]> git.saurik.com Git - apple/xnu.git/blobdiff - osfmk/ipc/ipc_object.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-6153.101.6.tar.gz
[apple/xnu.git] / osfmk / ipc / ipc_object.c
diff --git a/osfmk/ipc/ipc_object.c b/osfmk/ipc/ipc_object.c
index 76fc96b8e5822d3001df3470a273badce659e290..adeef2d7283b48afba04ce5755d3bfd8615e3798 100644 (file)
--- a/osfmk/ipc/ipc_object.c
+++ b/osfmk/ipc/ipc_object.c
@@ -945,6 +945,7 @@ ipc_object_copyout(
                        break;
                }
 
+
                name = CAST_MACH_PORT_TO_NAME(object);
                kr = ipc_entry_get(space, &name, &entry);
                if (kr != KERN_SUCCESS) {
@@ -968,6 +969,30 @@ ipc_object_copyout(
                        return KERN_INVALID_CAPABILITY;
                }
 
+               /* Don't actually copyout rights we aren't allowed to */
+               if (!ip_label_check(space, ip_object_to_port(object), msgt_name)) {
+                       io_unlock(object);
+                       ipc_entry_dealloc(space, name, entry);
+                       is_write_unlock(space);
+
+                       switch (msgt_name) {
+                       case MACH_MSG_TYPE_PORT_SEND_ONCE:
+                               ipc_port_release_sonce(ip_object_to_port(object));
+                               break;
+                       case MACH_MSG_TYPE_PORT_SEND:
+                               ipc_port_release_send(ip_object_to_port(object));
+                               break;
+                       default:
+                               /*
+                                * We don't allow labeling of "kobjects" with receive
+                                * rights at user-space or port-sets. So, if we get this far,
+                                * something went VERY wrong.
+                                */
+                               panic("ipc_object_copyout: bad port label check failure");
+                       }
+                       return KERN_INVALID_CAPABILITY;
+               }
+
                entry->ie_object = object;
                break;
        }
@@ -1064,6 +1089,25 @@ ipc_object_copyout_name(
                        return KERN_INVALID_CAPABILITY;
                }
 
+               /* Don't actually copyout rights we aren't allowed to */
+               if (!ip_label_check(space, ip_object_to_port(object), msgt_name)) {
+                       io_unlock(object);
+                       ipc_entry_dealloc(space, name, entry);
+                       is_write_unlock(space);
+
+                       switch (msgt_name) {
+                       case MACH_MSG_TYPE_PORT_SEND_ONCE:
+                               ipc_port_release_sonce(ip_object_to_port(object));
+                               break;
+                       case MACH_MSG_TYPE_PORT_SEND:
+                               ipc_port_release_send(ip_object_to_port(object));
+                               break;
+                       default:
+                               panic("ipc_object_copyout_name: bad port label check failure");
+                       }
+                       return KERN_INVALID_CAPABILITY;
+               }
+
                entry->ie_object = object;
        }
 
mirror of XNU