xnu-517.tar.gz

[apple/xnu.git] / osfmk / mach / message.h

diff --git a/osfmk/mach/message.h b/osfmk/mach/message.h
index 75d3531deb3a3b995b31377bfd04676eb54df1a8..8310905e681a5baf4f9500340554d0f751a27fcc 100644 (file)
--- a/osfmk/mach/message.h
+++ b/osfmk/mach/message.h
@@ -306,15 +306,50 @@ typedef struct
   security_token_t             msgh_sender;
 } mach_msg_security_trailer_t;
 
-typedef mach_msg_security_trailer_t mach_msg_format_0_trailer_t;
+typedef struct
+{
+  unsigned int                 val[8];
+} audit_token_t;
+
+typedef struct 
+{
+  mach_msg_trailer_type_t      msgh_trailer_type;
+  mach_msg_trailer_size_t      msgh_trailer_size;
+  mach_port_seqno_t            msgh_seqno;
+  security_token_t             msgh_sender;
+  audit_token_t                        msgh_audit;
+} mach_msg_audit_trailer_t;
 
-#define MACH_MSG_TRAILER_FORMAT_0_SIZE sizeof(mach_msg_format_0_trailer_t)
 #define MACH_MSG_TRAILER_MINIMUM_SIZE  sizeof(mach_msg_trailer_t)
-#define MAX_TRAILER_SIZE              MACH_MSG_TRAILER_FORMAT_0_SIZE   
+
+/*
+ * These values can change from release to release - but clearly
+ * code cannot request additional trailer elements one was not
+ * compiled to understand.  Therefore, it is safe to use this
+ * constant when the same module specified the receive options.
+ * Otherwise, you run the risk that the options requested by
+ * another module may exceed the local modules notion of
+ * MAX_TRAILER_SIZE.
+ */
+typedef mach_msg_audit_trailer_t mach_msg_max_trailer_t;
+#define MAX_TRAILER_SIZE sizeof(mach_msg_max_trailer_t)
+
+/*
+ * Legacy requirements keep us from ever updating these defines (even
+ * when the format_0 trailers gain new option data fields in the future).
+ * Therefore, they shouldn't be used going forward.  Instead, the sizes
+ * should be compared against the specific element size requested using
+ * REQUESTED_TRAILER_SIZE.
+ */
+typedef mach_msg_security_trailer_t mach_msg_format_0_trailer_t;
+#define MACH_MSG_TRAILER_FORMAT_0_SIZE sizeof(mach_msg_format_0_trailer_t)
 
 #define   KERNEL_SECURITY_TOKEN_VALUE  { {0, 1} }
 extern security_token_t KERNEL_SECURITY_TOKEN;
 
+#define   KERNEL_AUDIT_TOKEN_VALUE  { {0, 0, 0, 0, 0, 0, 0, 0} }
+extern audit_token_t KERNEL_AUDIT_TOKEN;
+
 typedef        integer_t mach_msg_options_t;
 
 typedef struct
@@ -451,6 +486,7 @@ typedef integer_t mach_msg_option_t;
 #define MACH_RCV_TRAILER_NULL   0
 #define MACH_RCV_TRAILER_SEQNO  1
 #define MACH_RCV_TRAILER_SENDER 2
+#define MACH_RCV_TRAILER_AUDIT  3
 
 #define MACH_RCV_TRAILER_TYPE(x)     (((x) & 0xf) << 28) 
 #define MACH_RCV_TRAILER_ELEMENTS(x) (((x) & 0xf) << 24)  
@@ -463,7 +499,9 @@ typedef integer_t mach_msg_option_t;
          sizeof(mach_msg_trailer_t) :                          \
          ((GET_RCV_ELEMENTS(y) == MACH_RCV_TRAILER_SEQNO) ?    \
           sizeof(mach_msg_seqno_trailer_t) :                   \
-          sizeof(mach_msg_security_trailer_t))))
+         ((GET_RCV_ELEMENTS(y) == MACH_RCV_TRAILER_SENDER) ?   \
+          sizeof(mach_msg_security_trailer_t) :                \
+          sizeof(mach_msg_audit_trailer_t)))))
 /*
  *  Much code assumes that mach_msg_return_t == kern_return_t.
  *  This definition is useful for descriptive purposes.