[apple/xnu.git] / osfmk / kern / audit_sessionport.c

/*
 * Copyright (c) 2008 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */
#include <mach/mach_types.h>
#include <mach/notify.h>
#include <ipc/ipc_port.h>
#include <kern/ipc_kobject.h>
#include <kern/audit_sessionport.h>

#if CONFIG_AUDIT
/*
 * audit_session_mksend
 *
 * Description: Obtain a send right for given audit session information. 
 *
 * Parameters:	*aia_p		Audit session information to assosiate with
 * 				the new port.
 * 		*sessionport	Pointer to the current session port.  This may
 * 				actually be set to IPC_PORT_NULL.
 *
 * Returns:	!NULL		Resulting send right.	
 * 		NULL		Failed to allocate port (due to lack of memory
 * 				resources).
 *
 * 		*sessionport	The session port that may have been allocated.
 *
 * Notes: On return, sendport will be set to the new send right on success,
 *	  or null/dead on error.
 */
ipc_port_t
audit_session_mksend(struct auditinfo_addr *aia_p, ipc_port_t *sessionport)
{
	ipc_port_t notifyport;
	ipc_port_t sendport = IPC_PORT_NULL;

	/*
	 * If we have an existing, active session port then use it. 
	 */
	sendport = ipc_port_make_send(*sessionport);
	if (IP_VALID(sendport)) {
		ip_lock(sendport);
		if (ip_active(sendport) && 
		    IKOT_AU_SESSIONPORT == ip_kotype(sendport)) {
			ip_unlock(sendport);
			return (sendport);
		}
		ip_unlock(sendport);
		ipc_port_release_send(sendport);
	}

	/*
	 * Otherwise, create a new one for this session.
	 */
	*sessionport = ipc_port_alloc_kernel();
	if (IP_VALID(*sessionport)) {
		ipc_kobject_set(*sessionport, (ipc_kobject_t)aia_p,
		    IKOT_AU_SESSIONPORT);

		/* Request a no-senders notification. */
		notifyport = ipc_port_make_sonce(*sessionport);
		ip_lock(*sessionport);
		/* unlocked by ipc_port_nsrequest */
		ipc_port_nsrequest(*sessionport, 1, notifyport, &notifyport);
	}
	sendport = ipc_port_make_send(*sessionport);

	return (sendport);
}


/*
 * audit_session_porttoaia
 *
 * Description: Obtain the audit session info associated with the given port.
 
 * Parameters: port		A Mach port.
 *
 * Returns:    NULL		The given Mach port did not reference audit
 * 				session info.
 *	       !NULL		The audit session info that is associated with
 *				the Mach port.
 *
 * Notes: The caller must have a reference on the sessionport.
 */
struct auditinfo_addr *
audit_session_porttoaia(ipc_port_t port)
{
	struct auditinfo_addr *aia_p = NULL;

	if (IP_VALID(port)) {
		ip_lock(port);
		if (ip_active(port) && IKOT_AU_SESSIONPORT == ip_kotype(port))
			aia_p = (struct auditinfo_addr *)port->ip_kobject;
		ip_unlock(port);
	} 

	return (aia_p);
}


/*
 * audit_session_nosenders
 *
 * Description: Handle a no-senders notification for a sessionport.
 *
 * Parameters: msg		A Mach no-senders notification message.
 *
 * Notes: It is possible that new send rights are created after a
 *	  no-senders notification has been sent (i.e. via audit_session_mksend).
 *	  We check the port's mscount against the notification's not_count
 *	  to detect when this happens, and re-arm the notification in that
 *	  case.
 *
 *	  In the normal case (no new senders), we first mark the port
 *	  as dying by setting its object type to IKOT_NONE so that
 *	  audit_session_mksend will no longer use it to create
 *	  additional send rights.  We can then safely call
 *	  audit_session_port_destroy with no locks.
 */
void
audit_session_nosenders(mach_msg_header_t *msg)
{
	mach_no_senders_notification_t *notification = (void *)msg;
	ipc_port_t port = notification->not_header.msgh_remote_port;
	ipc_port_t notifyport;
	struct auditinfo_addr *port_aia_p = NULL;

	if (!IP_VALID(port))
		return;
	ip_lock(port);
	if (ip_active(port) && IKOT_AU_SESSIONPORT == ip_kotype(port)) {
		port_aia_p = (struct auditinfo_addr *)port->ip_kobject;
		assert(NULL != port_aia_p);
		if (port->ip_mscount <= notification->not_count)
			ipc_kobject_set_atomically(port, IKO_NULL, IKOT_NONE);
		else {
			/* re-arm the notification */
			ip_unlock(port);
			notifyport = ipc_port_make_sonce(port);
			ip_lock(port);
			/* unlocked by ipc_port_nsrequest */
			ipc_port_nsrequest(port, port->ip_mscount, notifyport,
			    &notifyport);
			return;
		}
	}
	ip_unlock(port);
	if (NULL != port_aia_p)
		audit_session_portaiadestroy(port_aia_p);
	ipc_port_dealloc_kernel(port);
}
#endif /* CONFIG_AUDIT */
Commit	Line	Data
b0d623f7 A	1	/*
	2	* Copyright (c) 2008 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28	#include <mach/mach_types.h>
	29	#include <mach/notify.h>
	30	#include <ipc/ipc_port.h>
	31	#include <kern/ipc_kobject.h>
	32	#include <kern/audit_sessionport.h>
	33
	34	#if CONFIG_AUDIT
	35	/*
	36	* audit_session_mksend
	37	*
	38	* Description: Obtain a send right for given audit session information.
	39	*
	40	* Parameters: *aia_p Audit session information to assosiate with
	41	* the new port.
	42	* *sessionport Pointer to the current session port. This may
	43	* actually be set to IPC_PORT_NULL.
	44	*
	45	* Returns: !NULL Resulting send right.
	46	* NULL Failed to allocate port (due to lack of memory
	47	* resources).
	48	*
	49	* *sessionport The session port that may have been allocated.
	50	*
	51	* Notes: On return, sendport will be set to the new send right on success,
	52	* or null/dead on error.
	53	*/
	54	ipc_port_t
	55	audit_session_mksend(struct auditinfo_addr aia_p, ipc_port_t sessionport)
	56	{
	57	ipc_port_t notifyport;
	58	ipc_port_t sendport = IPC_PORT_NULL;
	59
	60	/*
	61	* If we have an existing, active session port then use it.
	62	*/
	63	sendport = ipc_port_make_send(*sessionport);
	64	if (IP_VALID(sendport)) {
65	ip_lock(sendport);
66	if (ip_active(sendport) &&
67	IKOT_AU_SESSIONPORT == ip_kotype(sendport)) {
68	ip_unlock(sendport);
69	return (sendport);
70	}
71	ip_unlock(sendport);
72	ipc_port_release_send(sendport);
73	}
74
75	/*
76	* Otherwise, create a new one for this session.
77	*/
78	*sessionport = ipc_port_alloc_kernel();
79	if (IP_VALID(*sessionport)) {
80	ipc_kobject_set(*sessionport, (ipc_kobject_t)aia_p,
81	IKOT_AU_SESSIONPORT);
82
83	/* Request a no-senders notification. */
84	notifyport = ipc_port_make_sonce(*sessionport);
85	ip_lock(*sessionport);
86	/* unlocked by ipc_port_nsrequest */
87	ipc_port_nsrequest(*sessionport, 1, notifyport, &notifyport);
88	}
89	sendport = ipc_port_make_send(*sessionport);
90
91	return (sendport);
92	}
93
94
95	/*
96	* audit_session_porttoaia
97	*
98	* Description: Obtain the audit session info associated with the given port.
99
100	* Parameters: port A Mach port.
101	*
102	* Returns: NULL The given Mach port did not reference audit
103	* session info.
104	* !NULL The audit session info that is associated with
105	* the Mach port.
106	*
107	* Notes: The caller must have a reference on the sessionport.
108	*/
109	struct auditinfo_addr *
110	audit_session_porttoaia(ipc_port_t port)
111	{
112	struct auditinfo_addr *aia_p = NULL;
113
114	if (IP_VALID(port)) {
115	ip_lock(port);
116	if (ip_active(port) && IKOT_AU_SESSIONPORT == ip_kotype(port))
117	aia_p = (struct auditinfo_addr *)port->ip_kobject;
118	ip_unlock(port);
119	}
120
121	return (aia_p);
122	}
123
124
125	/*
126	* audit_session_nosenders
127	*
128	* Description: Handle a no-senders notification for a sessionport.
129	*
130	* Parameters: msg A Mach no-senders notification message.
131	*
132	* Notes: It is possible that new send rights are created after a
133	* no-senders notification has been sent (i.e. via audit_session_mksend).
134	* We check the port's mscount against the notification's not_count
135	* to detect when this happens, and re-arm the notification in that
136	* case.
137	*
138	* In the normal case (no new senders), we first mark the port
139	* as dying by setting its object type to IKOT_NONE so that
140	* audit_session_mksend will no longer use it to create
141	* additional send rights. We can then safely call
142	* audit_session_port_destroy with no locks.
143	*/
144	void
145	audit_session_nosenders(mach_msg_header_t *msg)
146	{
147	mach_no_senders_notification_t notification = (void )msg;
148	ipc_port_t port = notification->not_header.msgh_remote_port;
149	ipc_port_t notifyport;
150	struct auditinfo_addr *port_aia_p = NULL;
151
152	if (!IP_VALID(port))
153	return;
154	ip_lock(port);
155	if (ip_active(port) && IKOT_AU_SESSIONPORT == ip_kotype(port)) {
156	port_aia_p = (struct auditinfo_addr *)port->ip_kobject;
157	assert(NULL != port_aia_p);
158	if (port->ip_mscount <= notification->not_count)
159	ipc_kobject_set_atomically(port, IKO_NULL, IKOT_NONE);
160	else {
161	/* re-arm the notification */
162	ip_unlock(port);
163	notifyport = ipc_port_make_sonce(port);
164	ip_lock(port);
165	/* unlocked by ipc_port_nsrequest */
166	ipc_port_nsrequest(port, port->ip_mscount, notifyport,
167	&notifyport);
168	return;
169	}
170	}
171	ip_unlock(port);
172	if (NULL != port_aia_p)
173	audit_session_portaiadestroy(port_aia_p);
174	ipc_port_dealloc_kernel(port);
175	}
176	#endif /* CONFIG_AUDIT */