#include <sys/appleapiopts.h>
#include <sys/cdefs.h>
#include <mach/boolean.h>
+#include <machine/types.h> /* u_int8_t, etc. */
#include <sys/_types.h> /* __offsetof() */
+#include <sys/_types/_uid_t.h> /* uid_t */
+#include <sys/_types/_gid_t.h> /* gid_t */
#include <sys/syslimits.h> /* NGROUPS_MAX */
#ifdef __APPLE_API_EVOLVING
extern kauth_cred_t kauth_cred_setresgid(kauth_cred_t cred, gid_t rgid, gid_t egid, gid_t svgid);
extern kauth_cred_t kauth_cred_setuidgid(kauth_cred_t cred, uid_t uid, gid_t gid);
extern kauth_cred_t kauth_cred_setsvuidgid(kauth_cred_t cred, uid_t uid, gid_t gid);
-extern kauth_cred_t kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, int groupcount, uid_t gmuid);
+extern kauth_cred_t kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, size_t groupcount, uid_t gmuid);
struct uthread;
extern void kauth_cred_uthread_update(struct uthread *, proc_t);
#ifdef CONFIG_MACF
extern void kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, off_t offset, struct vnode *scriptvp, struct label *scriptlabel, struct label *execlabel, unsigned int *csflags, void *psattr, int *disjoint, int *update_return);
#endif
-extern int kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, int *_groupcount);
+extern int kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, size_t *_groupcount);
extern int kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp);
struct auditinfo_addr;
extern kauth_cred_t kauth_cred_setauditinfo(kauth_cred_t, au_session_t *);
void kauth_filesec_free(kauth_filesec_t fsp);
extern kauth_scope_t kauth_register_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata);
extern void kauth_deregister_scope(kauth_scope_t _scope);
+__kpi_deprecated("Use EndpointSecurity instead")
extern kauth_listener_t kauth_listen_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata);
+__kpi_deprecated("Use EndpointSecurity instead")
extern void kauth_unlisten_scope(kauth_listener_t _scope);
extern int kauth_authorize_action(kauth_scope_t _scope, kauth_cred_t _credential, kauth_action_t _action,
uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
/* Actions, also rights bits in an ACE */
#if defined(KERNEL) || defined (_SYS_ACL_H)
-#define KAUTH_VNODE_READ_DATA (1<<1)
+#define KAUTH_VNODE_READ_DATA (1U<<1)
#define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA
-#define KAUTH_VNODE_WRITE_DATA (1<<2)
+#define KAUTH_VNODE_WRITE_DATA (1U<<2)
#define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA
-#define KAUTH_VNODE_EXECUTE (1<<3)
+#define KAUTH_VNODE_EXECUTE (1U<<3)
#define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE
-#define KAUTH_VNODE_DELETE (1<<4)
-#define KAUTH_VNODE_APPEND_DATA (1<<5)
+#define KAUTH_VNODE_DELETE (1U<<4)
+#define KAUTH_VNODE_APPEND_DATA (1U<<5)
#define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA
-#define KAUTH_VNODE_DELETE_CHILD (1<<6)
-#define KAUTH_VNODE_READ_ATTRIBUTES (1<<7)
-#define KAUTH_VNODE_WRITE_ATTRIBUTES (1<<8)
-#define KAUTH_VNODE_READ_EXTATTRIBUTES (1<<9)
-#define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1<<10)
-#define KAUTH_VNODE_READ_SECURITY (1<<11)
-#define KAUTH_VNODE_WRITE_SECURITY (1<<12)
-#define KAUTH_VNODE_TAKE_OWNERSHIP (1<<13)
+#define KAUTH_VNODE_DELETE_CHILD (1U<<6)
+#define KAUTH_VNODE_READ_ATTRIBUTES (1U<<7)
+#define KAUTH_VNODE_WRITE_ATTRIBUTES (1U<<8)
+#define KAUTH_VNODE_READ_EXTATTRIBUTES (1U<<9)
+#define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1U<<10)
+#define KAUTH_VNODE_READ_SECURITY (1U<<11)
+#define KAUTH_VNODE_WRITE_SECURITY (1U<<12)
+#define KAUTH_VNODE_TAKE_OWNERSHIP (1U<<13)
/* backwards compatibility only */
#define KAUTH_VNODE_CHANGE_OWNER KAUTH_VNODE_TAKE_OWNERSHIP
/* For Windows interoperability only */
-#define KAUTH_VNODE_SYNCHRONIZE (1<<20)
+#define KAUTH_VNODE_SYNCHRONIZE (1U<<20)
/* (1<<21) - (1<<24) are reserved for generic rights bits */
/*
* Authorizes the vnode as the target of a hard link.
*/
-#define KAUTH_VNODE_LINKTARGET (1<<25)
+#define KAUTH_VNODE_LINKTARGET (1U<<25)
/*
* Indicates that other steps have been taken to authorise the action,
* but authorisation should be denied for immutable objects.
*/
-#define KAUTH_VNODE_CHECKIMMUTABLE (1<<26)
+#define KAUTH_VNODE_CHECKIMMUTABLE (1U<<26)
/* Action modifiers */
/*
*
* This bit will never be present in an ACE.
*/
-#define KAUTH_VNODE_ACCESS (1<<31)
+#define KAUTH_VNODE_ACCESS (1U<<31)
/*
* The KAUTH_VNODE_NOIMMUTABLE bit is passed to the callback along with the
* The system immutable flags are only ignored when the system securelevel
* is low enough to allow their removal.
*/
-#define KAUTH_VNODE_NOIMMUTABLE (1<<30)
+#define KAUTH_VNODE_NOIMMUTABLE (1U<<30)
/*
* for an exact match on the last credential to lookup
* the component being acted on
*/
-#define KAUTH_VNODE_SEARCHBYANYONE (1<<29)
+#define KAUTH_VNODE_SEARCHBYANYONE (1U<<29)
/*
# endif /* !_FN_KPRINTF */
# define KAUTH_DEBUG_ENABLE
# define K_UUID_FMT "%08x:%08x:%08x:%08x"
-# define K_UUID_ARG(_u) *(int *)&_u.g_guid[0],*(int *)&_u.g_guid[4],*(int *)&_u.g_guid[8],*(int *)&_u.g_guid[12]
+# define K_UUID_ARG(_u) &_u.g_guid_asint[0],&_u.g_guid_asint[1],&_u.g_guid_asint[2],&_u.g_guid_asint[3]
# define KAUTH_DEBUG(fmt, args...) do { kprintf("%s:%d: " fmt "\n", __PRETTY_FUNCTION__, __LINE__ , ##args); } while (0)
# define KAUTH_DEBUG_CTX(_c) KAUTH_DEBUG("p = %p c = %p", _c->vc_proc, _c->vc_ucred)
# define VFS_DEBUG(_ctx, _vp, fmt, args...) \
extern void kauth_identity_init(void);
extern void kauth_groups_init(void);
extern void kauth_resolver_init(void);
+extern void kauth_resolver_identity_reset(void);
#endif
__END_DECLS
#endif /* XNU_KERNEL_PRIVATE */
projects / apple / xnu.git / blobdiff