/*
- * Copyright (c) 2004-2011 Apple Inc. All rights reserved.
+ * Copyright (c) 2004-2016 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
static TAILQ_HEAD(,kauth_scope) kauth_scopes;
static int kauth_add_callback_to_scope(kauth_scope_t sp, kauth_listener_t klp);
-static void kauth_scope_init(void) __attribute__((section("__TEXT, initcode")));
+static void kauth_scope_init(void);
static kauth_scope_t kauth_alloc_scope(const char *identifier, kauth_scope_callback_t callback, void *idata);
static kauth_listener_t kauth_alloc_listener(const char *identifier, kauth_scope_callback_t callback, void *idata);
#if 0
uintptr_t arg0, uintptr_t arg1, uintptr_t arg2, uintptr_t arg3);
kauth_scope_t kauth_scope_fileop;
-extern int cansignal(struct proc *, kauth_cred_t, struct proc *, int, int);
+extern int cansignal(struct proc *, kauth_cred_t, struct proc *, int);
extern char * get_pathbuff(void);
extern void release_pathbuff(char *path);
/* arg0 - process to signal
* arg1 - signal to send the process
*/
- if (cansignal(current_proc(), credential, (struct proc *)arg0, (int)arg1, 0))
+ if (cansignal(current_proc(), credential, (struct proc *)arg0, (int)arg1))
return(KAUTH_RESULT_ALLOW);
break;
case KAUTH_PROCESS_CANTRACE:
* arg0 is pointer to vnode (vnode *) for file to be closed.
* arg1 is pointer to path (char *) of file to be closed.
* arg2 is close flags.
+ * arguments passed to KAUTH_FILEOP_WILL_RENAME listeners
+ * arg0 is pointer to vnode (vnode *) of the file being renamed
+ * arg1 is pointer to the "from" path (char *)
+ * arg2 is pointer to the "to" path (char *)
* arguments passed to KAUTH_FILEOP_RENAME listeners
* arg0 is pointer to "from" path (char *).
* arg1 is pointer to "to" path (char *).
return(0);
}
- if (action == KAUTH_FILEOP_OPEN || action == KAUTH_FILEOP_CLOSE || action == KAUTH_FILEOP_EXEC) {
+ if (action == KAUTH_FILEOP_OPEN ||
+ action == KAUTH_FILEOP_CLOSE ||
+ action == KAUTH_FILEOP_EXEC ||
+ action == KAUTH_FILEOP_WILL_RENAME) {
/* get path to the given vnode as a convenience to our listeners.
*/
namep = get_pathbuff();
release_pathbuff(namep);
return(0);
}
- if (action == KAUTH_FILEOP_CLOSE) {
- arg2 = arg1; /* close has some flags that come in via arg1 */
+ if (action == KAUTH_FILEOP_CLOSE ||
+ action == KAUTH_FILEOP_WILL_RENAME) {
+ /*
+ * - Close has some flags that come in via arg1.
+ * - Will-rename wants to pass the vnode and
+ * both paths to the listeners ("to" path
+ * starts in arg1, moves to arg2).
+ */
+ arg2 = arg1;
}
arg1 = (uintptr_t)namep;
}
/* XXX == 0 ? */
return((kauth_cred_getuid(credential) == 0) ?
KAUTH_RESULT_ALLOW : KAUTH_RESULT_DENY);
- break;
}
/* no explicit result, so defer to others in the chain */
KAUTH_DEBUG(" ERROR - could not get parent directory ACL for inheritance");
return(error);
}
- if (VATTR_IS_SUPPORTED(&dva, va_acl)) {
+ if (VATTR_IS_SUPPORTED(&dva, va_acl))
inherit = dva.va_acl;
- /*
- * If there is an ACL on the parent directory, then
- * there are potentially inheritable ACE entries, but
- * if the flags on the directory ACL say not to
- * inherit, then we don't inherit. This allows for
- * per directory rerooting of the inheritable ACL
- * hierarchy.
- */
- if (inherit != NULL && inherit->acl_flags & KAUTH_ACL_NO_INHERIT) {
- kauth_acl_free(inherit);
- inherit = NULL;
- }
- }
}
/*
int
kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp)
{
- user_addr_t uaddr, known_bound;
int error;
kauth_filesec_t fsec;
u_int32_t count;
*
* The upper bound must be less than KAUTH_ACL_MAX_ENTRIES. The
* value here is fairly arbitrary. It's ok to have a zero count.
+ *
+ * Because we're just using these values to make a guess about the
+ * number of entries, the actual address doesn't matter, only their
+ * relative offsets into the page. We take advantage of this to
+ * avoid an overflow in the rounding step (this is a user-provided
+ * parameter, so caution pays off).
*/
- known_bound = xsecurity + KAUTH_FILESEC_SIZE(0);
- uaddr = mach_vm_round_page(known_bound);
- count = (uaddr - known_bound) / sizeof(struct kauth_ace);
+ {
+ user_addr_t known_bound = (xsecurity & PAGE_MASK) + KAUTH_FILESEC_SIZE(0);
+ user_addr_t uaddr = mach_vm_round_page(known_bound);
+ count = (uaddr - known_bound) / sizeof(struct kauth_ace);
+ }
if (count > 32)
count = 32;
restart:
projects / apple / xnu.git / blobdiff