#include <sys/mount_internal.h>
#include <sys/sysproto.h>
#include <sys/kdebug.h>
+#include <sys/codesign.h> /* cs_allow_invalid() */
#include <security/audit/audit.h>
#include <mach/task.h> /* for task_resume() */
#include <kern/sched_prim.h> /* for thread_exception_return() */
-#include <vm/vm_protos.h> /* cs_allow_invalid() */
-
#include <pexpert/pexpert.h>
/* XXX ken/bsd_kern.c - prototype should be in common header */
KERNEL_DEBUG_CONSTANT(BSDDBG_CODE(DBG_BSD_PROC, BSD_PROC_FRCEXIT) | DBG_FUNC_NONE,
p->p_pid, W_EXITCODE(ENOTSUP, 0), 4, 0, 0);
exit1(p, W_EXITCODE(ENOTSUP, 0), retval);
- /* drop funnel before we return */
+
thread_exception_return();
/* NOTREACHED */
}
}
if (uap->req == PT_FORCEQUOTA) {
- if (is_suser()) {
+ if (kauth_cred_issuser(kauth_cred_get())) {
OSBitOrAtomic(P_FORCEQUOTA, &t->p_flag);
return (0);
} else
proc_unlock(t);
pp = proc_find(t->p_oppid);
- proc_reparentlocked(t, pp ? pp : initproc, 1, 0);
- if (pp != PROC_NULL)
+ if (pp != PROC_NULL) {
+ proc_reparentlocked(t, pp, 1, 0);
proc_rele(pp);
+ } else {
+ /* original parent exited while traced */
+ proc_list_lock();
+ t->p_listflag |= P_LIST_DEADPARENT;
+ proc_list_unlock();
+ proc_reparentlocked(t, initproc, 1, 0);
+ }
proc_lock(t);
-
}
t->p_oppid = 0;
* is resumed by adding NSIG to p_cursig. [see issig]
*/
proc_unlock(t);
-#if NOTYET
+#if CONFIG_MACF
error = mac_proc_check_signal(p, t, SIGKILL);
if (0 != error)
goto resume;
* set trace bit
* we use sending SIGSTOP as a comparable security check.
*/
-#if NOTYET
+#if CONFIG_MACF
error = mac_proc_check_signal(p, t, SIGSTOP);
if (0 != error) {
goto out;
* clear trace bit if on
* we use sending SIGCONT as a comparable security check.
*/
-#if NOTYET
+#if CONFIG_MACF
error = mac_proc_check_signal(p, t, SIGCONT);
if (0 != error) {
goto out;
*errp = EBUSY;
return (0);
}
+
+#if CONFIG_MACF
+ if ((my_err = mac_proc_check_debug(cur_procp, traced_procp)) != 0) {
+ *errp = my_err;
+ return (0);
+ }
+#endif
+
return(1);
}
projects / apple / xnu.git / blobdiff