#include <mach/kern_return.h>
#include <mach/message.h>
#include <mach/mig_errors.h>
-#include "mach_notify.h"
+#include "mach_notifyServer.h"
#include <security_utilities/debugging.h>
#include <malloc/malloc.h>
# include <sys/time.h>
#endif
+#define SEC_MACH_AUDIT_TOKEN_PID (5)
+
namespace Security {
namespace MachPlusPlus {
bufRequest.msgId() <= MACH_NOTIFY_LAST) {
// mach kernel notification message
// we assume this is quick, so no thread arbitration here
+ mach_msg_audit_trailer_t *tlr = bufRequest.auditTrailer();
+ if (tlr == NULL || tlr->msgh_audit.val[SEC_MACH_AUDIT_TOKEN_PID] != 0) {
+ secnotice("machserver", "ignoring invalid notify message");
+ continue;
+ }
cdsa_notify_server(bufRequest, bufReply);
} else {
// normal request message
* To avoid falling off the kernel's fast RPC path unnecessarily,
* we only supply MACH_SEND_TIMEOUT when absolutely necessary.
*/
- mr = mach_msg_overwrite(bufReply,
+ mr = mach_msg_overwrite(bufReply,
(MACH_MSGH_BITS_REMOTE(bufReply.bits()) ==
MACH_MSG_TYPE_MOVE_SEND_ONCE) ?
MACH_SEND_MSG | mMsgOptions :
MACH_SEND_MSG | MACH_SEND_TIMEOUT | mMsgOptions,
bufReply.length(), 0, MACH_PORT_NULL,
0, MACH_PORT_NULL, NULL, 0);
- switch (mr) {
- case MACH_MSG_SUCCESS:
- break;
- default:
+ switch (mr) {
+ case MACH_MSG_SUCCESS:
+ break;
+ case MACH_SEND_INVALID_DEST:
+ case MACH_SEND_TIMED_OUT:
secinfo("machserver", "send error: %d %d", mr, bufReply.remotePort().port());
- bufReply.destroy();
- break;
- }
+ bufReply.destroy();
+ break;
+ default:
+ secinfo("machserver", "send error: %d %d", mr, bufReply.remotePort().port());
+ break;
+ }
// clean up after the transaction
MachServer::active().notifyDeadName(port);
} catch (...) {
}
+ // the act of receiving a dead name notification allocates a dead-name
+ // right that must be deallocated
+ mach_port_deallocate(mach_task_self(), port);
return KERN_SUCCESS;
}
projects / apple / security.git / blobdiff