]> git.saurik.com Git - apple/xnu.git/blame_incremental - bsd/sys/kauth.h
projects / apple / xnu.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
xnu-7195.101.1.tar.gz
[apple/xnu.git] / bsd / sys / kauth.h
... / ...
CommitLineData
1/*
2 * Copyright (c) 2004-2010 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28/*
29 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
30 * support for mandatory and extensible security protections. This notice
31 * is included in support of clause 2.2 (b) of the Apple Public License,
32 * Version 2.0.
33 */
34
35#ifndef _SYS_KAUTH_H
36#define _SYS_KAUTH_H
37
38#include <sys/appleapiopts.h>
39#include <sys/cdefs.h>
40#include <mach/boolean.h>
41#include <machine/types.h> /* u_int8_t, etc. */
42#include <sys/_types.h> /* __offsetof() */
43#include <sys/_types/_uid_t.h> /* uid_t */
44#include <sys/_types/_gid_t.h> /* gid_t */
45#include <sys/syslimits.h> /* NGROUPS_MAX */
46
47#ifdef __APPLE_API_EVOLVING
48
49/*
50 * Identities.
51 */
52
53#define KAUTH_UID_NONE (~(uid_t)0 - 100) /* not a valid UID */
54#define KAUTH_GID_NONE (~(gid_t)0 - 100) /* not a valid GID */
55
56#include <sys/_types/_guid_t.h>
57
58/* NT Security Identifier, structure as defined by Microsoft */
59#pragma pack(1) /* push packing of 1 byte */
60typedef struct {
61 u_int8_t sid_kind;
62 u_int8_t sid_authcount;
63 u_int8_t sid_authority[6];
64#define KAUTH_NTSID_MAX_AUTHORITIES 16
65 u_int32_t sid_authorities[KAUTH_NTSID_MAX_AUTHORITIES];
66} ntsid_t;
67#pragma pack() /* pop packing to previous packing level */
68#define _NTSID_T
69
70/* valid byte count inside a SID structure */
71#define KAUTH_NTSID_HDRSIZE (8)
72#define KAUTH_NTSID_SIZE(_s) (KAUTH_NTSID_HDRSIZE + ((_s)->sid_authcount * sizeof(u_int32_t)))
73
74/*
75 * External lookup message payload; this structure is shared between the
76 * kernel group membership resolver, and the user space group membership
77 * resolver daemon, and is use to communicate resolution requests from the
78 * kernel to user space, and the result of that request from user space to
79 * the kernel.
80 */
81struct kauth_identity_extlookup {
82 u_int32_t el_seqno; /* request sequence number */
83 u_int32_t el_result; /* lookup result */
84#define KAUTH_EXTLOOKUP_SUCCESS 0 /* results here are good */
85#define KAUTH_EXTLOOKUP_BADRQ 1 /* request badly formatted */
86#define KAUTH_EXTLOOKUP_FAILURE 2 /* transient failure during lookup */
87#define KAUTH_EXTLOOKUP_FATAL 3 /* permanent failure during lookup */
88#define KAUTH_EXTLOOKUP_INPROG 100 /* request in progress */
89 u_int32_t el_flags;
90#define KAUTH_EXTLOOKUP_VALID_UID (1<<0)
91#define KAUTH_EXTLOOKUP_VALID_UGUID (1<<1)
92#define KAUTH_EXTLOOKUP_VALID_USID (1<<2)
93#define KAUTH_EXTLOOKUP_VALID_GID (1<<3)
94#define KAUTH_EXTLOOKUP_VALID_GGUID (1<<4)
95#define KAUTH_EXTLOOKUP_VALID_GSID (1<<5)
96#define KAUTH_EXTLOOKUP_WANT_UID (1<<6)
97#define KAUTH_EXTLOOKUP_WANT_UGUID (1<<7)
98#define KAUTH_EXTLOOKUP_WANT_USID (1<<8)
99#define KAUTH_EXTLOOKUP_WANT_GID (1<<9)
100#define KAUTH_EXTLOOKUP_WANT_GGUID (1<<10)
101#define KAUTH_EXTLOOKUP_WANT_GSID (1<<11)
102#define KAUTH_EXTLOOKUP_WANT_MEMBERSHIP (1<<12)
103#define KAUTH_EXTLOOKUP_VALID_MEMBERSHIP (1<<13)
104#define KAUTH_EXTLOOKUP_ISMEMBER (1<<14)
105#define KAUTH_EXTLOOKUP_VALID_PWNAM (1<<15)
106#define KAUTH_EXTLOOKUP_WANT_PWNAM (1<<16)
107#define KAUTH_EXTLOOKUP_VALID_GRNAM (1<<17)
108#define KAUTH_EXTLOOKUP_WANT_GRNAM (1<<18)
109#define KAUTH_EXTLOOKUP_VALID_SUPGRPS (1<<19)
110#define KAUTH_EXTLOOKUP_WANT_SUPGRPS (1<<20)
111
112 __darwin_pid_t el_info_pid; /* request on behalf of PID */
113 u_int64_t el_extend; /* extension field */
114 u_int32_t el_info_reserved_1; /* reserved (APPLE) */
115
116 uid_t el_uid; /* user ID */
117 guid_t el_uguid; /* user GUID */
118 u_int32_t el_uguid_valid; /* TTL on translation result (seconds) */
119 ntsid_t el_usid; /* user NT SID */
120 u_int32_t el_usid_valid; /* TTL on translation result (seconds) */
121 gid_t el_gid; /* group ID */
122 guid_t el_gguid; /* group GUID */
123 u_int32_t el_gguid_valid; /* TTL on translation result (seconds) */
124 ntsid_t el_gsid; /* group SID */
125 u_int32_t el_gsid_valid; /* TTL on translation result (seconds) */
126 u_int32_t el_member_valid; /* TTL on group lookup result */
127 u_int32_t el_sup_grp_cnt; /* count of supplemental groups up to NGROUPS */
128 gid_t el_sup_groups[NGROUPS_MAX]; /* supplemental group list */
129};
130
131struct kauth_cache_sizes {
132 u_int32_t kcs_group_size;
133 u_int32_t kcs_id_size;
134};
135
136#define KAUTH_EXTLOOKUP_REGISTER (0)
137#define KAUTH_EXTLOOKUP_RESULT (1<<0)
138#define KAUTH_EXTLOOKUP_WORKER (1<<1)
139#define KAUTH_EXTLOOKUP_DEREGISTER (1<<2)
140#define KAUTH_GET_CACHE_SIZES (1<<3)
141#define KAUTH_SET_CACHE_SIZES (1<<4)
142#define KAUTH_CLEAR_CACHES (1<<5)
143
144#define IDENTITYSVC_ENTITLEMENT "com.apple.private.identitysvc"
145
146
147#ifdef KERNEL
148/*
149 * Credentials.
150 */
151
152#if 0
153/*
154 * Supplemental credential data.
155 *
156 * This interface allows us to associate arbitrary data with a credential.
157 * As with the credential, the data is considered immutable.
158 */
159struct kauth_cred_supplement {
160 TAILQ_ENTRY(kauth_cred_supplement) kcs_link;
161
162 int kcs_ref; /* reference count */
163 int kcs_id; /* vended identifier */
164 size_t kcs_size; /* size of data field */
165 char kcs_data[0];
166};
167
168typedef struct kauth_cred_supplement *kauth_cred_supplement_t;
169
170struct kauth_cred {
171 TAILQ_ENTRY(kauth_cred) kc_link;
172
173 int kc_ref; /* reference count */
174 uid_t kc_uid; /* effective user id */
175 uid_t kc_ruid; /* real user id */
176 uid_t kc_svuid; /* saved user id */
177 gid_t kc_gid; /* effective group id */
178 gid_t kc_rgid; /* real group id */
179 gid_t kc_svgid; /* saved group id */
180
181 int kc_flags;
182#define KAUTH_CRED_GRPOVERRIDE (1<<0) /* private group list is authoritative */
183
184 int kc_npvtgroups; /* private group list, advisory or authoritative */
185 gid_t kc_pvtgroups[NGROUPS]; /* based on KAUTH_CRED_GRPOVERRIDE flag */
186
187 int kc_nsuppgroups; /* supplementary group list */
188 gid_t *kc_suppgroups;
189
190 int kc_nwhtgroups; /* whiteout group list */
191 gid_t *kc_whtgroups;
192
193 struct au_session cr_audit; /* user auditing data */
194
195 int kc_nsupplement; /* entry count in supplemental data pointer array */
196 kauth_cred_supplement_t *kc_supplement;
197};
198#else
199
200/* XXX just for now */
201#include <sys/ucred.h>
202// typedef struct ucred *kauth_cred_t;
203#endif
204
205/* Kernel SPI for now */
206__BEGIN_DECLS
207/*
208 * Routines specific to credentials with POSIX credential labels attached
209 *
210 * XXX Should be in policy_posix.h, with struct posix_cred
211 */
212extern kauth_cred_t posix_cred_create(posix_cred_t pcred);
213extern posix_cred_t posix_cred_get(kauth_cred_t cred);
214extern void posix_cred_label(kauth_cred_t cred, posix_cred_t pcred);
215extern int posix_cred_access(kauth_cred_t cred, id_t object_uid, id_t object_gid, mode_t object_mode, mode_t mode_req);
216
217extern uid_t kauth_getuid(void);
218extern uid_t kauth_getruid(void);
219extern gid_t kauth_getgid(void);
220extern kauth_cred_t kauth_cred_get(void);
221extern kauth_cred_t kauth_cred_get_with_ref(void);
222extern kauth_cred_t kauth_cred_proc_ref(proc_t procp);
223extern kauth_cred_t kauth_cred_create(kauth_cred_t cred);
224extern void kauth_cred_ref(kauth_cred_t _cred);
225#ifndef __LP64__
226/* Use kauth_cred_unref(), not kauth_cred_rele() */
227extern void kauth_cred_rele(kauth_cred_t _cred) __deprecated;
228#endif
229extern void kauth_cred_unref(kauth_cred_t *_cred);
230
231#if CONFIG_MACF
232struct label;
233extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, struct label *label);
234extern int kauth_proc_label_update(struct proc *p, struct label *label);
235#else
236/* this is a temp hack to cover us when MAC is not built in a kernel configuration.
237 * Since we cannot build our export list based on the kernel configuration we need
238 * to define a stub.
239 */
240extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, void *label);
241extern int kauth_proc_label_update(struct proc *p, void *label);
242#endif
243
244__deprecated_msg("Unsafe interface: requires lock holds that aren't exposed")
245extern kauth_cred_t kauth_cred_find(kauth_cred_t cred);
246extern uid_t kauth_cred_getuid(kauth_cred_t _cred);
247extern uid_t kauth_cred_getruid(kauth_cred_t _cred);
248extern uid_t kauth_cred_getsvuid(kauth_cred_t _cred);
249extern gid_t kauth_cred_getgid(kauth_cred_t _cred);
250extern gid_t kauth_cred_getrgid(kauth_cred_t _cred);
251extern gid_t kauth_cred_getsvgid(kauth_cred_t _cred);
252extern int kauth_cred_pwnam2guid(char *pwnam, guid_t *guidp);
253extern int kauth_cred_grnam2guid(char *grnam, guid_t *guidp);
254extern int kauth_cred_guid2pwnam(guid_t *guidp, char *pwnam);
255extern int kauth_cred_guid2grnam(guid_t *guidp, char *grnam);
256extern int kauth_cred_guid2uid(guid_t *_guid, uid_t *_uidp);
257extern int kauth_cred_guid2gid(guid_t *_guid, gid_t *_gidp);
258extern int kauth_cred_ntsid2uid(ntsid_t *_sid, uid_t *_uidp);
259extern int kauth_cred_ntsid2gid(ntsid_t *_sid, gid_t *_gidp);
260extern int kauth_cred_ntsid2guid(ntsid_t *_sid, guid_t *_guidp);
261extern int kauth_cred_uid2guid(uid_t _uid, guid_t *_guidp);
262extern int kauth_cred_getguid(kauth_cred_t _cred, guid_t *_guidp);
263extern int kauth_cred_gid2guid(gid_t _gid, guid_t *_guidp);
264extern int kauth_cred_uid2ntsid(uid_t _uid, ntsid_t *_sidp);
265extern int kauth_cred_getntsid(kauth_cred_t _cred, ntsid_t *_sidp);
266extern int kauth_cred_gid2ntsid(gid_t _gid, ntsid_t *_sidp);
267extern int kauth_cred_guid2ntsid(guid_t *_guid, ntsid_t *_sidp);
268extern int kauth_cred_ismember_gid(kauth_cred_t _cred, gid_t _gid, int *_resultp);
269extern int kauth_cred_ismember_guid(kauth_cred_t _cred, guid_t *_guidp, int *_resultp);
270extern int kauth_cred_nfs4domain2dsnode(char *nfs4domain, char *dsnode);
271extern int kauth_cred_dsnode2nfs4domain(char *dsnode, char *nfs4domain);
272
273extern int groupmember(gid_t gid, kauth_cred_t cred);
274
275/* currently only exported in unsupported for use by seatbelt */
276extern int kauth_cred_issuser(kauth_cred_t _cred);
277
278
279/* GUID, NTSID helpers */
280extern guid_t kauth_null_guid;
281extern int kauth_guid_equal(guid_t *_guid1, guid_t *_guid2);
282#ifdef XNU_KERNEL_PRIVATE
283extern int kauth_ntsid_equal(ntsid_t *_sid1, ntsid_t *_sid2);
284
285extern int kauth_wellknown_guid(guid_t *_guid);
286#define KAUTH_WKG_NOT 0 /* not a well-known GUID */
287#define KAUTH_WKG_OWNER 1
288#define KAUTH_WKG_GROUP 2
289#define KAUTH_WKG_NOBODY 3
290#define KAUTH_WKG_EVERYBODY 4
291
292extern gid_t kauth_getrgid(void);
293extern int cantrace(proc_t cur_procp, kauth_cred_t creds, proc_t traced_procp, int *errp);
294extern kauth_cred_t kauth_cred_copy_real(kauth_cred_t cred);
295extern kauth_cred_t kauth_cred_setresuid(kauth_cred_t cred, uid_t ruid, uid_t euid, uid_t svuid, uid_t gmuid);
296extern kauth_cred_t kauth_cred_setresgid(kauth_cred_t cred, gid_t rgid, gid_t egid, gid_t svgid);
297extern kauth_cred_t kauth_cred_setuidgid(kauth_cred_t cred, uid_t uid, gid_t gid);
298extern kauth_cred_t kauth_cred_setsvuidgid(kauth_cred_t cred, uid_t uid, gid_t gid);
299extern kauth_cred_t kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, size_t groupcount, uid_t gmuid);
300struct uthread;
301extern void kauth_cred_uthread_update(struct uthread *, proc_t);
302#ifdef CONFIG_MACF
303extern void kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, off_t offset, struct vnode *scriptvp, struct label *scriptlabel, struct label *execlabel, unsigned int *csflags, void *psattr, int *disjoint, int *update_return);
304#endif
305extern int kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, size_t *_groupcount);
306extern int kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp);
307struct auditinfo_addr;
308extern kauth_cred_t kauth_cred_setauditinfo(kauth_cred_t, au_session_t *);
309extern int kauth_cred_supplementary_register(const char *name, int *ident);
310extern int kauth_cred_supplementary_add(kauth_cred_t cred, int ident, const void *data, size_t datasize);
311extern int kauth_cred_supplementary_remove(kauth_cred_t cred, int ident);
312
313#endif /* XNU_KERNEL_PRIVATE */
314__END_DECLS
315
316#endif /* KERNEL */
317
318/*
319 * Generic Access Control Lists.
320 */
321#if defined(KERNEL) || defined (_SYS_ACL_H)
322
323typedef u_int32_t kauth_ace_rights_t;
324
325/* Access Control List Entry (ACE) */
326struct kauth_ace {
327 guid_t ace_applicable;
328 u_int32_t ace_flags;
329#define KAUTH_ACE_KINDMASK 0xf
330#define KAUTH_ACE_PERMIT 1
331#define KAUTH_ACE_DENY 2
332#define KAUTH_ACE_AUDIT 3 /* not implemented */
333#define KAUTH_ACE_ALARM 4 /* not implemented */
334#define KAUTH_ACE_INHERITED (1<<4)
335#define KAUTH_ACE_FILE_INHERIT (1<<5)
336#define KAUTH_ACE_DIRECTORY_INHERIT (1<<6)
337#define KAUTH_ACE_LIMIT_INHERIT (1<<7)
338#define KAUTH_ACE_ONLY_INHERIT (1<<8)
339#define KAUTH_ACE_SUCCESS (1<<9) /* not implemented (AUDIT/ALARM) */
340#define KAUTH_ACE_FAILURE (1<<10) /* not implemented (AUDIT/ALARM) */
341/* All flag bits controlling ACE inheritance */
342#define KAUTH_ACE_INHERIT_CONTROL_FLAGS \
343 (KAUTH_ACE_FILE_INHERIT | \
344 KAUTH_ACE_DIRECTORY_INHERIT | \
345 KAUTH_ACE_LIMIT_INHERIT | \
346 KAUTH_ACE_ONLY_INHERIT)
347 kauth_ace_rights_t ace_rights; /* scope specific */
348 /* These rights are never tested, but may be present in an ACL */
349#define KAUTH_ACE_GENERIC_ALL (1<<21)
350#define KAUTH_ACE_GENERIC_EXECUTE (1<<22)
351#define KAUTH_ACE_GENERIC_WRITE (1<<23)
352#define KAUTH_ACE_GENERIC_READ (1<<24)
353};
354
355#ifndef _KAUTH_ACE
356#define _KAUTH_ACE
357typedef struct kauth_ace *kauth_ace_t;
358#endif
359
360
361/* Access Control List */
362struct kauth_acl {
363 u_int32_t acl_entrycount;
364 u_int32_t acl_flags;
365
366 struct kauth_ace acl_ace[1];
367};
368
369/*
370 * XXX this value needs to be raised - 3893388
371 */
372#define KAUTH_ACL_MAX_ENTRIES 128
373
374/*
375 * The low 16 bits of the flags field are reserved for filesystem
376 * internal use and must be preserved by all APIs. This includes
377 * round-tripping flags through user-space interfaces.
378 */
379#define KAUTH_ACL_FLAGS_PRIVATE (0xffff)
380
381/*
382 * The high 16 bits of the flags are used to store attributes and
383 * to request specific handling of the ACL.
384 */
385
386/* inheritance will be deferred until the first rename operation */
387#define KAUTH_ACL_DEFER_INHERIT (1<<16)
388/* this ACL must not be overwritten as part of an inheritance operation */
389#define KAUTH_ACL_NO_INHERIT (1<<17)
390
391/* acl_entrycount that tells us the ACL is not valid */
392#define KAUTH_FILESEC_NOACL ((u_int32_t)(-1))
393
394/*
395 * If the acl_entrycount field is KAUTH_FILESEC_NOACL, then the size is the
396 * same as a kauth_acl structure; the intent is to put an actual entrycount of
397 * KAUTH_FILESEC_NOACL on disk to distinguish a kauth_filesec_t with an empty
398 * entry (Windows treats this as "deny all") from one that merely indicates a
399 * file group and/or owner guid values.
400 */
401#define KAUTH_ACL_SIZE(c) (__offsetof(struct kauth_acl, acl_ace) + ((u_int32_t)(c) != KAUTH_FILESEC_NOACL ? ((c) * sizeof(struct kauth_ace)) : 0))
402#define KAUTH_ACL_COPYSIZE(p) KAUTH_ACL_SIZE((p)->acl_entrycount)
403
404
405#ifndef _KAUTH_ACL
406#define _KAUTH_ACL
407typedef struct kauth_acl *kauth_acl_t;
408#endif
409
410#ifdef KERNEL
411__BEGIN_DECLS
412kauth_acl_t kauth_acl_alloc(int size);
413void kauth_acl_free(kauth_acl_t fsp);
414__END_DECLS
415#endif
416
417
418/*
419 * Extended File Security.
420 */
421
422/* File Security information */
423struct kauth_filesec {
424 u_int32_t fsec_magic;
425#define KAUTH_FILESEC_MAGIC 0x012cc16d
426 guid_t fsec_owner;
427 guid_t fsec_group;
428
429 struct kauth_acl fsec_acl;
430};
431
432/* backwards compatibility */
433#define fsec_entrycount fsec_acl.acl_entrycount
434#define fsec_flags fsec_acl.acl_flags
435#define fsec_ace fsec_acl.acl_ace
436#define KAUTH_FILESEC_FLAGS_PRIVATE KAUTH_ACL_FLAGS_PRIVATE
437#define KAUTH_FILESEC_DEFER_INHERIT KAUTH_ACL_DEFER_INHERIT
438#define KAUTH_FILESEC_NO_INHERIT KAUTH_ACL_NO_INHERIT
439#define KAUTH_FILESEC_NONE ((kauth_filesec_t)0)
440#define KAUTH_FILESEC_WANTED ((kauth_filesec_t)1)
441
442#ifndef _KAUTH_FILESEC
443#define _KAUTH_FILESEC
444typedef struct kauth_filesec *kauth_filesec_t;
445#endif
446
447#define KAUTH_FILESEC_SIZE(c) (__offsetof(struct kauth_filesec, fsec_acl) + __offsetof(struct kauth_acl, acl_ace) + (c) * sizeof(struct kauth_ace))
448#define KAUTH_FILESEC_COPYSIZE(p) KAUTH_FILESEC_SIZE(((p)->fsec_entrycount == KAUTH_FILESEC_NOACL) ? 0 : (p)->fsec_entrycount)
449#define KAUTH_FILESEC_COUNT(s) (((s) - KAUTH_FILESEC_SIZE(0)) / sizeof(struct kauth_ace))
450#define KAUTH_FILESEC_VALID(s) ((s) >= KAUTH_FILESEC_SIZE(0) && (((s) - KAUTH_FILESEC_SIZE(0)) % sizeof(struct kauth_ace)) == 0)
451
452#define KAUTH_FILESEC_XATTR "com.apple.system.Security"
453
454/* Allowable first arguments to kauth_filesec_acl_setendian() */
455#define KAUTH_ENDIAN_HOST 0x00000001 /* set host endianness */
456#define KAUTH_ENDIAN_DISK 0x00000002 /* set disk endianness */
457
458#endif /* KERNEL || <sys/acl.h> */
459
460
461#ifdef KERNEL
462
463
464/*
465 * Scope management.
466 */
467struct kauth_scope;
468typedef struct kauth_scope *kauth_scope_t;
469struct kauth_listener;
470typedef struct kauth_listener *kauth_listener_t;
471#ifndef _KAUTH_ACTION_T
472typedef int kauth_action_t;
473# define _KAUTH_ACTION_T
474#endif
475
476typedef int (* kauth_scope_callback_t)(kauth_cred_t _credential,
477 void *_idata,
478 kauth_action_t _action,
479 uintptr_t _arg0,
480 uintptr_t _arg1,
481 uintptr_t _arg2,
482 uintptr_t _arg3);
483
484#define KAUTH_RESULT_ALLOW (1)
485#define KAUTH_RESULT_DENY (2)
486#define KAUTH_RESULT_DEFER (3)
487
488struct kauth_acl_eval {
489 kauth_ace_t ae_acl;
490 int ae_count;
491 kauth_ace_rights_t ae_requested;
492 kauth_ace_rights_t ae_residual;
493 int ae_result;
494 boolean_t ae_found_deny;
495 int ae_options;
496#define KAUTH_AEVAL_IS_OWNER (1<<0) /* authorizing operation for owner */
497#define KAUTH_AEVAL_IN_GROUP (1<<1) /* authorizing operation for groupmember */
498#define KAUTH_AEVAL_IN_GROUP_UNKNOWN (1<<2) /* authorizing operation for unknown group membership */
499 /* expansions for 'generic' rights bits */
500 kauth_ace_rights_t ae_exp_gall;
501 kauth_ace_rights_t ae_exp_gread;
502 kauth_ace_rights_t ae_exp_gwrite;
503 kauth_ace_rights_t ae_exp_gexec;
504};
505
506typedef struct kauth_acl_eval *kauth_acl_eval_t;
507
508__BEGIN_DECLS
509kauth_filesec_t kauth_filesec_alloc(int size);
510void kauth_filesec_free(kauth_filesec_t fsp);
511extern kauth_scope_t kauth_register_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata);
512extern void kauth_deregister_scope(kauth_scope_t _scope);
513__kpi_deprecated("Use EndpointSecurity instead")
514extern kauth_listener_t kauth_listen_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata);
515__kpi_deprecated("Use EndpointSecurity instead")
516extern void kauth_unlisten_scope(kauth_listener_t _scope);
517extern int kauth_authorize_action(kauth_scope_t _scope, kauth_cred_t _credential, kauth_action_t _action,
518 uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
519
520/* default scope handlers */
521extern int kauth_authorize_allow(kauth_cred_t _credential, void *_idata, kauth_action_t _action,
522 uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
523
524
525#ifdef XNU_KERNEL_PRIVATE
526void kauth_filesec_acl_setendian(int, kauth_filesec_t, kauth_acl_t);
527int kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp);
528extern int kauth_acl_evaluate(kauth_cred_t _credential, kauth_acl_eval_t _eval);
529extern int kauth_acl_inherit(vnode_t _dvp, kauth_acl_t _initial, kauth_acl_t *_product, int _isdir, vfs_context_t _ctx);
530
531#endif /* XNU_KERNEL_PRIVATE */
532
533
534__END_DECLS
535
536/*
537 * Generic scope.
538 */
539#define KAUTH_SCOPE_GENERIC "com.apple.kauth.generic"
540
541/* Actions */
542#define KAUTH_GENERIC_ISSUSER 1
543
544#ifdef XNU_KERNEL_PRIVATE
545__BEGIN_DECLS
546extern int kauth_authorize_generic(kauth_cred_t credential, kauth_action_t action);
547__END_DECLS
548#endif /* XNU_KERNEL_PRIVATE */
549
550/*
551 * Process/task scope.
552 */
553#define KAUTH_SCOPE_PROCESS "com.apple.kauth.process"
554
555/* Actions */
556#define KAUTH_PROCESS_CANSIGNAL 1
557#define KAUTH_PROCESS_CANTRACE 2
558
559__BEGIN_DECLS
560extern int kauth_authorize_process(kauth_cred_t _credential, kauth_action_t _action,
561 struct proc *_process, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
562__END_DECLS
563
564/*
565 * Vnode operation scope.
566 *
567 * Prototype for vnode_authorize is in vnode.h
568 */
569#define KAUTH_SCOPE_VNODE "com.apple.kauth.vnode"
570
571/*
572 * File system operation scope.
573 *
574 */
575#define KAUTH_SCOPE_FILEOP "com.apple.kauth.fileop"
576
577/* Actions */
578#define KAUTH_FILEOP_OPEN 1
579#define KAUTH_FILEOP_CLOSE 2
580#define KAUTH_FILEOP_RENAME 3
581#define KAUTH_FILEOP_EXCHANGE 4
582#define KAUTH_FILEOP_LINK 5
583#define KAUTH_FILEOP_EXEC 6
584#define KAUTH_FILEOP_DELETE 7
585#define KAUTH_FILEOP_WILL_RENAME 8
586
587/*
588 * arguments passed to KAUTH_FILEOP_OPEN listeners
589 * arg0 is pointer to vnode (vnode *) for given user path.
590 * arg1 is pointer to path (char *) passed in to open.
591 * arguments passed to KAUTH_FILEOP_CLOSE listeners
592 * arg0 is pointer to vnode (vnode *) for file to be closed.
593 * arg1 is pointer to path (char *) of file to be closed.
594 * arg2 is close flags.
595 * arguments passed to KAUTH_FILEOP_WILL_RENAME listeners
596 * arg0 is pointer to vnode (vnode *) of the file being renamed
597 * arg1 is pointer to the "from" path (char *)
598 * arg2 is pointer to the "to" path (char *)
599 * arguments passed to KAUTH_FILEOP_RENAME listeners
600 * arg0 is pointer to "from" path (char *).
601 * arg1 is pointer to "to" path (char *).
602 * arguments passed to KAUTH_FILEOP_EXCHANGE listeners
603 * arg0 is pointer to file 1 path (char *).
604 * arg1 is pointer to file 2 path (char *).
605 * arguments passed to KAUTH_FILEOP_LINK listeners
606 * arg0 is pointer to path to file we are linking to (char *).
607 * arg1 is pointer to path to the new link file (char *).
608 * arguments passed to KAUTH_FILEOP_EXEC listeners
609 * arg0 is pointer to vnode (vnode *) for executable.
610 * arg1 is pointer to path (char *) to executable.
611 * arguments passed to KAUTH_FILEOP_DELETE listeners
612 * arg0 is pointer to vnode (vnode *) of file/dir that was deleted.
613 * arg1 is pointer to path (char *) of file/dir that was deleted.
614 */
615
616/* Flag values returned to close listeners. */
617#define KAUTH_FILEOP_CLOSE_MODIFIED (1<<1)
618
619__BEGIN_DECLS
620#ifdef XNU_KERNEL_PRIVATE
621extern int kauth_authorize_fileop_has_listeners(void);
622#endif /* XNU_KERNEL_PRIVATE */
623extern int kauth_authorize_fileop(kauth_cred_t _credential, kauth_action_t _action,
624 uintptr_t _arg0, uintptr_t _arg1);
625__END_DECLS
626
627#endif /* KERNEL */
628
629/* Actions, also rights bits in an ACE */
630
631#if defined(KERNEL) || defined (_SYS_ACL_H)
632#define KAUTH_VNODE_READ_DATA (1U<<1)
633#define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA
634#define KAUTH_VNODE_WRITE_DATA (1U<<2)
635#define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA
636#define KAUTH_VNODE_EXECUTE (1U<<3)
637#define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE
638#define KAUTH_VNODE_DELETE (1U<<4)
639#define KAUTH_VNODE_APPEND_DATA (1U<<5)
640#define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA
641#define KAUTH_VNODE_DELETE_CHILD (1U<<6)
642#define KAUTH_VNODE_READ_ATTRIBUTES (1U<<7)
643#define KAUTH_VNODE_WRITE_ATTRIBUTES (1U<<8)
644#define KAUTH_VNODE_READ_EXTATTRIBUTES (1U<<9)
645#define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1U<<10)
646#define KAUTH_VNODE_READ_SECURITY (1U<<11)
647#define KAUTH_VNODE_WRITE_SECURITY (1U<<12)
648#define KAUTH_VNODE_TAKE_OWNERSHIP (1U<<13)
649
650/* backwards compatibility only */
651#define KAUTH_VNODE_CHANGE_OWNER KAUTH_VNODE_TAKE_OWNERSHIP
652
653/* For Windows interoperability only */
654#define KAUTH_VNODE_SYNCHRONIZE (1U<<20)
655
656/* (1<<21) - (1<<24) are reserved for generic rights bits */
657
658/* Actions not expressed as rights bits */
659/*
660 * Authorizes the vnode as the target of a hard link.
661 */
662#define KAUTH_VNODE_LINKTARGET (1U<<25)
663
664/*
665 * Indicates that other steps have been taken to authorise the action,
666 * but authorisation should be denied for immutable objects.
667 */
668#define KAUTH_VNODE_CHECKIMMUTABLE (1U<<26)
669
670/* Action modifiers */
671/*
672 * The KAUTH_VNODE_ACCESS bit is passed to the callback if the authorisation
673 * request in progress is advisory, rather than authoritative. Listeners
674 * performing consequential work (i.e. not strictly checking authorisation)
675 * may test this flag to avoid performing unnecessary work.
676 *
677 * This bit will never be present in an ACE.
678 */
679#define KAUTH_VNODE_ACCESS (1U<<31)
680
681/*
682 * The KAUTH_VNODE_NOIMMUTABLE bit is passed to the callback along with the
683 * KAUTH_VNODE_WRITE_SECURITY bit (and no others) to indicate that the
684 * caller wishes to change one or more of the immutable flags, and the
685 * state of these flags should not be considered when authorizing the request.
686 * The system immutable flags are only ignored when the system securelevel
687 * is low enough to allow their removal.
688 */
689#define KAUTH_VNODE_NOIMMUTABLE (1U<<30)
690
691
692/*
693 * fake right that is composed by the following...
694 * vnode must have search for owner, group and world allowed
695 * plus there must be no deny modes present for SEARCH... this fake
696 * right is used by the fast lookup path to avoid checking
697 * for an exact match on the last credential to lookup
698 * the component being acted on
699 */
700#define KAUTH_VNODE_SEARCHBYANYONE (1U<<29)
701
702
703/*
704 * when passed as an 'action' to "vnode_uncache_authorized_actions"
705 * it indicates that all of the cached authorizations for that
706 * vnode should be invalidated
707 */
708#define KAUTH_INVALIDATE_CACHED_RIGHTS ((kauth_action_t)~0)
709
710
711
712/* The expansions of the GENERIC bits at evaluation time */
713#define KAUTH_VNODE_GENERIC_READ_BITS (KAUTH_VNODE_READ_DATA | \
714 KAUTH_VNODE_READ_ATTRIBUTES | \
715 KAUTH_VNODE_READ_EXTATTRIBUTES | \
716 KAUTH_VNODE_READ_SECURITY)
717
718#define KAUTH_VNODE_GENERIC_WRITE_BITS (KAUTH_VNODE_WRITE_DATA | \
719 KAUTH_VNODE_APPEND_DATA | \
720 KAUTH_VNODE_DELETE | \
721 KAUTH_VNODE_DELETE_CHILD | \
722 KAUTH_VNODE_WRITE_ATTRIBUTES | \
723 KAUTH_VNODE_WRITE_EXTATTRIBUTES | \
724 KAUTH_VNODE_WRITE_SECURITY)
725
726#define KAUTH_VNODE_GENERIC_EXECUTE_BITS (KAUTH_VNODE_EXECUTE)
727
728#define KAUTH_VNODE_GENERIC_ALL_BITS (KAUTH_VNODE_GENERIC_READ_BITS | \
729 KAUTH_VNODE_GENERIC_WRITE_BITS | \
730 KAUTH_VNODE_GENERIC_EXECUTE_BITS)
731
732/*
733 * Some sets of bits, defined here for convenience.
734 */
735#define KAUTH_VNODE_WRITE_RIGHTS (KAUTH_VNODE_ADD_FILE | \
736 KAUTH_VNODE_ADD_SUBDIRECTORY | \
737 KAUTH_VNODE_DELETE_CHILD | \
738 KAUTH_VNODE_WRITE_DATA | \
739 KAUTH_VNODE_APPEND_DATA | \
740 KAUTH_VNODE_DELETE | \
741 KAUTH_VNODE_WRITE_ATTRIBUTES | \
742 KAUTH_VNODE_WRITE_EXTATTRIBUTES | \
743 KAUTH_VNODE_WRITE_SECURITY | \
744 KAUTH_VNODE_TAKE_OWNERSHIP | \
745 KAUTH_VNODE_LINKTARGET | \
746 KAUTH_VNODE_CHECKIMMUTABLE)
747
748
749#endif /* KERNEL || <sys/acl.h> */
750
751#ifdef KERNEL
752#include <sys/lock.h> /* lck_grp_t */
753
754/*
755 * Debugging
756 *
757 * XXX this wouldn't be necessary if we had a *real* debug-logging system.
758 */
759#if 0
760# ifndef _FN_KPRINTF
761# define _FN_KPRINTF
762void kprintf(const char *fmt, ...);
763# endif /* !_FN_KPRINTF */
764# define KAUTH_DEBUG_ENABLE
765# define K_UUID_FMT "%08x:%08x:%08x:%08x"
766# define K_UUID_ARG(_u) &_u.g_guid_asint[0],&_u.g_guid_asint[1],&_u.g_guid_asint[2],&_u.g_guid_asint[3]
767# define KAUTH_DEBUG(fmt, args...) do { kprintf("%s:%d: " fmt "\n", __PRETTY_FUNCTION__, __LINE__ , ##args); } while (0)
768# define KAUTH_DEBUG_CTX(_c) KAUTH_DEBUG("p = %p c = %p", _c->vc_proc, _c->vc_ucred)
769# define VFS_DEBUG(_ctx, _vp, fmt, args...) \
770 do { \
771 kprintf("%p '%s' %s:%d " fmt "\n", \
772 _ctx, \
773 (_vp != NULL && _vp->v_name != NULL) ? _vp->v_name : "????", \
774 __PRETTY_FUNCTION__, __LINE__ , \
775 ##args); \
776 } while(0)
777#else /* !0 */
778# define KAUTH_DEBUG(fmt, args...) do { } while (0)
779# define VFS_DEBUG(ctx, vp, fmt, args...) do { } while(0)
780#endif /* !0 */
781
782/*
783 * Initialisation.
784 */
785#ifdef XNU_KERNEL_PRIVATE
786__BEGIN_DECLS
787
788extern lck_grp_t kauth_lck_grp;
789
790extern void kauth_init(void);
791extern void kauth_cred_init(void);
792/*
793 * If you need accounting for KM_KAUTH consider using
794 * KALLOC_HEAP_DEFINE to define a view.
795 */
796#define KM_KAUTH KHEAP_DEFAULT
797#if CONFIG_EXT_RESOLVER
798extern void kauth_resolver_identity_reset(void);
799#endif
800__END_DECLS
801#endif /* XNU_KERNEL_PRIVATE */
802
803#endif /* KERNEL */
804
805#endif /* __APPLE_API_EVOLVING */
806#endif /* _SYS_KAUTH_H */
mirror of XNU