 * name_t __service_name,
222 * mach_port_t *__service_port)
223 *
224 * Returns a send right for the service port declared/registered under the
225 * name service_name. The service is not guaranteed to be active. Use the
226 * bootstrap_status call to determine the status of the service.
227 *
228 * Errors: Returns appropriate kernel errors on rpc failure.
229 * Returns BOOTSTRAP_UNKNOWN_SERVICE, if service does not exist.
230 */
231 routine bootstrap_look_up(
232 __bs_port : mach_port_t;
233 __service_name : name_t;
234 out __service_port : mach_port_t);
235
236 /*
237 * kern_return_t
238 * bootstrap_look_up_array(mach_port_t __bs_port,
239 * name_array_t __service_names,
240 * int __service_names_cnt,
241 * port_array_t *__service_port,
242 * int *__service_ports_cnt,
243 * boolean_t *__all_services_known)
244 *
245 * Returns port send rights in corresponding entries of the array service_ports
246 * for all services named in the array service_names. Service_ports_cnt is
247 * returned and will always equal service_names_cnt (assuming service_names_cnt
248 * is greater than or equal to zero).
249 *
250 * Errors: Returns appropriate kernel errors on rpc failure.
251 * Returns BOOTSTRAP_NO_MEMORY, if server couldn't obtain memory
252 * for response.
253 * Unknown service names have the corresponding service port set
254 * to PORT_NULL.
255 * If all services are known, all_services_known is true on
256 * return, if any service is unknown, it's false.
257 */
258 routine bootstrap_look_up_array(
259 __bs_port : mach_port_t;
260 __service_names : name_array_t;
261 out __service_ports : mach_port_array_t;
262 out __all_services_known: boolean_t);
263
264 /*
265 * kern_return_t
266 * bootstrap_parent(mach_port_t __bs_port,
267 * mach_port_t *__parent_port);
268 *
269 * Given a bootstrap subset port, return the parent bootstrap port.
270 * If the specified bootstrap port is already the root subset,
271 * MACH_PORT_NULL will be returned.
272 *
273 * Errors:
274 * Returns BOOTSTRAP_NOT_PRIVILEGED if the caller is not running
275 * with an effective user id of root (as determined by the security
276 * token in the message trailer).
277 */
278 routine bootstrap_parent(
279 __bs_port : mach_port_t;
280 ServerSecToken __token : security_token_t;
281 out __parent_port : mach_port_make_send_t);
282
283 /*
284 * kern_return_t
285 * bootstrap_status(mach_port_t __bs_port,
286 * name_t __service_name,
287 * bootstrap_status_t *__service_active);
288 *
289 * Returns: service_active indicates if service is active, inactive, or
290 * associated with a launch-on-demand server.
291 *
292 * Errors: Returns appropriate kernel errors on rpc failure.
293 * Returns BOOTSTRAP_UNKNOWN_SERVICE, if service does not exist.
294 */
295 routine bootstrap_status(
296 __bs_port : mach_port_t;
297 __service_name : name_t;
298 out __service_active: bootstrap_status_t);
299
300 /*
301 * kern_return_t
302 * bootstrap_info(port_t __bs_port,
303 * name_array_t *__service_names,
304 * int *__service_names_cnt,
305 * name_array_t *__server_names,
306 * int *__server_names_cnt,
307 * bool_array_t *__service_active,
308 * int *__service_active_cnt);
309 *
310 * Errors: Returns appropriate kernel errors on rpc failure.
311 */
312 routine bootstrap_info(
313 __bs_port : mach_port_t;
314 out __service_names : name_array_t, dealloc;
315 out __server_names : name_array_t, dealloc;
316 out __service_active : bootstrap_status_array_t, dealloc);
317
318 /*
319 * kern_return_t
320 * bootstrap_subset(mach_port_t __bs_port,
321 * mach_port_t __requestor_port,
322 * mach_port_t *__subset_port);
323 *
324 * Returns a new port to use as a bootstrap port. This port behaves
325 * exactly like the previous bootstrap_port, except that ports dynamically
326 * registered via bootstrap_register() are available only to users of this
327 * specific subset_port. Lookups on the subset_port will return ports
328 * registered with this port specifically, and ports registered with
329 * ancestors of this subset_port. Duplications of services already
330 * registered with an ancestor port may be registered with the subset port
331 * are allowed. Services already advertised may then be effectively removed
332 * by registering PORT_NULL for the service.
333 * When it is detected that the requestor_port is destroyed the subset
334 * port and all services advertized by it are destroied as well.
335 *
336 * Errors: Returns appropriate kernel errors on rpc failure.
337 */
338 routine bootstrap_subset(
339 __bs_port : mach_port_t;
340 __requestor_port: mach_port_t;
341 out __subset_port : mach_port_t);
342
343 /*
344 * kern_return_t
345 * bootstrap_create_service(mach_port_t __bs_port,
346 * name_t __service_name,
347 * mach_port_t *__service_port)
348 *
349 * Creates a service named "service_name" and returns send rights to that
350 * port in "service_port." The port may later be checked in as if this
351 * port were configured in the bootstrap configuration file.
352 *
353 * Errors: Returns appropriate kernel errors on rpc failure.
354 * Returns BOOTSTRAP_SERVICE_ACTIVE, if service already exists.
355 */
356 routine bootstrap_create_service(
357 __bs_port : mach_port_t;
358 __service_name : name_t;
359 out __service_port : mach_port_t);
360