]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/kern/mach_process.c
xnu-792.18.15.tar.gz
[apple/xnu.git] / bsd / kern / mach_process.c
index db317e75a1f548fe9a3e1789f27951f54a522171..6ecd242b1efa803bc2d7b03efc4a3f95336edf6e 100644 (file)
@@ -1,23 +1,29 @@
 /*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
  * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
 /*-
  *
  *     from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93
  */
-/*
- * HISTORY
- *
- *  10-Jun-97  Umesh Vaishampayan (umeshv@apple.com)
- *     Ported to PPC. Cleaned up the architecture specific code.
- */
 
 #include <machine/reg.h>
 #include <machine/psl.h>
 
 #include <sys/param.h>
 #include <sys/systm.h>
-#include <sys/proc.h>
+#include <sys/proc_internal.h>
+#include <sys/kauth.h>
 #include <sys/errno.h>
 #include <sys/ptrace.h>
 #include <sys/uio.h>
 #include <sys/sysctl.h>
 #include <sys/wait.h>
 
-#include <sys/mount.h>
+#include <sys/mount_internal.h>
+#include <sys/sysproto.h>
+
+#include <bsm/audit_kernel.h>
 
 #include <kern/task.h>
 #include <kern/thread.h>
-#include <mach/machine/thread_status.h>
+
 
 /* Macros to clear/set/test flags. */
 #define        SET(t, f)       (t) |= (f)
 #define        CLR(t, f)       (t) &= ~(f)
 #define        ISSET(t, f)     ((t) & (f))
 
-void psignal_lock __P((struct proc *, int, int, int));
+extern thread_t        port_name_to_thread(mach_port_name_t port_name);
+extern thread_t get_firstthread(task_t);
+
+
 /*
  * sys-trace system call.
  */
-struct ptrace_args {
-       int     req;
-       pid_t pid;
-       caddr_t addr;
-       int     data;
-};
+
 int
 ptrace(p, uap, retval)
        struct proc *p;
@@ -107,39 +109,37 @@ ptrace(p, uap, retval)
        register_t *retval;
 {
        struct proc *t = current_proc();        /* target process */
-       vm_offset_t     start_addr, end_addr,
-                       kern_addr, offset;
-       vm_size_t       size;
-       boolean_t       change_protection;
        task_t          task;
-       thread_t        thread;
-       thread_act_t    th_act;
+       thread_t        th_act;
        struct uthread  *ut;
-       int             *locr0;
-       int error = 0;
-#if defined(ppc)
-       struct ppc_saved_state statep;
-#elif  defined(i386)
-       struct i386_saved_state statep;
-#else
-#error architecture not supported
-#endif
-       unsigned long state_count;
-
-
-        if (uap->req == PT_DENY_ATTACH) {
-               if (ISSET(p->p_flag, P_TRACED)) {
-                               exit1(p, W_EXITCODE(ENOTSUP, 0), retval);
-                               /* drop funnel befewo we return */
-                               thread_funnel_set(kernel_flock, FALSE);
-                               thread_exception_return();
-                               /* NOTREACHED */
-                       }
+       int tr_sigexc = 0;
+
+       AUDIT_ARG(cmd, uap->req);
+       AUDIT_ARG(pid, uap->pid);
+       AUDIT_ARG(addr, uap->addr);
+       AUDIT_ARG(value, uap->data);
+
+       if (uap->req == PT_DENY_ATTACH) {
+               if (ISSET(p->p_flag, P_TRACED)) {
+                       exit1(p, W_EXITCODE(ENOTSUP, 0), retval);
+                       /* drop funnel before we return */
+                       thread_funnel_set(kernel_flock, FALSE);
+                       thread_exception_return();
+                       /* NOTREACHED */
+               }
                SET(p->p_flag, P_NOATTACH);
 
                return(0);
        }
 
+       if (uap->req == PT_FORCEQUOTA) {
+               if (is_suser()) {
+                       SET(t->p_flag, P_FORCEQUOTA);
+                       return (0);
+               } else
+                       return (EPERM);
+       }
+
        /*
         *      Intercept and deal with "please trace me" request.
         */      
@@ -149,6 +149,13 @@ ptrace(p, uap, retval)
                t->p_oppid = t->p_pptr->p_pid;
                return(0);
        }
+       if (uap->req == PT_SIGEXC) {
+               if (ISSET(p->p_flag, P_TRACED)) {
+                       SET(p->p_flag, P_SIGEXC);
+                       return(0);
+               } else
+                       return(EINVAL);
+       }
 
        /*
         *      Locate victim, and make sure it is traceable.
@@ -156,6 +163,7 @@ ptrace(p, uap, retval)
        if ((t = pfind(uap->pid)) == NULL)
                        return (ESRCH);
 
+       AUDIT_ARG(process, t);
 
        /* We do not want ptrace to do anything with kernel, init 
         * and mach_init
@@ -164,47 +172,40 @@ ptrace(p, uap, retval)
                return (EPERM);
 
        task = t->task;
+       if (uap->req == PT_ATTACHEXC) {
+               uap->req = PT_ATTACH;
+               tr_sigexc = 1;
+       }
        if (uap->req == PT_ATTACH) {
-
-               /*
-                * You can't attach to a process if:
-                *      (1) it's the process that's doing the attaching,
-                */
-               if (t->p_pid == p->p_pid)
-                       return (EINVAL);
-
-               /*
-                *      (2) it's already being traced, or
-                */
-               if (ISSET(t->p_flag, P_TRACED))
-                       return (EBUSY);
-
-               /*
-                *      (3) it's not owned by you, or is set-id on exec
-                *          (unless you're root).
-                */
-               if ((t->p_cred->p_ruid != p->p_cred->p_ruid ||
-                       ISSET(t->p_flag, P_SUGID)) &&
-                   (error = suser(p->p_ucred, &p->p_acflag)) != 0)
-                       return (error);
-
-               if (ISSET(t->p_flag, P_NOATTACH)) {
-                       psignal(p, SIGSEGV);
-                       return (EBUSY);
+               int             err;
+               
+               if ( kauth_authorize_process(proc_ucred(p), KAUTH_PROCESS_CANTRACE, 
+                                                                        t, (uintptr_t)&err, 0, 0) == 0 ) {
+                       /* it's OK to attach */
+                       SET(t->p_flag, P_TRACED);
+                       if (tr_sigexc) 
+                               SET(t->p_flag, P_SIGEXC);
+       
+                       t->p_oppid = t->p_pptr->p_pid;
+                       if (t->p_pptr != p)
+                               proc_reparent(t, p);
+       
+                       if (get_task_userstop(task) == 0 ) {
+                               t->p_xstat = 0;
+                               psignal(t, SIGSTOP);
+                       } else {
+                               t->p_xstat = SIGSTOP; 
+                               task_resume(task);       
+                       }
+                       return(0);
                }
-               SET(t->p_flag, P_TRACED);
-               t->p_oppid = t->p_pptr->p_pid;
-               if (t->p_pptr != p)
-                       proc_reparent(t, p);
-
-               if (get_task_userstop(task) == 0 ) {
-                       t->p_xstat = 0;
-                       psignal(t, SIGSTOP);
-               } else {
-                       t->p_xstat = SIGSTOP; 
-                       task_resume(task);       
+               else {
+                       /* not allowed to attach, proper error code returned by kauth_authorize_process */
+                       if (ISSET(t->p_flag, P_NOATTACH)) {
+                               psignal(p, SIGSEGV);
+                       }
+                       return (err);
                }
-               return(0);
        }
 
        /*
@@ -242,6 +243,7 @@ ptrace(p, uap, retval)
 
                t->p_oppid = 0;
                CLR(t->p_flag, P_TRACED);
+               CLR(t->p_flag, P_SIGEXC);
                goto resume;
                
        case PT_KILL:
@@ -249,98 +251,121 @@ ptrace(p, uap, retval)
                 *      Tell child process to kill itself after it
                 *      is resumed by adding NSIG to p_cursig. [see issig]
                 */
-               psignal_lock(t, SIGKILL, 0, 0);
+               psignal_lock(t, SIGKILL, 0);
                goto resume;
 
        case PT_STEP:                   /* single step the child */
        case PT_CONTINUE:               /* continue the child */
-               th_act = (thread_act_t)get_firstthread(task);
+               th_act = (thread_t)get_firstthread(task);
                if (th_act == THREAD_NULL)
                        goto errorLabel;
-               ut = (uthread_t)get_bsdthread_info(th_act);
-               locr0 = ut->uu_ar0;
-#if defined(i386)
-               state_count = i386_NEW_THREAD_STATE_COUNT;
-               if (act_machine_get_state(th_act, i386_NEW_THREAD_STATE, &statep, &state_count)  != KERN_SUCCESS) {
-                       goto errorLabel;
-               }       
-#elif defined(ppc)
-               state_count = PPC_THREAD_STATE_COUNT;
-               if (act_machine_get_state(th_act, PPC_THREAD_STATE, &statep, &state_count)  != KERN_SUCCESS) {
-                       goto errorLabel;
-               }       
-#else
-#error architecture not supported
-#endif
-               if ((int)uap->addr != 1) {
-#if    defined(i386)
-                       locr0[PC] = (int)uap->addr;
-#elif  defined(ppc)
-#define ALIGNED(addr,size)     (((unsigned)(addr)&((size)-1))==0)
-               if (!ALIGNED((int)uap->addr, sizeof(int)))
-                       return (ERESTART);
 
-               statep.srr0 = (int)uap->addr;
-               state_count = PPC_THREAD_STATE_COUNT;
-               if (act_machine_set_state(th_act, PPC_THREAD_STATE, &statep, &state_count)  != KERN_SUCCESS) {
-                       goto errorLabel;
-               }       
+               if (uap->addr != (user_addr_t)1) {
+#if defined(ppc)
+#define ALIGNED(addr,size)     (((unsigned)(addr)&((size)-1))==0)
+                       if (!ALIGNED((int)uap->addr, sizeof(int)))
+                               return (ERESTART);
 #undef         ALIGNED
-#else
-#error architecture not implemented!
 #endif
-               } /* (int)uap->addr != 1 */
+                       thread_setentrypoint(th_act, uap->addr);
+               }
 
-               if ((unsigned)uap->data < 0 || (unsigned)uap->data >= NSIG)
+               if ((unsigned)uap->data >= NSIG)
                        goto errorLabel;
 
                if (uap->data != 0) {
-                       psignal_lock(t, uap->data, 0, 1);
+                       psignal_lock(t, uap->data, 0);
                 }
-#if defined(ppc)
-               state_count = PPC_THREAD_STATE_COUNT;
-               if (act_machine_get_state(th_act, PPC_THREAD_STATE, &statep, &state_count)  != KERN_SUCCESS) {
-                       goto errorLabel;
-               }       
-#endif
-
-#define MSR_SE_BIT     21
 
                if (uap->req == PT_STEP) {
-#if    defined(i386)
-                       locr0[PS] |= PSL_T;
-#elif  defined(ppc)
-                       statep.srr1 |= MASK(MSR_SE);
-#else
-#error architecture not implemented!
-#endif
-               } /* uap->req == PT_STEP */
-               else {  /* PT_CONTINUE - clear trace bit if set */
-#if defined(i386)
-                       locr0[PS] &= ~PSL_T;
-#elif defined(ppc)
-                       statep.srr1 &= ~MASK(MSR_SE);
-#endif
+                       /*
+                        * set trace bit
+                        */
+                       thread_setsinglestep(th_act, 1);
+               } else {
+                       /*
+                        * clear trace bit if on
+                        */
+                       thread_setsinglestep(th_act, 0);
                }
-#if defined (ppc)
-               state_count = PPC_THREAD_STATE_COUNT;
-               if (act_machine_set_state(th_act, PPC_THREAD_STATE, &statep, &state_count)  != KERN_SUCCESS) {
-                       goto errorLabel;
-               }       
-#endif
        resume:
                t->p_xstat = uap->data;
                t->p_stat = SRUN;
                if (t->sigwait) {
                        wakeup((caddr_t)&(t->sigwait));
-                       task_release(task);
+                       if ((t->p_flag & P_SIGEXC) == 0)
+                               task_release(task);
                }
                break;
                
+       case PT_THUPDATE:  {
+               if ((unsigned)uap->data >= NSIG)
+                       goto errorLabel;
+               th_act = port_name_to_thread(CAST_DOWN(mach_port_name_t, uap->addr));
+               if (th_act == THREAD_NULL)
+                       return (ESRCH);
+               ut = (uthread_t)get_bsdthread_info(th_act);
+               if (uap->data)
+                       ut->uu_siglist |= sigmask(uap->data);
+               t->p_xstat = uap->data;
+               t->p_stat = SRUN;
+               thread_deallocate(th_act);
+               return(0);
+               }
+               break;
+errorLabel:
        default:
-       errorLabel:
                return(EINVAL);
        }
+
        return(0);
 }
 
+
+/*
+ * determine if one process (cur_procp) can trace another process (traced_procp).
+ */
+
+int
+cantrace(proc_t cur_procp, kauth_cred_t creds, proc_t traced_procp, int *errp)
+{
+       int             my_err;
+       /*
+        * You can't trace a process if:
+        *      (1) it's the process that's doing the tracing,
+        */
+       if (traced_procp->p_pid == cur_procp->p_pid) {
+               *errp = EINVAL;
+               return (0);
+       }
+
+       /*
+        *      (2) it's already being traced, or
+        */
+       if (ISSET(traced_procp->p_flag, P_TRACED)) {
+               *errp = EBUSY;
+               return (0);
+       }
+
+       /*
+        *      (3) it's not owned by you, or is set-id on exec
+        *          (unless you're root).
+        */
+       if ((creds->cr_ruid != proc_ucred(traced_procp)->cr_ruid ||
+               ISSET(traced_procp->p_flag, P_SUGID)) &&
+               (my_err = suser(creds, &cur_procp->p_acflag)) != 0) {
+               *errp = my_err;
+               return (0);
+       }
+
+       if ((cur_procp->p_flag & P_TRACED) && isinferior(cur_procp, traced_procp)) {
+               *errp = EPERM;
+               return (0);
+       }
+
+       if (ISSET(traced_procp->p_flag, P_NOATTACH)) {
+               *errp = EBUSY;
+               return (0);
+       }
+       return(1);
+}