bsd/sys/guarded.h

   1 /*
   2  * Copyright (c) 2012 Apple Inc. All rights reserved.
   3  *
   4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. The rights granted to you under the License
  10  * may not be used to create, or enable the creation or redistribution of,
  11  * unlawful or unlicensed copies of an Apple operating system, or to
  12  * circumvent, violate, or enable the circumvention or violation of, any
  13  * terms of an Apple operating system software license agreement.
  14  *
  15  * Please obtain a copy of the License at
  16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  17  *
  18  * The Original Code and all software distributed under the License are
  19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  23  * Please see the License for the specific language governing rights and
  24  * limitations under the License.
  25  *
  26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  27  */
  28
  29 #ifndef _SYS_GUARDED_H_
  30 #define _SYS_GUARDED_H_
  31
  32 #include <sys/types.h>
  33 #include <sys/cdefs.h>
  34
  35 #ifdef PRIVATE
  36
  37 __BEGIN_DECLS
  38
  39 #if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE)
  40
  41 #ifndef _GUARDID_T
  42 #define _GUARDID_T
  43 typedef __uint64_t guardid_t;
  44 #endif /* _GUARDID_T */
  45
  46 #if !defined(KERNEL)
  47 extern int guarded_open_np(const char *path,
  48         const guardid_t *guard, u_int guardflags, int flags, ...);
  49 extern int guarded_kqueue_np(const guardid_t *guard, u_int guardflags);
  50 extern int guarded_close_np(int fd, const guardid_t *guard);
  51 extern int change_fdguard_np(int fd, const guardid_t *guard, u_int guardflags,
  52         const guardid_t *nguard, u_int nguardflags, int *fdflagsp);
  53 #endif /* KERNEL */
  54
  55 /*
  56  * Guard types.
  57  *
  58  * GUARD_TYPE_FD: Guarded file descriptor.
  59  */
  60 #define GUARD_TYPE_FD           0x2
  61
  62 /*
  63  * File descriptor guard flavors.
  64  */
  65
  66 /* Forbid close(2), and the implicit close() that a dup2(2) may do.
  67  * Forces close-on-fork to be set immutably too.
  68  */
  69 #define GUARD_CLOSE             (1u << 0)
  70
  71 /*
  72  * Forbid dup(2), dup2(2), and fcntl(2) subcodes F_DUPFD, F_DUPFD_CLOEXEC
  73  * on a guarded fd. Also forbids open's of a guarded fd via /dev/fd/
  74  * (an implicit dup.)
  75  */
  76 #define GUARD_DUP               (1u << 1)
  77
  78 /*
  79  * Forbid sending a guarded fd via a socket
  80  */
  81 #define GUARD_SOCKET_IPC        (1u << 2)
  82
  83 /*
  84  * Forbid creating a fileport from a guarded fd
  85  */
  86 #define GUARD_FILEPORT          (1u << 3)
  87
  88 /*
  89  * Violating a guard results in an error (EPERM), and potentially
  90  * an exception with one or more of the following bits set.
  91  */
  92 enum guard_exception_codes {
  93         kGUARD_EXC_CLOSE        = 1u << 0,      /* close of a guarded fd */
  94         kGUARD_EXC_DUP          = 1u << 1,      /* dup of a guarded fd */
  95         kGUARD_EXC_NOCLOEXEC    = 1u << 2,      /* clear close-on-exec */
  96         kGUARD_EXC_SOCKET_IPC   = 1u << 3,      /* sendmsg of a guarded fd */
  97         kGUARD_EXC_FILEPORT     = 1u << 4,      /* fileport_makeport .. */
  98         kGUARD_EXC_MISMATCH     = 1u << 5       /* wrong guard for guarded fd */
  99 };
 100
 101 #endif /* (!_POSIX_C_SOURCE || _DARWIN_C_SOURCE) */
 102
 103 __END_DECLS
 104
 105 #endif /* PRIVATE */
 106
 107 #endif /* !_SYS_GUARDED_H_ */