]> git.saurik.com Git - apple/xnu.git/blob - osfmk/kern/security.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-2422.115.4.tar.gz
[apple/xnu.git] / osfmk / kern / security.c
1 /*
2 * Copyright (c) 2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*-
29 * Copyright (c) 2005-2007 SPARTA, Inc.
30 * All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 *
41 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 */
53
54 #include <mach/message.h>
55 #include <kern/kern_types.h>
56 #include <kern/ipc_kobject.h>
57 #include <ipc/ipc_object.h>
58 #include <ipc/ipc_right.h>
59 #include <ipc/ipc_labelh.h>
60 #include <kern/task.h>
61 #include <security/mac_mach_internal.h>
62 #include <mach/security.h>
63
64 #if CONFIG_MACF_MACH
65 kern_return_t
66 mach_get_task_label(
67 ipc_space_t space,
68 mach_port_name_t *outlabel)
69 {
70 kern_return_t kr;
71 ipc_labelh_t lh;
72
73 if (space == IS_NULL || space->is_task == NULL)
74 return KERN_INVALID_TASK;
75
76 lh = space->is_task->label;
77 ip_lock(lh->lh_port);
78 lh->lh_port->ip_mscount++;
79 lh->lh_port->ip_srights++;
80 ip_reference(lh->lh_port);
81 ip_unlock(lh->lh_port);
82 kr = ipc_object_copyout(space, (ipc_object_t) lh->lh_port,
83 MACH_MSG_TYPE_PORT_SEND, 0, outlabel);
84 if (kr != KERN_SUCCESS) {
85 ip_release(lh->lh_port);
86 *outlabel = MACH_PORT_NULL;
87 }
88
89 return (KERN_SUCCESS);
90 }
91 #else
92 kern_return_t
93 mach_get_task_label(
94 ipc_space_t space __unused,
95 mach_port_name_t *outlabel __unused)
96 {
97 return KERN_FAILURE;
98 }
99 #endif
100
101 #if CONFIG_MACF_MACH
102 kern_return_t
103 mach_get_task_label_text(
104 ipc_space_t space,
105 labelstr_t policies,
106 labelstr_t outl)
107 {
108
109 if (space == IS_NULL || space->is_task == NULL)
110 return KERN_INVALID_TASK;
111
112 tasklabel_lock(space->is_task);
113 mac_task_label_externalize(&space->is_task->maclabel, policies, outl,
114 512, 0);
115 tasklabel_unlock(space->is_task);
116
117 return KERN_SUCCESS;
118 }
119 #else
120 kern_return_t
121 mach_get_task_label_text(
122 ipc_space_t space __unused,
123 labelstr_t policies __unused,
124 labelstr_t outl __unused)
125 {
126 return KERN_FAILURE;
127 }
128 #endif
129
130 #if CONFIG_MACF_MACH
131 int
132 mac_task_check_service(
133 task_t self,
134 task_t obj,
135 const char * perm)
136 {
137 tasklabel_lock2(self, obj);
138
139 int rc = mac_port_check_service(
140 &self->maclabel, &obj->maclabel,
141 "mach_task", perm);
142
143 tasklabel_unlock2(self, obj);
144
145 return rc;
146 }
147 #else
148 int
149 mac_task_check_service(
150 task_t self __unused,
151 task_t obj __unused,
152 const char * perm __unused)
153 {
154 return KERN_SUCCESS;
155 }
156 #endif
157
158 #if CONFIG_MACF_MACH
159 kern_return_t
160 mac_check_service(
161 __unused ipc_space_t space,
162 labelstr_t subj,
163 labelstr_t obj,
164 labelstr_t serv,
165 labelstr_t perm)
166 {
167 struct label subjl, objl;
168
169 mac_task_label_init(&subjl);
170 int rc = mac_port_label_internalize(&subjl, subj);
171 if (rc) {
172 mac_task_label_destroy(&subjl);
173 return KERN_INVALID_ARGUMENT;
174 }
175 mac_task_label_init(&objl);
176 rc = mac_port_label_internalize(&objl, obj);
177 if (rc) {
178 mac_task_label_destroy(&subjl);
179 mac_task_label_destroy(&objl);
180 return KERN_INVALID_ARGUMENT;
181 }
182
183 rc = mac_port_check_service(&subjl, &objl, serv, perm);
184 mac_task_label_destroy(&subjl);
185 mac_task_label_destroy(&objl);
186
187 return rc ? KERN_NO_ACCESS : KERN_SUCCESS;
188 }
189 #else
190 kern_return_t
191 mac_check_service(
192 __unused ipc_space_t space,
193 __unused labelstr_t subj,
194 __unused labelstr_t obj,
195 __unused labelstr_t serv,
196 __unused labelstr_t perm)
197 {
198 return KERN_FAILURE;
199 }
200 #endif
201
202 #if CONFIG_MACF_MACH
203 kern_return_t
204 mac_port_check_service_obj(
205 ipc_space_t space,
206 labelstr_t subj,
207 mach_port_name_t obj,
208 labelstr_t serv,
209 labelstr_t perm)
210 {
211 struct label subjl;
212 ipc_entry_t entry;
213 ipc_object_t objp;
214 kern_return_t kr;
215 struct label *objl;
216 int dead;
217
218 if (space == IS_NULL || space->is_task == NULL)
219 return KERN_INVALID_TASK;
220
221 if (!MACH_PORT_VALID(obj))
222 return KERN_INVALID_NAME;
223
224 mac_task_label_init(&subjl);
225 int rc = mac_port_label_internalize(&subjl, subj);
226 if (rc) {
227 mac_task_label_destroy(&subjl);
228 return KERN_INVALID_ARGUMENT;
229 }
230
231 kr = ipc_right_lookup_write(space, obj, &entry);
232 if (kr != KERN_SUCCESS) {
233 mac_task_label_destroy(&subjl);
234 return kr;
235 }
236
237 objp = entry->ie_object;
238 port = (ipc_port_t)objp;
239 dead = ipc_right_check(space, port, obj, entry);
240 if (dead) {
241 is_write_unlock(space);
242 ip_release(port);
243 mac_task_label_destroy(&subjl);
244 return KERN_INVALID_RIGHT;
245 }
246
247 io_lock (objp);
248 is_write_unlock (space);
249
250 objl = io_getlabel(objp);
251 if (objl == NULL) {
252 io_unlock(objp);
253 return KERN_INVALID_ARGUMENT;
254 }
255
256 rc = mac_port_check_service(&subjl, objl, serv, perm);
257 io_unlocklabel(objp);
258 io_unlock (objp);
259
260 mac_task_label_destroy(&subjl);
261 return rc ? KERN_NO_ACCESS : KERN_SUCCESS;
262 }
263 #else
264 kern_return_t
265 mac_port_check_service_obj(
266 __unused ipc_space_t space,
267 __unused labelstr_t subj,
268 __unused mach_port_name_t obj,
269 __unused labelstr_t serv,
270 __unused labelstr_t perm)
271 {
272 return KERN_FAILURE;
273 }
274 #endif
275
276 #if CONFIG_MACF_MACH
277 kern_return_t
278 mac_port_check_access(
279 ipc_space_t space,
280 mach_port_name_t sub,
281 mach_port_name_t obj,
282 labelstr_t serv,
283 labelstr_t perm)
284 {
285 ipc_entry_t subi, obji;
286 ipc_object_t subp, objp;
287 kern_return_t kr;
288 struct label *objl, *subl;
289 int rc;
290
291 if (space == IS_NULL || space->is_task == NULL)
292 return KERN_INVALID_TASK;
293
294 if (!MACH_PORT_VALID(obj) || !MACH_PORT_VALID(sub))
295 return KERN_INVALID_NAME;
296
297 kr = ipc_right_lookup_two_write(space, obj, &obji, sub, &subi);
298 if (kr != KERN_SUCCESS)
299 return kr;
300
301 objp = obji->ie_object;
302 subp = subi->ie_object;
303
304 ipc_port_multiple_lock(); /* serialize (not necessary for LH, but simpler) */
305 io_lock(objp);
306 io_lock(subp);
307 is_write_unlock (space);
308
309 objl = io_getlabel(objp);
310 if (objl == NULL)
311 goto errout;
312 subl = io_getlabel(subp);
313 if (subl == NULL)
314 goto errout;
315
316 rc = mac_port_check_service(subl, objl, serv, perm);
317 io_unlocklabel(subp);
318 io_unlock(subp);
319 io_unlocklabel(objp);
320 io_unlock(objp);
321 ipc_port_multiple_unlock();
322
323 return rc ? KERN_NO_ACCESS : KERN_SUCCESS;
324
325 errout:
326 io_unlocklabel(subp);
327 io_unlock(subp);
328 io_unlocklabel(objp);
329 io_unlock(objp);
330 ipc_port_multiple_unlock();
331 return KERN_INVALID_ARGUMENT;
332 }
333 #else
334 kern_return_t
335 mac_port_check_access(
336 __unused ipc_space_t space,
337 __unused mach_port_name_t sub,
338 __unused mach_port_name_t obj,
339 __unused labelstr_t serv,
340 __unused labelstr_t perm)
341 {
342 return KERN_FAILURE;
343 }
344 #endif
345
346 #if CONFIG_MACF_MACH
347 kern_return_t
348 mac_request_label(
349 ipc_space_t space,
350 mach_port_name_t sub,
351 mach_port_name_t obj,
352 labelstr_t serv,
353 mach_port_name_t *outlabel)
354 {
355 ipc_entry_t subi, obji;
356 ipc_object_t subp, objp;
357 kern_return_t kr;
358 struct label *objl, *subl, outl;
359 int rc;
360
361 if (space == IS_NULL || space->is_task == NULL)
362 return KERN_INVALID_TASK;
363
364 if (!MACH_PORT_VALID(obj) || !MACH_PORT_VALID(sub))
365 return KERN_INVALID_NAME;
366
367 kr = ipc_right_lookup_two_write(space, obj, &obji, sub, &subi);
368 if (kr != KERN_SUCCESS)
369 return kr;
370
371 objp = obji->ie_object;
372 subp = subi->ie_object;
373
374 ipc_port_multiple_lock(); /* serialize (not necessary for LH, but simpler) */
375 io_lock(objp);
376 io_lock(subp);
377 is_write_unlock (space);
378
379 objl = io_getlabel(objp);
380 if (objl == NULL)
381 goto errout;
382 subl = io_getlabel(subp);
383 if (subl == NULL)
384 goto errout;
385
386 mac_port_label_init(&outl);
387 rc = mac_port_label_compute(subl, objl, serv, &outl);
388 io_unlocklabel(subp);
389 io_unlock(subp);
390 io_unlocklabel(objp);
391 io_unlock(objp);
392 ipc_port_multiple_unlock();
393
394 if (rc == 0)
395 kr = labelh_new_user(space, &outl, outlabel);
396 else
397 kr = KERN_NO_ACCESS;
398
399 if (kr != KERN_SUCCESS)
400 mac_port_label_destroy(&outl);
401
402 return kr;
403
404 errout:
405 io_unlocklabel(subp);
406 io_unlock(subp);
407 io_unlocklabel(objp);
408 io_unlock(objp);
409 ipc_port_multiple_unlock();
410 return KERN_INVALID_ARGUMENT;
411 }
412 #else /* !MAC_MACH */
413
414 kern_return_t
415 mac_request_label(
416 __unused ipc_space_t space,
417 __unused mach_port_name_t sub,
418 __unused mach_port_name_t obj,
419 __unused labelstr_t serv,
420 __unused mach_port_name_t *outlabel)
421 {
422 return KERN_FAILURE;
423 }
424
425 #endif /* MAC_MACH */
mirror of XNU