[apple/xnu.git] / security / mac_mach.c

/*
 * Copyright (c) 2015 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#include <mach/exception_types.h>
#include <mach/mach_types.h>
#include <sys/param.h>
#include <sys/user.h>
#include <sys/proc.h>
#include <sys/proc_internal.h>
#include <sys/kauth.h>
#include <kern/task.h>

#include <security/mac_framework.h>
#include <security/mac_internal.h>
#include <security/mac_mach_internal.h>

static struct proc *
mac_task_get_proc(struct task *task)
{
	if (task == current_task())
		return proc_self();

	/*
	 * Tasks don't really hold a reference on a proc unless the
	 * calling thread belongs to the task in question.
	 */
	int pid = task_pid(task);
	struct proc *p = proc_find(pid);

	if (p != NULL) {
		if (proc_task(p) == task)
			return p;
		proc_rele(p);
	}
	return NULL;
}

int
mac_task_check_expose_task(struct task *task)
{
	int error;

	struct proc *p = mac_task_get_proc(task);
	if (p == NULL)
		return ESRCH;

	struct ucred *cred = kauth_cred_get();
	MAC_CHECK(proc_check_expose_task, cred, p);
	proc_rele(p);
	return (error);
}

int
mac_task_check_set_host_special_port(struct task *task, int id, struct ipc_port *port)
{
	int error;

	struct proc *p = mac_task_get_proc(task);
	if (p == NULL)
		return ESRCH;

	kauth_cred_t cred = kauth_cred_proc_ref(p);
	MAC_CHECK(proc_check_set_host_special_port, cred, id, port);
	kauth_cred_unref(&cred);
	proc_rele(p);
	return (error);
}

int
mac_task_check_set_host_exception_port(struct task *task, unsigned int exception)
{
	int error;

	struct proc *p = mac_task_get_proc(task);
	if (p == NULL)
		return ESRCH;

	kauth_cred_t cred = kauth_cred_proc_ref(p);
	MAC_CHECK(proc_check_set_host_exception_port, cred, exception);
	kauth_cred_unref(&cred);
	proc_rele(p);
	return (error);
}

int
mac_task_check_set_host_exception_ports(struct task *task, unsigned int exception_mask)
{
	int error = 0;
	int exception;

	struct proc *p = mac_task_get_proc(task);
	if (p == NULL)
		return ESRCH;

	kauth_cred_t cred = kauth_cred_proc_ref(p);
	for (exception = FIRST_EXCEPTION; exception < EXC_TYPES_COUNT; exception++) {
		if (exception_mask & (1 << exception)) {
			MAC_CHECK(proc_check_set_host_exception_port, cred, exception);
			if (error)
				break;
		}
	}
	kauth_cred_unref(&cred);
	proc_rele(p);
	return (error);
}

void
mac_thread_userret(struct thread *td)
{

	MAC_PERFORM(thread_userret, td);
}
Commit	Line	Data
3e170ce0 A	1	/*
	2	* Copyright (c) 2015 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
	29	#include <mach/exception_types.h>
	30	#include <mach/mach_types.h>
	31	#include <sys/param.h>
	32	#include <sys/user.h>
	33	#include <sys/proc.h>
	34	#include <sys/proc_internal.h>
	35	#include <sys/kauth.h>
	36	#include <kern/task.h>
	37
	38	#include <security/mac_framework.h>
	39	#include <security/mac_internal.h>
	40	#include <security/mac_mach_internal.h>
	41
	42	static struct proc *
	43	mac_task_get_proc(struct task *task)
	44	{
	45	if (task == current_task())
	46	return proc_self();
	47
	48	/*
	49	* Tasks don't really hold a reference on a proc unless the
	50	* calling thread belongs to the task in question.
	51	*/
	52	int pid = task_pid(task);
	53	struct proc *p = proc_find(pid);
	54
	55	if (p != NULL) {
	56	if (proc_task(p) == task)
	57	return p;
	58	proc_rele(p);
	59	}
	60	return NULL;
	61	}
	62
	63	int
	64	mac_task_check_expose_task(struct task *task)
65	{
66	int error;
67
68	struct proc *p = mac_task_get_proc(task);
69	if (p == NULL)
70	return ESRCH;
71
72	struct ucred *cred = kauth_cred_get();
73	MAC_CHECK(proc_check_expose_task, cred, p);
74	proc_rele(p);
75	return (error);
76	}
77
78	int
79	mac_task_check_set_host_special_port(struct task task, int id, struct ipc_port port)
80	{
81	int error;
82
83	struct proc *p = mac_task_get_proc(task);
84	if (p == NULL)
85	return ESRCH;
86
87	kauth_cred_t cred = kauth_cred_proc_ref(p);
88	MAC_CHECK(proc_check_set_host_special_port, cred, id, port);
89	kauth_cred_unref(&cred);
90	proc_rele(p);
91	return (error);
92	}
93
94	int
95	mac_task_check_set_host_exception_port(struct task *task, unsigned int exception)
96	{
97	int error;
98
99	struct proc *p = mac_task_get_proc(task);
100	if (p == NULL)
101	return ESRCH;
102
103	kauth_cred_t cred = kauth_cred_proc_ref(p);
104	MAC_CHECK(proc_check_set_host_exception_port, cred, exception);
105	kauth_cred_unref(&cred);
106	proc_rele(p);
107	return (error);
108	}
109
110	int
111	mac_task_check_set_host_exception_ports(struct task *task, unsigned int exception_mask)
112	{
113	int error = 0;
114	int exception;
115
116	struct proc *p = mac_task_get_proc(task);
117	if (p == NULL)
118	return ESRCH;
119
120	kauth_cred_t cred = kauth_cred_proc_ref(p);
121	for (exception = FIRST_EXCEPTION; exception < EXC_TYPES_COUNT; exception++) {
122	if (exception_mask & (1 << exception)) {
123	MAC_CHECK(proc_check_set_host_exception_port, cred, exception);
124	if (error)
125	break;
126	}
127	}
128	kauth_cred_unref(&cred);
129	proc_rele(p);
130	return (error);
131	}
132
133	void
134	mac_thread_userret(struct thread *td)
135	{
136
137	MAC_PERFORM(thread_userret, td);
138	}
139