/*
- * Copyright (c) 2007-2008 Apple Inc. All rights reserved.
+ * Copyright (c) 2007-2010 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
#ifndef _SECURITY_MAC_POLICY_H_
#define _SECURITY_MAC_POLICY_H_
+#ifndef PRIVATE
+#warning "MAC policy is not KPI, see Technical Q&A QA1574, this header will be removed in next version"
+#endif
+
#include <security/_label.h>
struct attrlist;
struct mac_policy_conf;
struct mbuf;
struct mount;
+struct msg;
+struct msqid_kernel;
struct pipe;
struct pseminfo;
struct pshminfo;
struct sbuf;
struct semid_kernel;
struct shmid_kernel;
+struct socket;
+struct sockopt;
struct task;
struct thread;
+struct tty;
struct ucred;
+struct vfs_attr;
struct vnode;
/** @struct dummy */
typedef struct ucred *kauth_cred_t;
#endif /* !_KAUTH_CRED_T */
+#ifndef __IOKIT_PORTS_DEFINED__
+#define __IOKIT_PORTS_DEFINED__
+#ifdef __cplusplus
+class OSObject;
+typedef OSObject *io_object_t;
+#else
+struct OSObject;
+typedef struct OSObject *io_object_t;
+#endif
+#endif /* __IOKIT_PORTS_DEFINED__ */
/*-
* MAC entry points are generally named using the following template:
@param scriptvnodelabel Script vnode label
@param execlabel Userspace provided execution label
@param proc Object process
+ @param macpolicyattr MAC policy-specific spawn attribute data
+ @param macpolicyattrlen Length of policy-specific spawn attribute data
@see mac_execve
@see mpo_cred_label_update_execve_t
@see mpo_vnode_check_exec_t
typedef int mpo_cred_check_label_update_execve_t(
kauth_cred_t old,
struct vnode *vp,
+ struct vnode *scriptvp,
struct label *vnodelabel,
struct label *scriptvnodelabel,
struct label *execlabel,
- struct proc *proc
+ struct proc *p,
+ void *macpolicyattr,
+ size_t macpolicyattrlen
);
/**
@brief Access control check for relabelling processes
@brief Update credential at exec time
@param old_cred Existing subject credential
@param new_cred New subject credential to be labeled
+ @param p Object process.
@param vp File being executed
@param vnodelabel Label corresponding to vp
@param scriptvnodelabel Script vnode label
@param execlabel Userspace provided execution label
+ @param macpolicyattr MAC policy-specific spawn attribute data.
+ @param macpolicyattrlen Length of policy-specific spawn attribute data.
@see mac_execve
@see mpo_cred_check_label_update_execve_t
@see mpo_vnode_check_exec_t
typedef void mpo_cred_label_update_execve_t(
kauth_cred_t old_cred,
kauth_cred_t new_cred,
+ struct proc *p,
struct vnode *vp,
+ struct vnode *scriptvp,
struct label *vnodelabel,
struct label *scriptvnodelabel,
struct label *execlabel,
+ void *macpolicyattr,
+ size_t macpolicyattrlen,
int *disjointp
);
/**
char *devtype,
struct mac_module_data *mdata
);
+/**
+ @brief Access control check for opening an I/O Kit device
+ @param cred Subject credential
+ @param device_path Device path
+ @param user_client User client instance
+ @param user_client_type User client type
+
+ Determine whether the subject identified by the credential can open an
+ I/O Kit device at the passed path of the passed user client class and
+ type.
+
+ @return Return 0 if access is granted, or an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_iokit_check_open_t(
+ kauth_cred_t cred,
+ io_object_t user_client,
+ unsigned int user_client_type
+);
+/**
+ @brief Access control check for setting I/O Kit device properties
+ @param cred Subject credential
+ @param registry_entry Target device
+ @param properties Property list
+
+ Determine whether the subject identified by the credential can set
+ properties on an I/O Kit device.
+
+ @return Return 0 if access is granted, or an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_iokit_check_set_properties_t(
+ kauth_cred_t cred,
+ io_object_t entry,
+ io_object_t properties
+);
+/**
+ @brief Access control check for software HID control
+ @param cred Subject credential
+
+ Determine whether the subject identified by the credential can
+ control the HID (Human Interface Device) subsystem, such as to
+ post synthetic keypresses, pointer movement and clicks.
+
+ @return Return 0 if access is granted, or an appropriate value for
+ errno.
+*/
+typedef int mpo_iokit_check_hid_control_t(
+ kauth_cred_t cred
+);
/**
@brief Create an IP reassembly queue label
@param fragment First received IP fragment
@param cred Subject credential
@param ps Pointer to shared memory information structure
@param shmlabel Label associated with the shared memory region
+ @param fflags shm_open(2) open flags ('fflags' encoded)
Determine whether the subject identified by the credential can open
the POSIX shared memory region.
typedef int mpo_posixshm_check_open_t(
kauth_cred_t cred,
struct pshminfo *ps,
- struct label *shmlabel
+ struct label *shmlabel,
+ int fflags
);
/**
@brief Access control check for POSIX shared memory stat
kauth_cred_t cred,
struct pshminfo *ps,
struct label *shmlabel,
- size_t len
+ off_t len
);
/**
@brief Access control check for POSIX shared memory unlink
typedef void mpo_posixshm_label_init_t(
struct label *label
);
+/**
+ @brief Access control check for privileged operations
+ @param cred Subject credential
+ @param priv Requested privilege (see sys/priv.h)
+
+ Determine whether the subject identified by the credential can perform
+ a privileged operation. Privileged operations are allowed if the cred
+ is the superuser or any policy returns zero for mpo_priv_grant, unless
+ any policy returns nonzero for mpo_priv_check.
+
+ @return Return 0 if access is granted, otherwise EPERM should be returned.
+*/
+typedef int mpo_priv_check_t(
+ kauth_cred_t cred,
+ int priv
+);
+/**
+ @brief Grant regular users the ability to perform privileged operations
+ @param cred Subject credential
+ @param priv Requested privilege (see sys/priv.h)
+
+ Determine whether the subject identified by the credential should be
+ allowed to perform a privileged operation that in the absense of any
+ MAC policy it would not be able to perform. Privileged operations are
+ allowed if the cred is the superuser or any policy returns zero for
+ mpo_priv_grant, unless any policy returns nonzero for mpo_priv_check.
+
+ Unlike other MAC hooks which can only reduce the privilege of a
+ credential, this hook raises the privilege of a credential when it
+ returns 0. Extreme care must be taken when implementing this hook to
+ avoid undermining the security of the system.
+
+ @return Return 0 if additional privilege is granted, otherwise EPERM
+ should be returned.
+*/
+typedef int mpo_priv_grant_t(
+ kauth_cred_t cred,
+ int priv
+);
/**
@brief Access control check for debugging process
@param cred Subject credential
kauth_cred_t cred,
struct proc *proc
);
+/**
+ @brief Access control over pid_suspend and pid_resume
+ @param cred Subject credential
+ @param proc Subject process trying to run pid_suspend or pid_resume
+ @param sr Call is suspend (0) or resume (1)
+
+ Determine whether the subject identified is allowed to suspend or resume
+ other processes.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_proc_check_suspend_resume_t(
+ kauth_cred_t cred,
+ struct proc *proc,
+ int sr
+);
/**
@brief Access control check for retrieving audit information
@param cred Subject credential
struct proc *p,
pid_t pid
);
+/**
+ @brief Access control check for retrieving ledger information
+ @param cred Subject credential
+ @param target Object process
+ @param op ledger operation
+
+ Determine if ledger(2) system call is permitted.
+
+ Information returned by this system call is similar to that returned via
+ process listings etc.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_proc_check_ledger_t(
+ kauth_cred_t cred,
+ struct proc *target,
+ int op
+);
+/**
+ @brief Access control check for escaping default CPU usage monitor parameters.
+ @param cred Subject credential
+
+ Determine if a credential has permission to program CPU usage monitor parameters
+ that are less restrictive than the global system-wide defaults.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_proc_check_cpumon_t(
+ kauth_cred_t cred
+);
+/**
+ @brief Access control check for retrieving process information.
+ @param cred Subject credential
+ @param target Target process (may be null, may be zombie)
+
+ Determine if a credential has permission to access process information as defined
+ by call number and flavor on target process
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_proc_check_proc_info_t(
+ kauth_cred_t cred,
+ struct proc *target,
+ int callnum,
+ int flavor
+);
+/**
+ @brief Access control check for mmap MAP_ANON
+ @param proc User process requesting the memory
+ @param cred Subject credential
+ @param u_addr Start address of the memory range
+ @param u_size Length address of the memory range
+ @param prot mmap protections; see mmap(2)
+ @param flags Type of mapped object; see mmap(2)
+ @param maxprot Maximum rights
+
+ Determine whether the subject identified by the credential should be
+ allowed to obtain anonymous memory using the specified flags and
+ protections on the new mapping. MAP_ANON will always be present in the
+ flags. Certain combinations of flags with a non-NULL addr may
+ cause a mapping to be rejected before this hook is called. The maxprot field
+ holds the maximum permissions on the new mapping, a combination of
+ VM_PROT_READ, VM_PROT_WRITE and VM_PROT_EXECUTE. To avoid overriding prior
+ access control checks, a policy should only remove flags from maxprot.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned. Suggested failure: EPERM for lack of privilege.
+*/
+typedef int mpo_proc_check_map_anon_t(
+ struct proc *proc,
+ kauth_cred_t cred,
+ user_addr_t u_addr,
+ user_size_t u_size,
+ int prot,
+ int flags,
+ int *maxprot
+);
/**
@brief Access control check for setting memory protections
@param cred Subject credential
kauth_cred_t cred,
int cmd
);
+/**
+ @brief Access control check for using CHUD facilities
+ @param cred Subject credential
+
+ Determine whether the subject identified by the credential can perform
+ performance-related tasks using the CHUD system call.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_system_check_chud_t(
+ kauth_cred_t cred
+);
/**
@brief Access control check for obtaining the host control port
@param cred Subject credential
typedef int mpo_system_check_host_priv_t(
kauth_cred_t cred
);
+/**
+ @brief Access control check for obtaining system information
+ @param cred Subject credential
+ @param info_type A description of the information requested
+
+ Determine whether the subject identified by the credential should be
+ allowed to obtain information about the system.
+
+ This is a generic hook that can be used in a variety of situations where
+ information is being returned that might be considered sensitive.
+ Rather than adding a new MAC hook for every such interface, this hook can
+ be called with a string identifying the type of information requested.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_system_check_info_t(
+ kauth_cred_t cred,
+ const char *info_type
+);
/**
@brief Access control check for calling NFS services
@param cred Subject credential
user_addr_t newvalue, /* NULLOK */
size_t newlen
);
+/**
+ @brief Access control check for kas_info
+ @param cred Subject credential
+ @param selector Category of information to return. See kas_info.h
+
+ Determine whether the subject identified by the credential can perform
+ introspection of the kernel address space layout for
+ debugging/performance analysis.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_system_check_kas_info_t(
+ kauth_cred_t cred,
+ int selector
+);
/**
@brief Create a System V message label
@param cred Subject credential
);
/**
@brief Perform MAC-related events when a thread returns to user space
- @param code The number of the syscall/trap that has finished
- @param error The error code that will be returned to user space
@param thread Mach (not BSD) thread that is returning
This entry point permits policy modules to perform MAC-related
events when a thread returns to user space, via a system call
- return, trap return, or otherwise.
+ return or trap return.
*/
typedef void mpo_thread_userret_t(
- int code,
- int error,
struct thread *thread
);
+/**
+ @brief Initialize per thread label
+ @param label New label to initialize
+
+ Initialize the label for a newly instantiated thread.
+ Sleeping is permitted.
+*/
+typedef void mpo_thread_label_init_t(
+ struct label *label
+);
+/**
+ @brief Destroy thread label
+ @param label The label to be destroyed
+
+ Destroy a user thread label. Since the user thread
+ is going out of scope, policy modules should free any internal
+ storage associated with the label so that it may be destroyed.
+*/
+typedef void mpo_thread_label_destroy_t(
+ struct label *label
+);
/**
@brief Check vnode access
@param cred Subject credential
@param label Policy label for vp
@param execlabel Userspace provided execution label
@param cnp Component name for file being executed
+ @param macpolicyattr MAC policy-specific spawn attribute data.
+ @param macpolicyattrlen Length of policy-specific spawn attribute data.
Determine whether the subject identified by the credential can execute
the passed vnode. Determination of execute privilege is made separately
struct label *label,
struct label *execlabel, /* NULLOK */
struct componentname *cnp,
- u_int *csflags
+ u_int *csflags,
+ void *macpolicyattr,
+ size_t macpolicyattrlen
+);
+/**
+ @brief Access control check for fsgetpath
+ @param cred Subject credential
+ @param vp Vnode for which a path will be returned
+ @param label Label associated with the vnode
+
+ Determine whether the subject identified by the credential can get the path
+ of the given vnode with fsgetpath.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_vnode_check_fsgetpath_t(
+ kauth_cred_t cred,
+ struct vnode *vp,
+ struct label *label
);
/**
@brief Access control check after determining the code directory hash
*/
typedef int mpo_vnode_check_signature_t(struct vnode *vp, struct label *label,
- unsigned char *sha1, void *signature,
+ off_t macho_offset, unsigned char *sha1, void *signature,
int size);
/**
struct vnode *vp,
struct label *label
);
+/**
+ @brief Access control check for searchfs
+ @param cred Subject credential
+ @param vp Object vnode
+ @param vlabel Policy label for vp
+ @param alist List of attributes used as search criteria
+
+ Determine whether the subject identified by the credential can search the
+ vnode using the searchfs system call.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned.
+*/
+typedef int mpo_vnode_check_searchfs_t(
+ kauth_cred_t cred,
+ struct vnode *vp,
+ struct label *vlabel,
+ struct attrlist *alist
+);
/**
@brief Access control check for select
@param cred Subject credential
struct label *vnodelabel,
struct label *label
);
+/**
+ @brief Find deatched signatures for a shared library
+ @param p file trying to find the signature
+ @param vp The vnode to relabel
+ @param offset offset in the macho that the signature is requested for (for fat binaries)
+ @param label Existing vnode label
+
+*/
+typedef int mpo_vnode_find_sigs_t(
+ struct proc *p,
+ struct vnode *vp,
+ off_t offset,
+ struct label *label
+);
/**
@brief Create a new vnode, backed by extended attributes
@param cred User credential for the creating process
struct componentname *cnp
);
+/**
+ @brief Inform MAC policies that a vnode has been opened
+ @param cred User credential for the creating process
+ @param vp vnode opened
+ @param label Policy label for the vp
+ @param acc_mode open(2) access mode used
+
+ Inform Mac policies that a vnode have been successfully opened
+ (passing all MAC polices and DAC).
+*/
+typedef void mpo_vnode_notify_open_t(
+ kauth_cred_t cred,
+ struct vnode *vp,
+ struct label *label,
+ int acc_mode
+);
+
+/**
+ @brief Inform MAC policies that a vnode has been renamed
+ @param cred User credential for the renaming process
+ @param vp Vnode that's being renamed
+ @param label Policy label for vp
+ @param dvp Parent directory for the destination
+ @param dlabel Policy label for dvp
+ @param cnp Component name for the destination
+
+ Inform MAC policies that a vnode has been renamed.
+ */
+typedef void mpo_vnode_notify_rename_t(
+ kauth_cred_t cred,
+ struct vnode *vp,
+ struct label *label,
+ struct vnode *dvp,
+ struct label *dlabel,
+ struct componentname *cnp
+);
+
+/**
+ @brief Inform MAC policies that a vnode has been linked
+ @param cred User credential for the renaming process
+ @param dvp Parent directory for the destination
+ @param dlabel Policy label for dvp
+ @param vp Vnode that's being linked
+ @param vlabel Policy label for vp
+ @param cnp Component name for the destination
+
+ Inform MAC policies that a vnode has been linked.
+ */
+typedef void mpo_vnode_notify_link_t(
+ kauth_cred_t cred,
+ struct vnode *dvp,
+ struct label *dlabel,
+ struct vnode *vp,
+ struct label *vlabel,
+ struct componentname *cnp
+);
+
+/**
+ @brief Inform MAC policies that a pty slave has been granted
+ @param p Responsible process
+ @param tp tty data structure
+ @param dev Major and minor numbers of device
+ @param label Policy label for tp
+
+ Inform MAC policies that a pty slave has been granted.
+*/
+typedef void mpo_pty_notify_grant_t(
+ proc_t p,
+ struct tty *tp,
+ dev_t dev,
+ struct label *label
+);
+
+/**
+ @brief Inform MAC policies that a pty master has been closed
+ @param p Responsible process
+ @param tp tty data structure
+ @param dev Major and minor numbers of device
+ @param label Policy label for tp
+
+ Inform MAC policies that a pty master has been closed.
+*/
+typedef void mpo_pty_notify_close_t(
+ proc_t p,
+ struct tty *tp,
+ dev_t dev,
+ struct label *label
+);
+
+/**
+ @brief Access control check for kext loading
+ @param cred Subject credential
+ @param identifier Kext identifier
+
+ Determine whether the subject identified by the credential can load the
+ specified kext.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned. Suggested failure: EPERM for lack of privilege.
+*/
+typedef int mpo_kext_check_load_t(
+ kauth_cred_t cred,
+ const char *identifier
+);
+
+/**
+ @brief Access control check for kext unloading
+ @param cred Subject credential
+ @param identifier Kext identifier
+
+ Determine whether the subject identified by the credential can unload the
+ specified kext.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned. Suggested failure: EPERM for lack of privilege.
+*/
+typedef int mpo_kext_check_unload_t(
+ kauth_cred_t cred,
+ const char *identifier
+);
+
/*
* Placeholder for future events that may need mac hooks.
*/
typedef void mpo_reserved_hook_t(void);
-/*!
- \struct mac_policy_ops
-*/
+/*
+ * Policy module operations.
+ *
+ * Please note that this should be kept in sync with the check assumptions
+ * policy in bsd/kern/policy_check.c (policy_ops struct).
+ */
+#define MAC_POLICY_OPS_VERSION 24 /* inc when new reserved slots are taken */
struct mac_policy_ops {
mpo_audit_check_postselect_t *mpo_audit_check_postselect;
mpo_audit_check_preselect_t *mpo_audit_check_preselect;
+
mpo_bpfdesc_label_associate_t *mpo_bpfdesc_label_associate;
mpo_bpfdesc_label_destroy_t *mpo_bpfdesc_label_destroy;
mpo_bpfdesc_label_init_t *mpo_bpfdesc_label_init;
mpo_bpfdesc_check_receive_t *mpo_bpfdesc_check_receive;
+
mpo_cred_check_label_update_execve_t *mpo_cred_check_label_update_execve;
mpo_cred_check_label_update_t *mpo_cred_check_label_update;
mpo_cred_check_visible_t *mpo_cred_check_visible;
mpo_cred_label_internalize_t *mpo_cred_label_internalize;
mpo_cred_label_update_execve_t *mpo_cred_label_update_execve;
mpo_cred_label_update_t *mpo_cred_label_update;
+
mpo_devfs_label_associate_device_t *mpo_devfs_label_associate_device;
mpo_devfs_label_associate_directory_t *mpo_devfs_label_associate_directory;
mpo_devfs_label_copy_t *mpo_devfs_label_copy;
mpo_devfs_label_destroy_t *mpo_devfs_label_destroy;
mpo_devfs_label_init_t *mpo_devfs_label_init;
mpo_devfs_label_update_t *mpo_devfs_label_update;
+
mpo_file_check_change_offset_t *mpo_file_check_change_offset;
mpo_file_check_create_t *mpo_file_check_create;
mpo_file_check_dup_t *mpo_file_check_dup;
mpo_file_label_init_t *mpo_file_label_init;
mpo_file_label_destroy_t *mpo_file_label_destroy;
mpo_file_label_associate_t *mpo_file_label_associate;
+
mpo_ifnet_check_label_update_t *mpo_ifnet_check_label_update;
mpo_ifnet_check_transmit_t *mpo_ifnet_check_transmit;
mpo_ifnet_label_associate_t *mpo_ifnet_label_associate;
mpo_ifnet_label_internalize_t *mpo_ifnet_label_internalize;
mpo_ifnet_label_update_t *mpo_ifnet_label_update;
mpo_ifnet_label_recycle_t *mpo_ifnet_label_recycle;
+
mpo_inpcb_check_deliver_t *mpo_inpcb_check_deliver;
mpo_inpcb_label_associate_t *mpo_inpcb_label_associate;
mpo_inpcb_label_destroy_t *mpo_inpcb_label_destroy;
mpo_inpcb_label_init_t *mpo_inpcb_label_init;
mpo_inpcb_label_recycle_t *mpo_inpcb_label_recycle;
mpo_inpcb_label_update_t *mpo_inpcb_label_update;
+
mpo_iokit_check_device_t *mpo_iokit_check_device;
+
mpo_ipq_label_associate_t *mpo_ipq_label_associate;
mpo_ipq_label_compare_t *mpo_ipq_label_compare;
mpo_ipq_label_destroy_t *mpo_ipq_label_destroy;
mpo_ipq_label_init_t *mpo_ipq_label_init;
mpo_ipq_label_update_t *mpo_ipq_label_update;
+
mpo_lctx_check_label_update_t *mpo_lctx_check_label_update;
mpo_lctx_label_destroy_t *mpo_lctx_label_destroy;
mpo_lctx_label_externalize_t *mpo_lctx_label_externalize;
mpo_lctx_notify_create_t *mpo_lctx_notify_create;
mpo_lctx_notify_join_t *mpo_lctx_notify_join;
mpo_lctx_notify_leave_t *mpo_lctx_notify_leave;
+
mpo_mbuf_label_associate_bpfdesc_t *mpo_mbuf_label_associate_bpfdesc;
mpo_mbuf_label_associate_ifnet_t *mpo_mbuf_label_associate_ifnet;
mpo_mbuf_label_associate_inpcb_t *mpo_mbuf_label_associate_inpcb;
mpo_mbuf_label_copy_t *mpo_mbuf_label_copy;
mpo_mbuf_label_destroy_t *mpo_mbuf_label_destroy;
mpo_mbuf_label_init_t *mpo_mbuf_label_init;
+
mpo_mount_check_fsctl_t *mpo_mount_check_fsctl;
mpo_mount_check_getattr_t *mpo_mount_check_getattr;
mpo_mount_check_label_update_t *mpo_mount_check_label_update;
mpo_mount_label_externalize_t *mpo_mount_label_externalize;
mpo_mount_label_init_t *mpo_mount_label_init;
mpo_mount_label_internalize_t *mpo_mount_label_internalize;
+
mpo_netinet_fragment_t *mpo_netinet_fragment;
mpo_netinet_icmp_reply_t *mpo_netinet_icmp_reply;
mpo_netinet_tcp_reply_t *mpo_netinet_tcp_reply;
+
mpo_pipe_check_ioctl_t *mpo_pipe_check_ioctl;
mpo_pipe_check_kqfilter_t *mpo_pipe_check_kqfilter;
mpo_pipe_check_label_update_t *mpo_pipe_check_label_update;
mpo_pipe_label_init_t *mpo_pipe_label_init;
mpo_pipe_label_internalize_t *mpo_pipe_label_internalize;
mpo_pipe_label_update_t *mpo_pipe_label_update;
+
mpo_policy_destroy_t *mpo_policy_destroy;
mpo_policy_init_t *mpo_policy_init;
mpo_policy_initbsd_t *mpo_policy_initbsd;
mpo_policy_syscall_t *mpo_policy_syscall;
+
mpo_port_check_copy_send_t *mpo_port_check_copy_send;
mpo_port_check_hold_receive_t *mpo_port_check_hold_receive;
mpo_port_check_hold_send_once_t *mpo_port_check_hold_send_once;
mpo_port_label_init_t *mpo_port_label_init;
mpo_port_label_update_cred_t *mpo_port_label_update_cred;
mpo_port_label_update_kobject_t *mpo_port_label_update_kobject;
+
mpo_posixsem_check_create_t *mpo_posixsem_check_create;
mpo_posixsem_check_open_t *mpo_posixsem_check_open;
mpo_posixsem_check_post_t *mpo_posixsem_check_post;
mpo_posixshm_label_associate_t *mpo_posixshm_label_associate;
mpo_posixshm_label_destroy_t *mpo_posixshm_label_destroy;
mpo_posixshm_label_init_t *mpo_posixshm_label_init;
+
mpo_proc_check_debug_t *mpo_proc_check_debug;
mpo_proc_check_fork_t *mpo_proc_check_fork;
mpo_proc_check_get_task_name_t *mpo_proc_check_get_task_name;
mpo_proc_check_wait_t *mpo_proc_check_wait;
mpo_proc_label_destroy_t *mpo_proc_label_destroy;
mpo_proc_label_init_t *mpo_proc_label_init;
+
mpo_socket_check_accept_t *mpo_socket_check_accept;
mpo_socket_check_accepted_t *mpo_socket_check_accepted;
mpo_socket_check_bind_t *mpo_socket_check_bind;
mpo_socket_label_init_t *mpo_socket_label_init;
mpo_socket_label_internalize_t *mpo_socket_label_internalize;
mpo_socket_label_update_t *mpo_socket_label_update;
+
mpo_socketpeer_label_associate_mbuf_t *mpo_socketpeer_label_associate_mbuf;
mpo_socketpeer_label_associate_socket_t *mpo_socketpeer_label_associate_socket;
mpo_socketpeer_label_destroy_t *mpo_socketpeer_label_destroy;
mpo_socketpeer_label_externalize_t *mpo_socketpeer_label_externalize;
mpo_socketpeer_label_init_t *mpo_socketpeer_label_init;
+
mpo_system_check_acct_t *mpo_system_check_acct;
mpo_system_check_audit_t *mpo_system_check_audit;
mpo_system_check_auditctl_t *mpo_system_check_auditctl;
mpo_system_check_swapoff_t *mpo_system_check_swapoff;
mpo_system_check_swapon_t *mpo_system_check_swapon;
mpo_system_check_sysctl_t *mpo_system_check_sysctl;
+
mpo_sysvmsg_label_associate_t *mpo_sysvmsg_label_associate;
mpo_sysvmsg_label_destroy_t *mpo_sysvmsg_label_destroy;
mpo_sysvmsg_label_init_t *mpo_sysvmsg_label_init;
mpo_sysvshm_label_destroy_t *mpo_sysvshm_label_destroy;
mpo_sysvshm_label_init_t *mpo_sysvshm_label_init;
mpo_sysvshm_label_recycle_t *mpo_sysvshm_label_recycle;
+
mpo_task_label_associate_kernel_t *mpo_task_label_associate_kernel;
mpo_task_label_associate_t *mpo_task_label_associate;
mpo_task_label_copy_t *mpo_task_label_copy;
mpo_task_label_init_t *mpo_task_label_init;
mpo_task_label_internalize_t *mpo_task_label_internalize;
mpo_task_label_update_t *mpo_task_label_update;
- mpo_thread_userret_t *mpo_thread_userret;
+
+ mpo_iokit_check_hid_control_t *mpo_iokit_check_hid_control;
+
mpo_vnode_check_access_t *mpo_vnode_check_access;
mpo_vnode_check_chdir_t *mpo_vnode_check_chdir;
mpo_vnode_check_chroot_t *mpo_vnode_check_chroot;
mpo_vnode_check_signature_t *mpo_vnode_check_signature;
mpo_vnode_check_uipc_bind_t *mpo_vnode_check_uipc_bind;
mpo_vnode_check_uipc_connect_t *mpo_vnode_check_uipc_connect;
+
mac_proc_check_run_cs_invalid_t *mpo_proc_check_run_cs_invalid;
- mpo_reserved_hook_t *mpo_reserved4;
- mpo_reserved_hook_t *mpo_reserved5;
- mpo_reserved_hook_t *mpo_reserved6;
- mpo_reserved_hook_t *mpo_reserved7;
- mpo_reserved_hook_t *mpo_reserved8;
- mpo_reserved_hook_t *mpo_reserved9;
+ mpo_proc_check_suspend_resume_t *mpo_proc_check_suspend_resume;
+
+ mpo_thread_userret_t *mpo_thread_userret;
+
+ mpo_iokit_check_set_properties_t *mpo_iokit_check_set_properties;
+
+ mpo_system_check_chud_t *mpo_system_check_chud;
+
+ mpo_vnode_check_searchfs_t *mpo_vnode_check_searchfs;
+
+ mpo_priv_check_t *mpo_priv_check;
+ mpo_priv_grant_t *mpo_priv_grant;
+
+ mpo_proc_check_map_anon_t *mpo_proc_check_map_anon;
+
+ mpo_vnode_check_fsgetpath_t *mpo_vnode_check_fsgetpath;
+
+ mpo_iokit_check_open_t *mpo_iokit_check_open;
+
+ mpo_proc_check_ledger_t *mpo_proc_check_ledger;
+
+ mpo_vnode_notify_rename_t *mpo_vnode_notify_rename;
+
+ mpo_thread_label_init_t *mpo_thread_label_init;
+ mpo_thread_label_destroy_t *mpo_thread_label_destroy;
+
+ mpo_system_check_kas_info_t *mpo_system_check_kas_info;
+
+ mpo_proc_check_cpumon_t *mpo_proc_check_cpumon;
+
+ mpo_vnode_notify_open_t *mpo_vnode_notify_open;
+
+ mpo_system_check_info_t *mpo_system_check_info;
+
+ mpo_pty_notify_grant_t *mpo_pty_notify_grant;
+ mpo_pty_notify_close_t *mpo_pty_notify_close;
+
+ mpo_vnode_find_sigs_t *mpo_vnode_find_sigs;
+
+ mpo_kext_check_load_t *mpo_kext_check_load;
+ mpo_kext_check_unload_t *mpo_kext_check_unload;
+
+ mpo_proc_check_proc_info_t *mpo_proc_check_proc_info;
+ mpo_vnode_notify_link_t *mpo_vnode_notify_link;
+ mpo_reserved_hook_t *mpo_reserved28;
+ mpo_reserved_hook_t *mpo_reserved29;
};
/**
projects / apple / xnu.git / blobdiff