#include <sys/kauth.h>
#include <sys/codesign.h>
#include <sys/kernel_types.h>
+#include <sys/ubc.h>
#include <kern/kalloc.h>
#include <kern/task.h>
#include <kern/assert.h>
#include <vm/vm_protos.h>
#include <vm/vm_map.h> /* vm_map_switch_protect() */
#include <mach/task.h>
+#include <mach/message.h>
#if CONFIG_MACF
#include <security/mac_framework.h>
static void lctxinit(void);
#endif
+int cs_debug; /* declared further down in this file */
+
#if DEBUG
#define __PROC_INTERNAL_DEBUG 1
#endif
void proc_name_kdp(task_t t, char * buf, int size);
char *proc_name_address(void *p);
-static proc_t proc_refinternal_locked(proc_t p);
static void pgrp_add(struct pgrp * pgrp, proc_t parent, proc_t child);
static void pgrp_remove(proc_t p);
static void pgrp_replace(proc_t p, struct pgrp *pgrp);
static void pgdelete_dropref(struct pgrp *pgrp);
-static proc_t proc_find_zombref(int pid);
-static void proc_drop_zombref(proc_t p);
extern void pg_rele_dropref(struct pgrp * pgrp);
+static int csops_internal(pid_t pid, int ops, user_addr_t uaddr, user_size_t usersize, user_addr_t uaddittoken);
struct fixjob_iterargs {
struct pgrp * pg;
}
p = pfind_locked(pid);
- if ((p == PROC_NULL) || (p != proc_refinternal_locked(p)))
+ if ((p == PROC_NULL) || (p != proc_ref_locked(p)))
p = PROC_NULL;
if (locked == 0) {
return(p);
}
+proc_t
+proc_findthread(thread_t thread)
+{
+ proc_t p = PROC_NULL;
+ struct uthread *uth;
+
+ proc_list_lock();
+ uth = get_bsdthread_info(thread);
+ if (uth && (uth->uu_flag & UT_VFORK))
+ p = uth->uu_proc;
+ else
+ p = (proc_t)(get_bsdthreadtask_info(thread));
+ p = proc_ref_locked(p);
+ proc_list_unlock();
+ return(p);
+}
+
int
proc_rele(proc_t p)
{
p = current_proc();
proc_list_lock();
- if (p != proc_refinternal_locked(p))
+ if (p != proc_ref_locked(p))
p = PROC_NULL;
proc_list_unlock();
return(p);
}
-static proc_t
-proc_refinternal_locked(proc_t p)
+proc_t
+proc_ref_locked(proc_t p)
{
proc_t p1 = p;
}
-static proc_t
+proc_t
proc_find_zombref(int pid)
{
proc_t p1 = PROC_NULL;
return(p1);
}
-static void
+void
proc_drop_zombref(proc_t p)
{
proc_list_lock();
proc_list_lock();
loop:
pp = p->p_pptr;
- parent = proc_refinternal_locked(pp);
+ parent = proc_ref_locked(pp);
if ((parent == PROC_NULL) && (pp != PROC_NULL) && (pp->p_stat != SZOMB) && ((pp->p_listflag & P_LIST_EXITED) != 0) && ((pp->p_listflag & P_LIST_CHILDDRAINED)== 0)){
pp->p_listflag |= P_LIST_CHILDLKWAIT;
msleep(&pp->p_childrencnt, proc_list_mlock, 0, "proc_parent", 0);
return(error);
}
+task_t
+proc_task(proc_t proc)
+{
+ return (task_t)proc->task;
+}
+
/*
* Obtain the first thread in a process
*
return(p->p_idversion);
}
+uint64_t
+proc_uniqueid(proc_t p)
+{
+ return(p->p_uniqueid);
+}
+
+uint64_t
+proc_selfuniqueid(void)
+{
+ proc_t p = current_proc();
+ return(p->p_uniqueid);
+}
+
int
proc_getcdhash(proc_t p, unsigned char *cdhash)
{
return vn_getcdhash(p->p_textvp, p->p_textoff, cdhash);
}
+void
+proc_getexecutableuuid(proc_t p, unsigned char *uuidbuf, unsigned long size)
+{
+ if (size >= sizeof(p->p_uuid)) {
+ memcpy(uuidbuf, p->p_uuid, sizeof(p->p_uuid));
+ }
+}
+
+
void
bsd_set_dependency_capable(task_t task)
{
sess->s_flags = 0;
sess->s_listflags = 0;
sess->s_ttypgrpid = NO_PID;
-#ifdef CONFIG_EMBEDDED
- lck_mtx_init(&sess->s_mlock, proc_lck_grp, proc_lck_attr);
-#else
+#if CONFIG_FINE_LOCK_GROUPS
lck_mtx_init(&sess->s_mlock, proc_mlock_grp, proc_lck_attr);
+#else
+ lck_mtx_init(&sess->s_mlock, proc_lck_grp, proc_lck_attr);
#endif
bcopy(procsp->s_login, sess->s_login,
sizeof(sess->s_login));
proc_list_unlock();
}
pgrp->pg_id = pgid;
-#ifdef CONFIG_EMBEDDED
- lck_mtx_init(&pgrp->pg_mlock, proc_lck_grp, proc_lck_attr);
-#else
+#if CONFIG_FINE_LOCK_GROUPS
lck_mtx_init(&pgrp->pg_mlock, proc_mlock_grp, proc_lck_attr);
+#else
+ lck_mtx_init(&pgrp->pg_mlock, proc_lck_grp, proc_lck_attr);
#endif
LIST_INIT(&pgrp->pg_members);
pgrp->pg_membercnt = 0;
if (sessp->s_count != 0)
panic("pg_deleteref: freeing session in use");
proc_list_unlock();
-#ifdef CONFIG_EMBEDDED
- lck_mtx_destroy(&sessp->s_mlock, proc_lck_grp);
-#else
+#if CONFIG_FINE_LOCK_GROUPS
lck_mtx_destroy(&sessp->s_mlock, proc_mlock_grp);
+#else
+ lck_mtx_destroy(&sessp->s_mlock, proc_lck_grp);
#endif
FREE_ZONE(sessp, sizeof(struct session), M_SESSION);
} else
proc_list_unlock();
-#ifdef CONFIG_EMBEDDED
- lck_mtx_destroy(&pgrp->pg_mlock, proc_lck_grp);
-#else
+#if CONFIG_FINE_LOCK_GROUPS
lck_mtx_destroy(&pgrp->pg_mlock, proc_mlock_grp);
+#else
+ lck_mtx_destroy(&pgrp->pg_mlock, proc_lck_grp);
#endif
FREE_ZONE(pgrp, sizeof(*pgrp), M_PGRP);
}
SYSCTL_NODE(_kern, KERN_LCTX, lctx, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "Login Context");
-SYSCTL_PROC(_kern_lctx, KERN_LCTX_ALL, all, CTLFLAG_RD|CTLTYPE_STRUCT,
+SYSCTL_PROC(_kern_lctx, KERN_LCTX_ALL, all, CTLFLAG_RD|CTLTYPE_STRUCT | CTLFLAG_LOCKED,
0, 0, sysctl_kern_lctx, "S,lctx",
"Return entire login context table");
-SYSCTL_NODE(_kern_lctx, KERN_LCTX_LCID, lcid, CTLFLAG_RD,
+SYSCTL_NODE(_kern_lctx, KERN_LCTX_LCID, lcid, CTLFLAG_RD | CTLFLAG_LOCKED,
sysctl_kern_lctx, "Login Context Table");
-SYSCTL_INT(_kern_lctx, OID_AUTO, last, CTLFLAG_RD, &lastlcid, 0, "");
-SYSCTL_INT(_kern_lctx, OID_AUTO, count, CTLFLAG_RD, &alllctx_cnt, 0, "");
-SYSCTL_INT(_kern_lctx, OID_AUTO, max, CTLFLAG_RW, &maxlcid, 0, "");
+SYSCTL_INT(_kern_lctx, OID_AUTO, last, CTLFLAG_RD | CTLFLAG_LOCKED, &lastlcid, 0, "");
+SYSCTL_INT(_kern_lctx, OID_AUTO, count, CTLFLAG_RD | CTLFLAG_LOCKED, &alllctx_cnt, 0, "");
+SYSCTL_INT(_kern_lctx, OID_AUTO, max, CTLFLAG_RW | CTLFLAG_LOCKED, &maxlcid, 0, "");
#endif /* LCTX */
int
csops(__unused proc_t p, struct csops_args *uap, __unused int32_t *retval)
{
- int ops = uap->ops;
- pid_t pid = uap->pid;
- user_addr_t uaddr = uap->useraddr;
- size_t usize = (size_t)CAST_DOWN(size_t, uap->usersize);
+ return(csops_internal(uap->pid, uap->ops, uap->useraddr,
+ uap->usersize, USER_ADDR_NULL));
+}
+
+int
+csops_audittoken(__unused proc_t p, struct csops_audittoken_args *uap, __unused int32_t *retval)
+{
+ if (uap->uaudittoken == USER_ADDR_NULL)
+ return(EINVAL);
+ switch (uap->ops) {
+ case CS_OPS_PIDPATH:
+ case CS_OPS_ENTITLEMENTS_BLOB:
+ break;
+ default:
+ return(EINVAL);
+ };
+
+ return(csops_internal(uap->pid, uap->ops, uap->useraddr,
+ uap->usersize, uap->uaudittoken));
+}
+
+static int
+csops_internal(pid_t pid, int ops, user_addr_t uaddr, user_size_t usersize, user_addr_t uaudittoken)
+{
+ size_t usize = (size_t)CAST_DOWN(size_t, usersize);
proc_t pt;
uint32_t retflags;
int vid, forself;
off_t toff;
char * buf;
unsigned char cdhash[SHA1_RESULTLEN];
+ audit_token_t token;
+ unsigned int upid=0, uidversion = 0;
forself = error = 0;
return(EOVERFLOW);
if (kauth_cred_issuser(kauth_cred_get()) != TRUE)
return(EPERM);
- } else if ((forself == 0) && ((ops != CS_OPS_STATUS) && (ops != CS_OPS_CDHASH) && (ops != CS_OPS_PIDOFFSET) && (kauth_cred_issuser(kauth_cred_get()) != TRUE))) {
- return(EPERM);
+ } else {
+ switch (ops) {
+ case CS_OPS_STATUS:
+ case CS_OPS_CDHASH:
+ case CS_OPS_PIDOFFSET:
+ case CS_OPS_ENTITLEMENTS_BLOB:
+ break; /* unrestricted */
+ default:
+ if (forself == 0 && kauth_cred_issuser(kauth_cred_get()) != TRUE)
+ return(EPERM);
+ break;
+ }
}
pt = proc_find(pid);
if (pt == PROC_NULL)
return(ESRCH);
-
+ upid = pt->p_pid;
+ uidversion = pt->p_idversion;
+ if (uaudittoken != USER_ADDR_NULL) {
+
+ error = copyin(uaudittoken, &token, sizeof(audit_token_t));
+ if (error != 0)
+ goto out;
+ /* verify the audit token pid/idversion matches with proc */
+ if ((token.val[5] != upid) || (token.val[7] != uidversion)) {
+ error = ESRCH;
+ goto out;
+ }
+ }
switch (ops) {
if ((pt->p_csflags & CS_VALID) == CS_VALID) { /* is currently valid */
pt->p_csflags &= ~CS_VALID; /* set invalid */
if ((pt->p_csflags & CS_KILL) == CS_KILL) {
+ pt->p_csflags |= CS_KILLED;
proc_unlock(pt);
+ if (cs_debug) {
+ printf("CODE SIGNING: marked invalid by pid %d: "
+ "p=%d[%s] honoring CS_KILL, final status 0x%x\n",
+ proc_selfpid(), pt->p_pid, pt->p_comm, pt->p_csflags);
+ }
psignal(pt, SIGKILL);
} else
proc_unlock(pt);
}
return error;
-
+
+ case CS_OPS_ENTITLEMENTS_BLOB: {
+ char fakeheader[8] = { 0 };
+ void *start;
+ size_t length;
+
+ if ((pt->p_csflags & CS_VALID) == 0) {
+ error = EINVAL;
+ break;
+ }
+ if (usize < sizeof(fakeheader)) {
+ error = ERANGE;
+ break;
+ }
+ if (0 != (error = cs_entitlements_blob_get(pt,
+ &start, &length)))
+ break;
+ /* if no entitlement, fill in zero header */
+ if (NULL == start) {
+ start = fakeheader;
+ length = sizeof(fakeheader);
+ } else if (usize < length) {
+ /* ... if input too short, copy out length of entitlement */
+ uint32_t length32 = htonl((uint32_t)length);
+ memcpy(&fakeheader[4], &length32, sizeof(length32));
+
+ error = copyout(fakeheader, uaddr, sizeof(fakeheader));
+ if (error == 0)
+ error = ERANGE; /* input buffer to short, ERANGE signals that */
+ break;
+ }
+ error = copyout(start, uaddr, length);
+ break;
+ }
+
+ case CS_OPS_MARKRESTRICT:
+ proc_lock(pt);
+ pt->p_csflags |= CS_RESTRICT;
+ proc_unlock(pt);
+ break;
+
default:
error = EINVAL;
break;
return(error);
}
-
int
proc_iterate(flags, callout, arg, filterfn, filterarg)
int flags;
for (p = allproc.lh_first; (p != 0); p = p->p_list.le_next) {
if ( (filterfn == 0 ) || (filterfn(p, filterarg) != 0)) {
- p = proc_refinternal_locked(p);
+ p = proc_ref_locked(p);
proc_list_unlock();
lockheld = 0;
if (sess->s_count != 0)
panic("session_rele: freeing session in use");
proc_list_unlock();
-#ifdef CONFIG_EMBEDDED
- lck_mtx_destroy(&sess->s_mlock, proc_lck_grp);
-#else
+#if CONFIG_FINE_LOCK_GROUPS
lck_mtx_destroy(&sess->s_mlock, proc_mlock_grp);
+#else
+ lck_mtx_destroy(&sess->s_mlock, proc_lck_grp);
#endif
FREE_ZONE(sess, sizeof(struct session), M_SESSION);
} else
int cs_force_kill = 0;
int cs_force_hard = 0;
int cs_debug = 0;
-SYSCTL_INT(_vm, OID_AUTO, cs_force_kill, CTLFLAG_RW, &cs_force_kill, 0, "");
-SYSCTL_INT(_vm, OID_AUTO, cs_force_hard, CTLFLAG_RW, &cs_force_hard, 0, "");
-SYSCTL_INT(_vm, OID_AUTO, cs_debug, CTLFLAG_RW, &cs_debug, 0, "");
+SYSCTL_INT(_vm, OID_AUTO, cs_force_kill, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_force_kill, 0, "");
+SYSCTL_INT(_vm, OID_AUTO, cs_force_hard, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_force_hard, 0, "");
+SYSCTL_INT(_vm, OID_AUTO, cs_debug, CTLFLAG_RW | CTLFLAG_LOCKED, &cs_debug, 0, "");
int
cs_allow_invalid(struct proc *p)
/* CS_KILL triggers us to send a kill signal. Nothing else. */
if (p->p_csflags & CS_KILL) {
+ p->p_csflags |= CS_KILLED;
proc_unlock(p);
if (cs_debug) {
printf("CODE SIGNING: cs_invalid_page(0x%llx): "
- "p=%d[%s] honoring CS_KILL\n",
- vaddr, p->p_pid, p->p_comm);
+ "p=%d[%s] honoring CS_KILL, final status 0x%x\n",
+ vaddr, p->p_pid, p->p_comm, p->p_csflags);
}
cs_procs_killed++;
psignal(p, SIGKILL);
proc_t p;
int pcontrol;
int error;
+ proc_t self = current_proc();
- if ((error = suser(kauth_cred_get(), 0)))
+ /* if the process has been validated to handle resource control or root is valid one */
+ if (((self->p_lflag & P_LVMRSRCOWNER) == 0) && (error = suser(kauth_cred_get(), 0)))
return error;
+
p = proc_find(pid);
if (p == PROC_NULL)
return(ESRCH);
projects / apple / xnu.git / blobdiff