@param cred Subject credential
Determine whether the subject identified by the credential can perform
- performance-related tasks using the CHUD system call.
+ performance-related tasks using the CHUD system call. This interface is
+ deprecated.
@return Return 0 if access is granted, otherwise an appropriate value for
errno should be returned.
*/
typedef int mpo_system_check_chud_t(
- kauth_cred_t cred
+ kauth_cred_t cred
);
/**
@brief Access control check for obtaining the host control port
struct proc *p
);
+/**
+ @brief Notification a process is finished with exec and will jump to userspace
+ @param p Object process
+
+ Notifies all MAC policies that a process has completed an exec and is about to
+ jump to userspace to continue execution. This may result in process termination
+ via signals. Hook is designed to hold no/minimal locks so it can be used for any
+ necessary upcalls.
+ */
+typedef void mpo_proc_notify_exec_complete_t(
+ struct proc *p
+);
+
/**
@brief Perform MAC-related events when a thread returns to user space
@param thread Mach (not BSD) thread that is returning
@brief Access control check after determining the code directory hash
@param vp vnode vnode to combine into proc
@param label label associated with the vnode
+ @param cpu_type cpu type of the signature being checked
@param cs_blob the code signature to check
@param cs_flags update code signing flags if needed
@param signer_type output parameter for the code signature's signer type
typedef int mpo_vnode_check_signature_t(
struct vnode *vp,
struct label *label,
+ cpu_type_t cpu_type,
struct cs_blob *cs_blob,
unsigned int *cs_flags,
unsigned int *signer_type,
struct vnode *vp,
struct label *label
);
+/**
+ @brief Access control check for vnode trigger resolution
+ @param cred Subject credential
+ @param dvp Object vnode
+ @param dlabel Policy label for dvp
+ @param cnp Component name that triggered resolution
+
+ Determine whether the subject identified by the credential can trigger
+ resolution of the passed name (cnp) in the passed directory vnode
+ via an external trigger resolver.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned. Suggested failure: EACCES for label mismatch or
+ EPERM for lack of privilege.
+*/
+typedef int mpo_vnode_check_trigger_resolve_t(
+ kauth_cred_t cred,
+ struct vnode *dvp,
+ struct label *dlabel,
+ struct componentname *cnp
+);
/**
@brief Access control check for truncate/ftruncate
@param active_cred Subject credential
kauth_cred_t cred
);
-/**
- @brief Access control check for getting NVRAM variables.
- @param cred Subject credential
- @param name NVRAM variable to get
-
- Determine whether the subject identifier by the credential can get the
- value of the named NVRAM variable.
-
- @return Return 0 if access is granted, otherwise an appropriate value for
- errno should be returned. Suggested failure: EPERM for lack of privilege.
-*/
-typedef int mpo_iokit_check_nvram_get_t(
- kauth_cred_t cred,
- const char *name
-);
-
-/**
- @brief Access control check for setting NVRAM variables.
- @param cred Subject credential
- @param name NVRAM variable to set
- @param value The new value for the NVRAM variable
-
- Determine whether the subject identifier by the credential can set the
- value of the named NVRAM variable.
-
- @return Return 0 if access is granted, otherwise an appropriate value for
- errno should be returned. Suggested failure: EPERM for lack of privilege.
-*/
-typedef int mpo_iokit_check_nvram_set_t(
- kauth_cred_t cred,
- const char *name,
- io_object_t value
-);
-
-/**
- @brief Access control check for deleting NVRAM variables.
- @param cred Subject credential
- @param name NVRAM variable to delete
-
- Determine whether the subject identifier by the credential can delete the
- named NVRAM variable.
-
- @return Return 0 if access is granted, otherwise an appropriate value for
- errno should be returned. Suggested failure: EPERM for lack of privilege.
-*/
-typedef int mpo_iokit_check_nvram_delete_t(
- kauth_cred_t cred,
- const char *name
-);
-
/*
* Placeholder for future events that may need mac hooks.
*/
* Please note that this should be kept in sync with the check assumptions
* policy in bsd/kern/policy_check.c (policy_ops struct).
*/
-#define MAC_POLICY_OPS_VERSION 52 /* inc when new reserved slots are taken */
+#define MAC_POLICY_OPS_VERSION 55 /* inc when new reserved slots are taken */
struct mac_policy_ops {
mpo_audit_check_postselect_t *mpo_audit_check_postselect;
mpo_audit_check_preselect_t *mpo_audit_check_preselect;
mpo_proc_check_inherit_ipc_ports_t *mpo_proc_check_inherit_ipc_ports;
mpo_vnode_check_rename_t *mpo_vnode_check_rename;
mpo_kext_check_query_t *mpo_kext_check_query;
- mpo_iokit_check_nvram_get_t *mpo_iokit_check_nvram_get;
- mpo_iokit_check_nvram_set_t *mpo_iokit_check_nvram_set;
- mpo_iokit_check_nvram_delete_t *mpo_iokit_check_nvram_delete;
+ mpo_proc_notify_exec_complete_t *mpo_proc_notify_exec_complete;
+ mpo_reserved_hook_t *mpo_reserved5;
+ mpo_reserved_hook_t *mpo_reserved6;
mpo_proc_check_expose_task_t *mpo_proc_check_expose_task;
mpo_proc_check_set_host_special_port_t *mpo_proc_check_set_host_special_port;
mpo_proc_check_set_host_exception_port_t *mpo_proc_check_set_host_exception_port;
mpo_exc_action_label_init_t *mpo_exc_action_label_init;
mpo_exc_action_label_update_t *mpo_exc_action_label_update;
+ mpo_vnode_check_trigger_resolve_t *mpo_vnode_check_trigger_resolve;
mpo_reserved_hook_t *mpo_reserved1;
mpo_reserved_hook_t *mpo_reserved2;
mpo_reserved_hook_t *mpo_reserved3;
- mpo_reserved_hook_t *mpo_reserved4;
mpo_skywalk_flow_check_connect_t *mpo_skywalk_flow_check_connect;
mpo_skywalk_flow_check_listen_t *mpo_skywalk_flow_check_listen;
projects / apple / xnu.git / blobdiff