xnu-4570.51.1.tar.gz

[apple/xnu.git] / bsd / kern / kern_resource.c
diff --git a/bsd/kern/kern_resource.c b/bsd/kern/kern_resource.c

index 13b1248870397106a3211c43b5360032b8914793..780159263d051645e27aea413e9f7592123608a2 100644 (file)
--- a/bsd/kern/kern_resource.c
+++ b/bsd/kern/kern_resource.c
@@ -1,5 +1,5 @@
  /*
  /*
- * Copyright (c) 2000-2008 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2017 Apple Inc. All rights reserved.
   *
   * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   * 
   *
   * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   * 
@@ -81,8 +81,6 @@
  #include <sys/malloc.h>
  #include <sys/proc_internal.h>
  #include <sys/kauth.h>
  #include <sys/malloc.h>
  #include <sys/proc_internal.h>
  #include <sys/kauth.h>
-#include <machine/spl.h>
-
  #include <sys/mount_internal.h>
  #include <sys/sysproto.h>
  
  #include <sys/mount_internal.h>
  #include <sys/sysproto.h>
  
@@ -97,25 +95,51 @@
  #include <mach/vm_map.h>
  #include <mach/mach_vm.h>
  #include <mach/thread_act.h>  /* for thread_policy_set( ) */
  #include <mach/vm_map.h>
  #include <mach/mach_vm.h>
  #include <mach/thread_act.h>  /* for thread_policy_set( ) */
-#include <kern/lock.h>
  #include <kern/thread.h>
  #include <kern/thread.h>
+#include <kern/policy_internal.h>
  
  #include <kern/task.h>
  #include <kern/clock.h>                /* for absolutetime_to_microtime() */
  #include <netinet/in.h>                /* for TRAFFIC_MGT_SO_* */
  #include <sys/socketvar.h>     /* for struct socket */
  
  #include <kern/task.h>
  #include <kern/clock.h>                /* for absolutetime_to_microtime() */
  #include <netinet/in.h>                /* for TRAFFIC_MGT_SO_* */
  #include <sys/socketvar.h>     /* for struct socket */
+#if NECP
+#include <net/necp.h>
+#endif /* NECP */
  
  #include <vm/vm_map.h>
  
  
  #include <vm/vm_map.h>
  
+#include <kern/assert.h>
+#include <sys/resource.h>
+#include <sys/priv.h>
+#include <IOKit/IOBSD.h>
+
+#if CONFIG_MACF
+#include <security/mac_framework.h>
+#endif
+
  int    donice(struct proc *curp, struct proc *chgp, int n);
  int    dosetrlimit(struct proc *p, u_int which, struct rlimit *limp);
  int    uthread_get_background_state(uthread_t);
  int    donice(struct proc *curp, struct proc *chgp, int n);
  int    dosetrlimit(struct proc *p, u_int which, struct rlimit *limp);
  int    uthread_get_background_state(uthread_t);
-static void do_background_socket(struct proc *p, thread_t thread, int priority);
-static int do_background_thread(struct proc *curp, int priority);
-static int do_background_task(struct proc *curp, int priority);
+static void do_background_socket(struct proc *p, thread_t thread);
+static int do_background_thread(thread_t thread, int priority);
+static int do_background_proc(struct proc *curp, struct proc *targetp, int priority);
+static int set_gpudeny_proc(struct proc *curp, struct proc *targetp, int priority);
+static int proc_set_darwin_role(proc_t curp, proc_t targetp, int priority);
+static int proc_get_darwin_role(proc_t curp, proc_t targetp, int *priority);
+static int get_background_proc(struct proc *curp, struct proc *targetp, int *priority);
+int proc_pid_rusage(int pid, int flavor, user_addr_t buf, int32_t *retval);
+void gather_rusage_info(proc_t p, rusage_info_current *ru, int flavor);
+int fill_task_rusage(task_t task, rusage_info_current *ri);
+void fill_task_billed_usage(task_t task, rusage_info_current *ri);
+int fill_task_io_rusage(task_t task, rusage_info_current *ri);
+int fill_task_qos_rusage(task_t task, rusage_info_current *ri);
+uint64_t get_task_logical_writes(task_t task);
+void fill_task_monotonic_rusage(task_t task, rusage_info_current *ri);
+
+int proc_get_rusage(proc_t p, int flavor, user_addr_t buffer, __unused int is_zombie);
  
  rlim_t maxdmap = MAXDSIZ;      /* XXX */ 
  
  rlim_t maxdmap = MAXDSIZ;      /* XXX */ 
-rlim_t maxsmap = MAXSSIZ - PAGE_SIZE;  /* XXX */ 
+rlim_t maxsmap = MAXSSIZ - PAGE_MAX_SIZE;      /* XXX */ 
  
  /*
   * Limits on the number of open files per process, and the number
  
  /*
   * Limits on the number of open files per process, and the number
@@ -125,10 +149,10 @@ rlim_t maxsmap = MAXSSIZ - PAGE_SIZE;     /* XXX */
   */
  __private_extern__ int maxfilesperproc = OPEN_MAX;             /* per-proc open files limit */
  
   */
  __private_extern__ int maxfilesperproc = OPEN_MAX;             /* per-proc open files limit */
  
-SYSCTL_INT( _kern, KERN_MAXPROCPERUID, maxprocperuid, CTLFLAG_RW,
+SYSCTL_INT(_kern, KERN_MAXPROCPERUID, maxprocperuid, CTLFLAG_RW | CTLFLAG_LOCKED,
                 &maxprocperuid, 0, "Maximum processes allowed per userid" );
  
                 &maxprocperuid, 0, "Maximum processes allowed per userid" );
  
-SYSCTL_INT( _kern, KERN_MAXFILESPERPROC, maxfilesperproc, CTLFLAG_RW,       
+SYSCTL_INT(_kern, KERN_MAXFILESPERPROC, maxfilesperproc, CTLFLAG_RW | CTLFLAG_LOCKED,
                 &maxfilesperproc, 0, "Maximum files allowed open per process" );
  
  /* Args and fn for proc_iteration callback used in setpriority */
                 &maxfilesperproc, 0, "Maximum files allowed open per process" );
  
  /* Args and fn for proc_iteration callback used in setpriority */
@@ -160,6 +184,8 @@ getpriority(struct proc *curp, struct getpriority_args *uap, int32_t *retval)
         struct proc *p;
         int low = PRIO_MAX + 1;
         kauth_cred_t my_cred;
         struct proc *p;
         int low = PRIO_MAX + 1;
         kauth_cred_t my_cred;
+       int refheld = 0;
+       int error = 0;
  
         /* would also test (uap->who < 0), but id_t is unsigned */
         if (uap->who > 0x7fffffff)
  
         /* would also test (uap->who < 0), but id_t is unsigned */
         if (uap->who > 0x7fffffff)
@@ -192,7 +218,7 @@ getpriority(struct proc *curp, struct getpriority_args *uap, int32_t *retval)
                 }
                 /* No need for iteration as it is a simple scan */
                 pgrp_lock(pg);
                 }
                 /* No need for iteration as it is a simple scan */
                 pgrp_lock(pg);
-               for (p = pg->pg_members.lh_first; p != 0; p = p->p_pglist.le_next) {
+               PGMEMBERS_FOREACH(pg, p) {
                         if (p->p_nice < low)
                                 low = p->p_nice;
                 }
                         if (p->p_nice < low)
                                 low = p->p_nice;
                 }
@@ -219,24 +245,50 @@ getpriority(struct proc *curp, struct getpriority_args *uap, int32_t *retval)
  
                 break;
  
  
                 break;
  
-       case PRIO_DARWIN_THREAD: {
-               thread_t                        thread;
-               struct uthread          *ut;
-
+       case PRIO_DARWIN_THREAD:
                 /* we currently only support the current thread */
                 /* we currently only support the current thread */
-               if (uap->who != 0) {
+               if (uap->who != 0)
                         return (EINVAL);
                         return (EINVAL);
+
+               low = proc_get_thread_policy(current_thread(), TASK_POLICY_INTERNAL, TASK_POLICY_DARWIN_BG);
+
+               break;
+
+       case PRIO_DARWIN_PROCESS:
+               if (uap->who == 0) {
+                       p = curp;
+               } else {
+                       p = proc_find(uap->who);
+                       if (p == PROC_NULL)
+                               break;
+                       refheld = 1;
                 }
                 }
-       
-               thread = current_thread();
-               ut = get_bsdthread_info(thread);
  
  
-               low = 0;
-               if ( (ut->uu_flag & UT_BACKGROUND_TRAFFIC_MGT) != 0 ) {
-                       low = 1;
+               error = get_background_proc(curp, p, &low);
+
+               if (refheld)
+                       proc_rele(p);
+               if (error)
+                       return (error);
+               break;
+
+       case PRIO_DARWIN_ROLE:
+               if (uap->who == 0) {
+                       p = curp;
+               } else {
+                       p = proc_find(uap->who);
+                       if (p == PROC_NULL)
+                               break;
+                       refheld = 1;
                 }
                 }
+
+               error = proc_get_darwin_role(curp, p, &low);
+
+               if (refheld)
+                       proc_rele(p);
+               if (error)
+                       return (error);
                 break;
                 break;
-       }
  
         default:
                 return (EINVAL);
  
         default:
                 return (EINVAL);
@@ -298,7 +350,7 @@ ppgrp_donice_callback(proc_t p, void * arg)
   */
  /* ARGSUSED */
  int
   */
  /* ARGSUSED */
  int
-setpriority(struct proc *curp, struct setpriority_args *uap, __unused int32_t *retval)
+setpriority(struct proc *curp, struct setpriority_args *uap, int32_t *retval)
  {
         struct proc *p;
         int found = 0, error = 0;
  {
         struct proc *p;
         int found = 0, error = 0;
@@ -368,11 +420,10 @@ setpriority(struct proc *curp, struct setpriority_args *uap, __unused int32_t *r
  
         case PRIO_DARWIN_THREAD: {
                 /* we currently only support the current thread */
  
         case PRIO_DARWIN_THREAD: {
                 /* we currently only support the current thread */
-               if (uap->who != 0) {
+               if (uap->who != 0)
                         return (EINVAL);
                         return (EINVAL);
-               }
-               error = do_background_thread(curp, uap->prio);
-               (void) do_background_socket(curp, current_thread(), uap->prio);
+
+               error = do_background_thread(current_thread(), uap->prio);
                 found++;
                 break;
         }
                 found++;
                 break;
         }
@@ -387,9 +438,41 @@ setpriority(struct proc *curp, struct setpriority_args *uap, __unused int32_t *r
                         refheld = 1;
                 }
  
                         refheld = 1;
                 }
  
-               error = do_background_task(p, uap->prio);
-               (void) do_background_socket(p, NULL, uap->prio);
-               
+               error = do_background_proc(curp, p, uap->prio);
+
+               found++;
+               if (refheld != 0)
+                       proc_rele(p);
+               break;
+       }
+
+       case PRIO_DARWIN_GPU: {
+               if (uap->who == 0)
+                       return (EINVAL);
+
+               p = proc_find(uap->who);
+               if (p == PROC_NULL)
+                       break;
+
+               error = set_gpudeny_proc(curp, p, uap->prio);
+
+               found++;
+               proc_rele(p);
+               break;
+       }
+
+       case PRIO_DARWIN_ROLE: {
+               if (uap->who == 0) {
+                       p = curp;
+               } else {
+                       p = proc_find(uap->who);
+                       if (p == PROC_NULL)
+                               break;
+                       refheld = 1;
+               }
+
+               error = proc_set_darwin_role(curp, p, uap->prio);
+
                 found++;
                 if (refheld != 0)
                         proc_rele(p);
                 found++;
                 if (refheld != 0)
                         proc_rele(p);
@@ -401,6 +484,10 @@ setpriority(struct proc *curp, struct setpriority_args *uap, __unused int32_t *r
         }
         if (found == 0)
                 return (ESRCH);
         }
         if (found == 0)
                 return (ESRCH);
+       if (error == EIDRM) {
+               *retval = -2;
+               error = 0;
+       }
         return (error);
  }
  
         return (error);
  }
  
@@ -421,9 +508,9 @@ donice(struct proc *curp, struct proc *chgp, int n)
         ucred = kauth_cred_proc_ref(curp);
         my_cred = kauth_cred_proc_ref(chgp);
  
         ucred = kauth_cred_proc_ref(curp);
         my_cred = kauth_cred_proc_ref(chgp);
  
-       if (suser(ucred, NULL) && ucred->cr_ruid &&
+       if (suser(ucred, NULL) && kauth_cred_getruid(ucred) &&
             kauth_cred_getuid(ucred) != kauth_cred_getuid(my_cred) &&
             kauth_cred_getuid(ucred) != kauth_cred_getuid(my_cred) &&
-           ucred->cr_ruid != kauth_cred_getuid(my_cred)) {
+           kauth_cred_getruid(ucred) != kauth_cred_getuid(my_cred)) {
                 error = EPERM;
                 goto out;
         }
                 error = EPERM;
                 goto out;
         }
@@ -451,209 +538,333 @@ out:
  }
  
  static int
  }
  
  static int
-do_background_task(struct proc *p, int priority)
+set_gpudeny_proc(struct proc *curp, struct proc *targetp, int priority)
  {
         int error = 0;
  {
         int error = 0;
-       task_category_policy_data_t info;
+       kauth_cred_t ucred;
+       kauth_cred_t target_cred;
  
  
-       /* set the max scheduling priority on the task */
-       if (priority & PRIO_DARWIN_BG) { 
-               info.role = TASK_THROTTLE_APPLICATION;
-       } else {
-               info.role = TASK_DEFAULT_APPLICATION;
+       ucred = kauth_cred_get();
+       target_cred = kauth_cred_proc_ref(targetp);
+
+       /* TODO: Entitlement instead of uid check */
+
+       if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) &&
+           kauth_cred_getuid(ucred)   != kauth_cred_getuid(target_cred) &&
+           kauth_cred_getruid(ucred)  != kauth_cred_getuid(target_cred)) {
+               error = EPERM;
+               goto out;
         }
  
         }
  
-       error = task_policy_set(p->task,
-                       TASK_CATEGORY_POLICY,
-                       (task_policy_t) &info,
-                       TASK_CATEGORY_POLICY_COUNT);
+       if (curp == targetp) {
+               error = EPERM;
+               goto out;
+       }
  
  
+#if CONFIG_MACF
+       error = mac_proc_check_sched(curp, targetp);
         if (error)
                 goto out;
         if (error)
                 goto out;
+#endif
  
  
-       proc_lock(p);
+       switch (priority) {
+               case PRIO_DARWIN_GPU_DENY:
+                       task_set_gpu_denied(proc_task(targetp), TRUE);
+                       break;
+               case PRIO_DARWIN_GPU_ALLOW:
+                       task_set_gpu_denied(proc_task(targetp), FALSE);
+                       break;
+               default:
+                       error = EINVAL;
+                       goto out;
+       }
  
  
-       /* mark proc structure as backgrounded */
-       if (priority & PRIO_DARWIN_BG) {
-               p->p_lflag |= P_LBACKGROUND;
-       } else {
-               p->p_lflag &= ~P_LBACKGROUND;
+out:
+       kauth_cred_unref(&target_cred);
+       return (error);
+
+}
+
+static int
+proc_set_darwin_role(proc_t curp, proc_t targetp, int priority)
+{
+       int error = 0;
+       uint32_t flagsp = 0;
+
+       kauth_cred_t ucred, target_cred;
+
+       ucred = kauth_cred_get();
+       target_cred = kauth_cred_proc_ref(targetp);
+
+       if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) &&
+           kauth_cred_getuid(ucred)  != kauth_cred_getuid(target_cred) &&
+           kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred)) {
+               if (priv_check_cred(ucred, PRIV_SETPRIORITY_DARWIN_ROLE, 0) != 0) {
+                       error = EPERM;
+                       goto out;
+               }
         }
  
         }
  
-       /* set or reset the disk I/O priority */
-       p->p_iopol_disk = (priority == PRIO_DARWIN_BG ? 
-                       IOPOL_THROTTLE : IOPOL_DEFAULT); 
+       if (curp != targetp) {
+#if CONFIG_MACF
+               if ((error = mac_proc_check_sched(curp, targetp)))
+                       goto out;
+#endif
+       }
  
  
-       proc_unlock(p);
+       proc_get_darwinbgstate(proc_task(targetp), &flagsp);
+       if ((flagsp & PROC_FLAG_APPLICATION) != PROC_FLAG_APPLICATION) {
+               error = ENOTSUP;
+               goto out;
+       }
+
+       integer_t role = 0;
+
+       if ((error = proc_darwin_role_to_task_role(priority, &role)))
+               goto out;
+
+       proc_set_task_policy(proc_task(targetp), TASK_POLICY_ATTRIBUTE,
+                            TASK_POLICY_ROLE, role);
  
  out:
  
  out:
+       kauth_cred_unref(&target_cred);
+       return (error);
+}
+
+static int
+proc_get_darwin_role(proc_t curp, proc_t targetp, int *priority)
+{
+       int error = 0;
+       int role = 0;
+
+       kauth_cred_t ucred, target_cred;
+
+       ucred = kauth_cred_get();
+       target_cred = kauth_cred_proc_ref(targetp);
+
+       if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) &&
+           kauth_cred_getuid(ucred)  != kauth_cred_getuid(target_cred) &&
+           kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred)) {
+               error = EPERM;
+               goto out;
+       }
+
+       if (curp != targetp) {
+#if CONFIG_MACF
+               if ((error = mac_proc_check_sched(curp, targetp)))
+                       goto out;
+#endif
+       }
+
+       role = proc_get_task_policy(proc_task(targetp), TASK_POLICY_ATTRIBUTE, TASK_POLICY_ROLE);
+
+       *priority = proc_task_role_to_darwin_role(role);
+
+out:
+       kauth_cred_unref(&target_cred);
+       return (error);
+}
+
+
+static int
+get_background_proc(struct proc *curp, struct proc *targetp, int *priority)
+{
+       int external = 0;
+       int error = 0;
+       kauth_cred_t ucred, target_cred;
+
+       ucred = kauth_cred_get();
+       target_cred = kauth_cred_proc_ref(targetp);
+
+       if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) &&
+           kauth_cred_getuid(ucred) != kauth_cred_getuid(target_cred) &&
+           kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred)) {
+               error = EPERM;
+               goto out;
+       }
+
+       external = (curp == targetp) ? TASK_POLICY_INTERNAL : TASK_POLICY_EXTERNAL;
+
+       *priority = proc_get_task_policy(current_task(), external, TASK_POLICY_DARWIN_BG);
+
+out:
+       kauth_cred_unref(&target_cred);
+       return (error);
+}
+
+static int
+do_background_proc(struct proc *curp, struct proc *targetp, int priority)
+{
+#if !CONFIG_MACF
+#pragma unused(curp)
+#endif
+       int error = 0;
+       kauth_cred_t ucred;
+       kauth_cred_t target_cred;
+       int external;
+       int enable;
+
+       ucred = kauth_cred_get();
+       target_cred = kauth_cred_proc_ref(targetp);
+
+       if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) &&
+               kauth_cred_getuid(ucred) != kauth_cred_getuid(target_cred) &&
+               kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred))
+       {
+               error = EPERM;
+               goto out;
+       }
+
+#if CONFIG_MACF
+       error = mac_proc_check_sched(curp, targetp);
+       if (error) 
+               goto out;
+#endif
+
+       external = (curp == targetp) ? TASK_POLICY_INTERNAL : TASK_POLICY_EXTERNAL;
+
+       switch (priority) {
+               case PRIO_DARWIN_BG:
+                       enable = TASK_POLICY_ENABLE;
+                       break;
+               case PRIO_DARWIN_NONUI:
+                       /* ignored for compatibility */
+                       goto out;
+               default:
+                       /* TODO: EINVAL if priority != 0 */
+                       enable = TASK_POLICY_DISABLE;
+                       break;
+       }
+
+       proc_set_task_policy(proc_task(targetp), external, TASK_POLICY_DARWIN_BG, enable);
+
+out:
+       kauth_cred_unref(&target_cred);
         return (error);
  }
  
  static void 
         return (error);
  }
  
  static void 
-do_background_socket(struct proc *p, thread_t thread, int priority)
+do_background_socket(struct proc *p, thread_t thread)
  {
  {
+#if SOCKETS
         struct filedesc                     *fdp;
         struct fileproc                     *fp;
         struct filedesc                     *fdp;
         struct fileproc                     *fp;
-       int                                 i;
+       int                                 i, background;
+
+       proc_fdlock(p);
+
+       if (thread != THREAD_NULL)
+               background = proc_get_effective_thread_policy(thread, TASK_POLICY_ALL_SOCKETS_BG);
+       else
+               background = proc_get_effective_task_policy(proc_task(p), TASK_POLICY_ALL_SOCKETS_BG);
  
  
-       if (priority & PRIO_DARWIN_BG) {
+       if (background) {
                 /*
                  * For PRIO_DARWIN_PROCESS (thread is NULL), simply mark
                  * the sockets with the background flag.  There's nothing
                  * to do here for the PRIO_DARWIN_THREAD case.
                  */
                 /*
                  * For PRIO_DARWIN_PROCESS (thread is NULL), simply mark
                  * the sockets with the background flag.  There's nothing
                  * to do here for the PRIO_DARWIN_THREAD case.
                  */
-               if (thread == NULL) {
-                       proc_fdlock(p);
+               if (thread == THREAD_NULL) {
                         fdp = p->p_fd;
  
                         for (i = 0; i < fdp->fd_nfiles; i++) {
                         fdp = p->p_fd;
  
                         for (i = 0; i < fdp->fd_nfiles; i++) {
-                               struct socket       *sockp;
-
                                 fp = fdp->fd_ofiles[i];
                                 fp = fdp->fd_ofiles[i];
-                               if (fp == NULL || (fdp->fd_ofileflags[i] & UF_RESERVED) != 0 ||
-                                               fp->f_fglob->fg_type != DTYPE_SOCKET) {
+                               if (fp == NULL || (fdp->fd_ofileflags[i] & UF_RESERVED) != 0) {
                                         continue;
                                 }
                                         continue;
                                 }
-                               sockp = (struct socket *)fp->f_fglob->fg_data;
-                               socket_set_traffic_mgt_flags(sockp, TRAFFIC_MGT_SO_BACKGROUND);
-                               sockp->so_background_thread = NULL;
+                               if (FILEGLOB_DTYPE(fp->f_fglob) == DTYPE_SOCKET) {
+                                       struct socket *sockp = (struct socket *)fp->f_fglob->fg_data;
+                                       socket_set_traffic_mgt_flags(sockp, TRAFFIC_MGT_SO_BACKGROUND);
+                                       sockp->so_background_thread = NULL;
+                               }
+#if NECP
+                               else if (FILEGLOB_DTYPE(fp->f_fglob) == DTYPE_NETPOLICY) {
+                                       necp_set_client_as_background(p, fp, background);
+                               }
+#endif /* NECP */
                         }
                         }
-                       proc_fdunlock(p);
                 }
                 }
-
         } else {
         } else {
-               u_int32_t       traffic_mgt;
-               /*
-                * See comments on do_background_thread().  Deregulate network
-                * traffics only for setpriority(PRIO_DARWIN_THREAD).
-                */
-               traffic_mgt = (thread == NULL) ? 0 : TRAFFIC_MGT_SO_BG_REGULATE;
-
                 /* disable networking IO throttle.
                  * NOTE - It is a known limitation of the current design that we 
                  * could potentially clear TRAFFIC_MGT_SO_BACKGROUND bit for 
                  * sockets created by other threads within this process.  
                  */
                 /* disable networking IO throttle.
                  * NOTE - It is a known limitation of the current design that we 
                  * could potentially clear TRAFFIC_MGT_SO_BACKGROUND bit for 
                  * sockets created by other threads within this process.  
                  */
-               proc_fdlock(p);
                 fdp = p->p_fd;
                 for ( i = 0; i < fdp->fd_nfiles; i++ ) {
                         struct socket       *sockp;
  
                         fp = fdp->fd_ofiles[ i ];
                 fdp = p->p_fd;
                 for ( i = 0; i < fdp->fd_nfiles; i++ ) {
                         struct socket       *sockp;
  
                         fp = fdp->fd_ofiles[ i ];
-                       if ( fp == NULL || (fdp->fd_ofileflags[ i ] & UF_RESERVED) != 0 ||
-                                       fp->f_fglob->fg_type != DTYPE_SOCKET ) {
+                       if (fp == NULL || (fdp->fd_ofileflags[ i ] & UF_RESERVED) != 0) {
                                 continue;
                         }
                                 continue;
                         }
-                       sockp = (struct socket *)fp->f_fglob->fg_data;
-                       /* skip if only clearing this thread's sockets */
-                       if ((thread) && (sockp->so_background_thread != thread)) {
-                               continue;
+                       if (FILEGLOB_DTYPE(fp->f_fglob) == DTYPE_SOCKET) {
+                               sockp = (struct socket *)fp->f_fglob->fg_data;
+                               /* skip if only clearing this thread's sockets */
+                               if ((thread) && (sockp->so_background_thread != thread)) {
+                                       continue;
+                               }
+                               socket_clear_traffic_mgt_flags(sockp, TRAFFIC_MGT_SO_BACKGROUND);
+                               sockp->so_background_thread = NULL;
+                       }
+#if NECP
+                       else if (FILEGLOB_DTYPE(fp->f_fglob) == DTYPE_NETPOLICY) {
+                               necp_set_client_as_background(p, fp, background);
                         }
                         }
-                       socket_clear_traffic_mgt_flags(sockp, TRAFFIC_MGT_SO_BACKGROUND | traffic_mgt);
-                       sockp->so_background_thread = NULL;
+#endif /* NECP */
                 }
                 }
-               proc_fdunlock(p);
         }
         }
+
+       proc_fdunlock(p);
+#else
+#pragma unused(p, thread)
+#endif
  }
  
  
  /*
   * do_background_thread
  }
  
  
  /*
   * do_background_thread
- * Returns:    0                       Success
- * XXX - todo - does this need a MACF hook?
   *
   *
- * NOTE: To maintain binary compatibility with PRIO_DARWIN_THREAD with respect
- *      to network traffic management, UT_BACKGROUND_TRAFFIC_MGT is set/cleared
- *      along with UT_BACKGROUND flag, as the latter alone no longer implies
- *      any form of traffic regulation (it simply means that the thread is
- *      background.)  With PRIO_DARWIN_PROCESS, any form of network traffic
- *      management must be explicitly requested via whatever means appropriate,
- *      and only TRAFFIC_MGT_SO_BACKGROUND is set via do_background_socket().
+ * Requires: thread reference
+ *
+ * Returns:     0                       Success
+ *              EPERM                   Tried to background while in vfork
+ * XXX - todo - does this need a MACF hook?
   */
  static int
   */
  static int
-do_background_thread(struct proc *curp __unused, int priority)
+do_background_thread(thread_t thread, int priority)
  {
  {
-       thread_t                                                        thread;
-       struct uthread                                          *ut;
-       thread_precedence_policy_data_t         policy;
-       
-       thread = current_thread();
+       struct uthread *ut;
+       int enable, external;
+       int rv = 0;
+
         ut = get_bsdthread_info(thread);
  
         ut = get_bsdthread_info(thread);
  
-       if ( (priority & PRIO_DARWIN_BG) == 0 ) {
-               /* turn off backgrounding of thread */
-               if ( (ut->uu_flag & UT_BACKGROUND) == 0 ) {
-                       /* already off */
-                       return(0);
-               }
+       /* Backgrounding is unsupported for threads in vfork */
+       if ((ut->uu_flag & UT_VFORK) != 0)
+               return(EPERM);
  
  
-               /*
-                * Clear background bit in thread and disable disk IO
-                * throttle as well as network traffic management.
-                * The corresponding socket flags for sockets created by
-                * this thread will be cleared in do_background_socket().
-                */
-               ut->uu_flag &= ~(UT_BACKGROUND | UT_BACKGROUND_TRAFFIC_MGT);
-               ut->uu_iopol_disk = IOPOL_NORMAL;
-
-               /* reset thread priority (we did not save previous value) */
-               policy.importance = 0;
-               thread_policy_set( thread, THREAD_PRECEDENCE_POLICY,
-                                                  (thread_policy_t)&policy,
-                                                  THREAD_PRECEDENCE_POLICY_COUNT );
-               return(0);
+       /* Backgrounding is unsupported for workq threads */
+       if (thread_is_static_param(thread)) {
+               return(EPERM);
         }
         }
-       
-       /* background this thread */
-       if ( (ut->uu_flag & UT_BACKGROUND) != 0 ) {
-               /* already backgrounded */
-               return(0);
+
+       /* Not allowed to combine QoS and DARWIN_BG, doing so strips the QoS */
+       if (thread_has_qos_policy(thread)) {
+               thread_remove_qos_policy(thread);
+               rv = EIDRM;
         }
  
         }
  
-       /*
-        * Tag thread as background and throttle disk IO, as well
-        * as regulate network traffics.  Future sockets created
-        * by this thread will have their corresponding socket
-        * flags set at socket create time.
-        */
-       ut->uu_flag |= (UT_BACKGROUND | UT_BACKGROUND_TRAFFIC_MGT);
-       ut->uu_iopol_disk = IOPOL_THROTTLE;
-
-       policy.importance = INT_MIN;
-       thread_policy_set( thread, THREAD_PRECEDENCE_POLICY,
-                                          (thread_policy_t)&policy,
-                                          THREAD_PRECEDENCE_POLICY_COUNT );
-
-       /* throttle networking IO happens in socket( ) syscall.
-        * If UT_{BACKGROUND,BACKGROUND_TRAFFIC_MGT} is set in the current
-        * thread then TRAFFIC_MGT_SO_{BACKGROUND,BG_REGULATE} is set.
-        * Existing sockets are taken care of by do_background_socket().
-        */
-       return(0);
-}
+       /* TODO: Fail if someone passes something besides 0 or PRIO_DARWIN_BG */
+       enable   = (priority == PRIO_DARWIN_BG) ? TASK_POLICY_ENABLE   : TASK_POLICY_DISABLE;
+       external = (current_thread() == thread) ? TASK_POLICY_INTERNAL : TASK_POLICY_EXTERNAL;
  
  
-/*
- * If the thread or its proc has been put into the background
- * with setpriority(PRIO_DARWIN_{THREAD,PROCESS}, *, PRIO_DARWIN_BG),
- * report that status.
- *
- * Returns: PRIO_DARWIN_BG if background
- *                     0 if foreground
- */
-int
-uthread_get_background_state(uthread_t uth)
-{
-       proc_t p = uth->uu_proc;
-       if (p && (p->p_lflag & P_LBACKGROUND))
-               return PRIO_DARWIN_BG;
-       
-       if (uth->uu_flag & UT_BACKGROUND)
-               return PRIO_DARWIN_BG;
+       proc_set_thread_policy(thread, external, TASK_POLICY_DARWIN_BG, enable);
  
  
-       return 0;
+       return rv;
  }
  
  }
  
+
  /*
   * Returns:    0                       Success
   *     copyin:EFAULT
  /*
   * Returns:    0                       Success
   *     copyin:EFAULT
@@ -796,12 +1007,7 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp)
                                 size = round_page_64(limp->rlim_cur);
                                 size -= round_page_64(alimp->rlim_cur);
  
                                 size = round_page_64(limp->rlim_cur);
                                 size -= round_page_64(alimp->rlim_cur);
  
-#if STACK_GROWTH_UP
-                               /* go to top of current stack */
-                       addr = p->user_stack + round_page_64(alimp->rlim_cur);
-#else  /* STACK_GROWTH_UP */
                         addr = p->user_stack - round_page_64(limp->rlim_cur);
                         addr = p->user_stack - round_page_64(limp->rlim_cur);
-#endif /* STACK_GROWTH_UP */
                         kr = mach_vm_protect(current_map(), 
                                              addr, size,
                                              FALSE, VM_PROT_DEFAULT);
                         kr = mach_vm_protect(current_map(), 
                                              addr, size,
                                              FALSE, VM_PROT_DEFAULT);
@@ -823,28 +1029,6 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp)
                          */
                         cur_sp = thread_adjuserstack(current_thread(),
                                                      0);
                          */
                         cur_sp = thread_adjuserstack(current_thread(),
                                                      0);
-#if STACK_GROWTH_UP
-                       if (cur_sp >= p->user_stack &&
-                           cur_sp < (p->user_stack +
-                                     round_page_64(alimp->rlim_cur))) {
-                               /* current stack pointer is in main stack */
-                               if (cur_sp >= (p->user_stack +
-                                              round_page_64(limp->rlim_cur))) {
-                                       /*
-                                        * New limit would cause
-                                        * current usage to be invalid:
-                                        * reject new limit.
-                                        */
-                                       error =  EINVAL;
-                                       goto out;
-                       }
-                       } else {
-                               /* not on the main stack: reject */
-                               error =  EINVAL;
-                               goto out;
-               }
-                                
-#else  /* STACK_GROWTH_UP */
                         if (cur_sp <= p->user_stack &&
                             cur_sp > (p->user_stack -
                                       round_page_64(alimp->rlim_cur))) {
                         if (cur_sp <= p->user_stack &&
                             cur_sp > (p->user_stack -
                                       round_page_64(alimp->rlim_cur))) {
@@ -864,16 +1048,11 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp)
                                 error =  EINVAL;
                                 goto out;
                         }
                                 error =  EINVAL;
                                 goto out;
                         }
-#endif /* STACK_GROWTH_UP */
                                 
                         size = round_page_64(alimp->rlim_cur);
                         size -= round_page_64(limp->rlim_cur);
  
                                 
                         size = round_page_64(alimp->rlim_cur);
                         size -= round_page_64(limp->rlim_cur);
  
-#if STACK_GROWTH_UP
-                       addr = p->user_stack + round_page_64(limp->rlim_cur);
-#else  /* STACK_GROWTH_UP */
                         addr = p->user_stack - round_page_64(alimp->rlim_cur);
                         addr = p->user_stack - round_page_64(alimp->rlim_cur);
-#endif /* STACK_GROWTH_UP */
  
                         kr = mach_vm_protect(current_map(),
                                              addr, size,
  
                         kr = mach_vm_protect(current_map(),
                                              addr, size,
@@ -895,7 +1074,7 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp)
                  * because historically, people have been able to attempt to
                  * set RLIM_INFINITY to get "whatever the maximum is".
                 */
                  * because historically, people have been able to attempt to
                  * set RLIM_INFINITY to get "whatever the maximum is".
                 */
-               if ( is_suser() ) {
+               if ( kauth_cred_issuser(kauth_cred_get()) ) {
                         if (limp->rlim_cur != alimp->rlim_cur &&
                             limp->rlim_cur > (rlim_t)maxfiles) {
                                 if (posix) {
                         if (limp->rlim_cur != alimp->rlim_cur &&
                             limp->rlim_cur > (rlim_t)maxfiles) {
                                 if (posix) {
@@ -929,7 +1108,7 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp)
                  * systemwide resource; all others are limited to
                  * maxprocperuid (presumably less than maxproc).
                  */
                  * systemwide resource; all others are limited to
                  * maxprocperuid (presumably less than maxproc).
                  */
-               if ( is_suser() ) {
+               if ( kauth_cred_issuser(kauth_cred_get()) ) {
                         if (limp->rlim_cur > (rlim_t)maxproc)
                                 limp->rlim_cur = maxproc;
                         if (limp->rlim_max > (rlim_t)maxproc)
                         if (limp->rlim_cur > (rlim_t)maxproc)
                                 limp->rlim_cur = maxproc;
                         if (limp->rlim_max > (rlim_t)maxproc)
@@ -965,7 +1144,7 @@ out:
  int
  getrlimit(struct proc *p, struct getrlimit_args *uap, __unused int32_t *retval)
  {
  int
  getrlimit(struct proc *p, struct getrlimit_args *uap, __unused int32_t *retval)
  {
-       struct rlimit lim;
+       struct rlimit lim = {};
  
         /*
          * Take out flag now in case we need to use it to trigger variant
  
         /*
          * Take out flag now in case we need to use it to trigger variant
@@ -997,15 +1176,15 @@ calcru(struct proc *p, struct timeval *up, struct timeval *sp, struct timeval *i
  
         task = p->task;
         if (task) {
  
         task = p->task;
         if (task) {
-               task_basic_info_32_data_t tinfo;
+               mach_task_basic_info_data_t tinfo;
                 task_thread_times_info_data_t ttimesinfo;
                 task_events_info_data_t teventsinfo;
                 mach_msg_type_number_t task_info_count, task_ttimes_count;
                 mach_msg_type_number_t task_events_count;
                 struct timeval ut,st;
  
                 task_thread_times_info_data_t ttimesinfo;
                 task_events_info_data_t teventsinfo;
                 mach_msg_type_number_t task_info_count, task_ttimes_count;
                 mach_msg_type_number_t task_events_count;
                 struct timeval ut,st;
  
-               task_info_count = TASK_BASIC_INFO_32_COUNT;
-               task_info(task, TASK_BASIC2_INFO_32,
+               task_info_count = MACH_TASK_BASIC_INFO_COUNT;
+               task_info(task, MACH_TASK_BASIC_INFO,
                           (task_info_t)&tinfo, &task_info_count);
                 ut.tv_sec = tinfo.user_time.seconds;
                 ut.tv_usec = tinfo.user_time.microseconds;
                           (task_info_t)&tinfo, &task_info_count);
                 ut.tv_sec = tinfo.user_time.seconds;
                 ut.tv_usec = tinfo.user_time.microseconds;
@@ -1041,7 +1220,7 @@ calcru(struct proc *p, struct timeval *up, struct timeval *sp, struct timeval *i
                 if (p->p_stats->p_ru.ru_nivcsw < 0)
                         p->p_stats->p_ru.ru_nivcsw = 0;
  
                 if (p->p_stats->p_ru.ru_nivcsw < 0)
                         p->p_stats->p_ru.ru_nivcsw = 0;
  
-               p->p_stats->p_ru.ru_maxrss = tinfo.resident_size;
+               p->p_stats->p_ru.ru_maxrss = tinfo.resident_size_max;
         }
  }
  
         }
  }
  
@@ -1112,6 +1291,31 @@ ruadd(struct rusage *ru, struct rusage *ru2)
                 *ip++ += *ip2++;
  }
  
                 *ip++ += *ip2++;
  }
  
+/*
+ * Add the rusage stats of child in parent.
+ * 
+ * It adds rusage statistics of child process and statistics of all its
+ * children to its parent.
+ *
+ * Note: proc lock of parent should be held while calling this function.
+ */
+void
+update_rusage_info_child(struct rusage_info_child *ri, rusage_info_current *ri_current)
+{
+       ri->ri_child_user_time += (ri_current->ri_user_time +
+                                       ri_current->ri_child_user_time);
+       ri->ri_child_system_time += (ri_current->ri_system_time +
+                                       ri_current->ri_child_system_time);
+       ri->ri_child_pkg_idle_wkups += (ri_current->ri_pkg_idle_wkups +
+                                       ri_current->ri_child_pkg_idle_wkups);
+       ri->ri_child_interrupt_wkups += (ri_current->ri_interrupt_wkups +
+                                       ri_current->ri_child_interrupt_wkups);
+       ri->ri_child_pageins += (ri_current->ri_pageins +
+                                       ri_current->ri_child_pageins);
+       ri->ri_child_elapsed_abstime += ((ri_current->ri_proc_exit_abstime -
+               ri_current->ri_proc_start_abstime) + ri_current->ri_child_elapsed_abstime);
+}
+
  void
  proc_limitget(proc_t p, int which, struct rlimit * limp)
  {
  void
  proc_limitget(proc_t p, int which, struct rlimit * limp)
  {
@@ -1217,7 +1421,6 @@ proc_limitreplace(proc_t p)
         return(0);
  }
  
         return(0);
  }
  
-
  /*
   * iopolicysys
   *
  /*
   * iopolicysys
   *
@@ -1230,100 +1433,486 @@ proc_limitreplace(proc_t p)
   *             EINVAL                          Invalid command or invalid policy arguments
   *
   */
   *             EINVAL                          Invalid command or invalid policy arguments
   *
   */
+
+static int
+iopolicysys_disk(struct proc *p, int cmd, int scope, int policy, struct _iopol_param_t *iop_param);
+static int
+iopolicysys_vfs(struct proc *p, int cmd, int scope, int policy, struct _iopol_param_t *iop_param);
+
  int
  int
-iopolicysys(__unused struct proc *p, __unused struct iopolicysys_args *uap, __unused int32_t *retval)
+iopolicysys(struct proc *p, struct iopolicysys_args *uap, int32_t *retval)
  {
  {
-       int     error = 0;
-       thread_t thread = THREAD_NULL;
-       int *policy;
-       struct uthread  *ut = NULL;
+       int     error = 0;
         struct _iopol_param_t iop_param;
  
         if ((error = copyin(uap->arg, &iop_param, sizeof(iop_param))) != 0)
         struct _iopol_param_t iop_param;
  
         if ((error = copyin(uap->arg, &iop_param, sizeof(iop_param))) != 0)
-               goto exit;
+               goto out;
  
  
-       if (iop_param.iop_iotype != IOPOL_TYPE_DISK) {
-               error = EINVAL;
-               goto exit;
+       switch (iop_param.iop_iotype) {
+               case IOPOL_TYPE_DISK:
+                       error = iopolicysys_disk(p, uap->cmd, iop_param.iop_scope, iop_param.iop_policy, &iop_param);
+                       if (error == EIDRM) {
+                               *retval = -2;
+                               error = 0;
+                       }
+                       if (error)
+                               goto out;
+                       break;
+               case IOPOL_TYPE_VFS_HFS_CASE_SENSITIVITY:
+                       error = iopolicysys_vfs(p, uap->cmd, iop_param.iop_scope, iop_param.iop_policy, &iop_param);
+                       if (error)
+                               goto out;
+                       break;
+               default:
+                       error = EINVAL;
+                       goto out;
         }
  
         }
  
-       switch (iop_param.iop_scope) {
-       case IOPOL_SCOPE_PROCESS:
-               policy = &p->p_iopol_disk;
-               break;
-       case IOPOL_SCOPE_THREAD:
-               thread = current_thread();
-               ut = get_bsdthread_info(thread);
-               policy = &ut->uu_iopol_disk;
-               break;
-       default:
-               error = EINVAL;
-               goto exit;
+       /* Individual iotype handlers are expected to update iop_param, if requested with a GET command */
+       if (uap->cmd == IOPOL_CMD_GET) {
+               error = copyout((caddr_t)&iop_param, uap->arg, sizeof(iop_param));
+               if (error)
+                       goto out;
         }
         }
-               
-       switch(uap->cmd) {
-       case IOPOL_CMD_SET:
-               switch (iop_param.iop_policy) {
-               case IOPOL_DEFAULT:
-               case IOPOL_NORMAL:
-               case IOPOL_THROTTLE:
-               case IOPOL_PASSIVE:
-                       proc_lock(p);
-                       *policy = iop_param.iop_policy;
-                       proc_unlock(p);
+
+out:
+       return (error);
+}
+
+static int
+iopolicysys_disk(struct proc *p __unused, int cmd, int scope, int policy, struct _iopol_param_t *iop_param)
+{
+       int                     error = 0;
+       thread_t        thread;
+       int                     policy_flavor;
+
+       /* Validate scope */
+       switch (scope) {
+               case IOPOL_SCOPE_PROCESS:
+                       thread = THREAD_NULL;
+                       policy_flavor = TASK_POLICY_IOPOL;
                         break;
                         break;
+
+               case IOPOL_SCOPE_THREAD:
+                       thread = current_thread();
+                       policy_flavor = TASK_POLICY_IOPOL;
+
+                       /* Not allowed to combine QoS and (non-PASSIVE) IO policy, doing so strips the QoS */
+                       if (cmd == IOPOL_CMD_SET && thread_has_qos_policy(thread)) {
+                               switch (policy) {
+                                       case IOPOL_DEFAULT:
+                                       case IOPOL_PASSIVE:
+                                               break;
+                                       case IOPOL_UTILITY:
+                                       case IOPOL_THROTTLE:
+                                       case IOPOL_IMPORTANT:
+                                       case IOPOL_STANDARD:
+                                               if (!thread_is_static_param(thread)) {
+                                                       thread_remove_qos_policy(thread);
+                                                       /*
+                                                        * This is not an error case, this is to return a marker to user-space that
+                                                        * we stripped the thread of its QoS class.
+                                                        */
+                                                       error = EIDRM;
+                                                       break;
+                                               }
+                                               /* otherwise, fall through to the error case. */
+                                       default:
+                                               error = EINVAL;
+                                               goto out;
+                               }
+                       }
+                       break;
+
+               case IOPOL_SCOPE_DARWIN_BG:
+#if CONFIG_EMBEDDED
+                       /* Embedded doesn't want this as BG is always IOPOL_THROTTLE */
+                       error = ENOTSUP;
+                       goto out;
+#else /* CONFIG_EMBEDDED */
+                       thread = THREAD_NULL;
+                       policy_flavor = TASK_POLICY_DARWIN_BG_IOPOL;
+                       break;
+#endif /* CONFIG_EMBEDDED */
+
                 default:
                         error = EINVAL;
                 default:
                         error = EINVAL;
-                       goto exit;
+                       goto out;
+       }
+
+       /* Validate policy */
+       if (cmd == IOPOL_CMD_SET) {
+               switch (policy) {
+                       case IOPOL_DEFAULT:
+                               if (scope == IOPOL_SCOPE_DARWIN_BG) {
+                                       /* the current default BG throttle level is UTILITY */
+                                       policy = IOPOL_UTILITY;
+                               } else {
+                                       policy = IOPOL_IMPORTANT;
+                               }
+                               break;
+                       case IOPOL_UTILITY:
+                               /* fall-through */
+                       case IOPOL_THROTTLE:
+                               /* These levels are OK */
+                               break;
+                       case IOPOL_IMPORTANT:
+                               /* fall-through */
+                       case IOPOL_STANDARD:
+                               /* fall-through */
+                       case IOPOL_PASSIVE:
+                               if (scope == IOPOL_SCOPE_DARWIN_BG) {
+                                       /* These levels are invalid for BG */
+                                       error = EINVAL;
+                                       goto out;
+                               } else {
+                                       /* OK for other scopes */
+                               }
+                               break;
+                       default:
+                               error = EINVAL;
+                               goto out;
                 }
                 }
-               break;
-       case IOPOL_CMD_GET:
-               switch (*policy) {
-               case IOPOL_DEFAULT:
-               case IOPOL_NORMAL:
-               case IOPOL_THROTTLE:
-               case IOPOL_PASSIVE:
-                       iop_param.iop_policy = *policy;
+       }
+
+       /* Perform command */
+       switch(cmd) {
+               case IOPOL_CMD_SET:
+                       if (thread != THREAD_NULL)
+                               proc_set_thread_policy(thread, TASK_POLICY_INTERNAL, policy_flavor, policy);
+                       else
+                               proc_set_task_policy(current_task(), TASK_POLICY_INTERNAL, policy_flavor, policy);
+                       break;
+               case IOPOL_CMD_GET:
+                       if (thread != THREAD_NULL)
+                               policy = proc_get_thread_policy(thread, TASK_POLICY_INTERNAL, policy_flavor);
+                       else
+                               policy = proc_get_task_policy(current_task(), TASK_POLICY_INTERNAL, policy_flavor);
+                       iop_param->iop_policy = policy;
                         break;
                         break;
-               default: // in-kernel 
-                       // this should never happen
-                       printf("%s: unknown I/O policy %d\n", __func__, *policy);
-                       // restore to default value
-                       *policy = IOPOL_DEFAULT;
-                       iop_param.iop_policy = *policy;
+               default:
+                       error = EINVAL; /* unknown command */
+                       break;
+       }
+
+out:
+       return (error);
+}
+
+static int
+iopolicysys_vfs(struct proc *p, int cmd, int scope, int policy, struct _iopol_param_t *iop_param)
+{
+       int                     error = 0;
+
+       /* Validate scope */
+       switch (scope) {
+               case IOPOL_SCOPE_PROCESS:
+                       /* Only process OK */
+                       break;
+               default:
+                       error = EINVAL;
+                       goto out;
+       }
+
+       /* Validate policy */
+       if (cmd == IOPOL_CMD_SET) {
+               switch (policy) {
+                       case IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT:
+                               /* fall-through */
+                       case IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE:
+                               /* These policies are OK */
+                               break;
+                       default:
+                               error = EINVAL;
+                               goto out;
                 }
                 }
+       }
+
+       /* Perform command */
+       switch(cmd) {
+               case IOPOL_CMD_SET:
+                       if (0 == kauth_cred_issuser(kauth_cred_get())) {
+                               /* If it's a non-root process, it needs to have the entitlement to set the policy */
+                               boolean_t entitled = FALSE;
+                               entitled = IOTaskHasEntitlement(current_task(), "com.apple.private.iopol.case_sensitivity");
+                               if (!entitled) {
+                                       error = EPERM;
+                                       goto out;
+                               }
+                       }
+
+                       switch (policy) {
+                               case IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT:
+                                       OSBitAndAtomic16(~((uint32_t)P_VFS_IOPOLICY_FORCE_HFS_CASE_SENSITIVITY), &p->p_vfs_iopolicy);
+                                       break;
+                               case IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE:
+                                       OSBitOrAtomic16((uint32_t)P_VFS_IOPOLICY_FORCE_HFS_CASE_SENSITIVITY, &p->p_vfs_iopolicy);
+                                       break;
+                               default:
+                                       error = EINVAL;
+                                       goto out;
+                       }
+                       
+                       break;
+               case IOPOL_CMD_GET:
+                       iop_param->iop_policy = (p->p_vfs_iopolicy & P_VFS_IOPOLICY_FORCE_HFS_CASE_SENSITIVITY)
+                               ? IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE
+                               : IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT;
+                       break;
+               default:
+                       error = EINVAL; /* unknown command */
+                       break;
+       }
+
+out:
+       return (error);
+}
+
+/* BSD call back function for task_policy networking changes */
+void
+proc_apply_task_networkbg(void * bsd_info, thread_t thread)
+{
+       assert(bsd_info != PROC_NULL);
+
+       pid_t pid = proc_pid((proc_t)bsd_info);
+
+       proc_t p = proc_find(pid);
+
+       if (p != PROC_NULL) {
+               assert(p == (proc_t)bsd_info);
+
+               do_background_socket(p, thread);
+               proc_rele(p);
+       }
+}
+
+void
+gather_rusage_info(proc_t p, rusage_info_current *ru, int flavor)
+{
+       struct rusage_info_child *ri_child;
+
+       assert(p->p_stats != NULL);
+       memset(ru, 0, sizeof(*ru));
+       switch(flavor) {
+       case RUSAGE_INFO_V4:
+               ru->ri_logical_writes = get_task_logical_writes(p->task);
+               ru->ri_lifetime_max_phys_footprint = get_task_phys_footprint_lifetime_max(p->task);
+               fill_task_monotonic_rusage(p->task, ru);
+        /* fall through */
+
+       case RUSAGE_INFO_V3:
+               fill_task_qos_rusage(p->task, ru);
+               fill_task_billed_usage(p->task, ru);
+               /* fall through */
+
+       case RUSAGE_INFO_V2:
+               fill_task_io_rusage(p->task, ru);
+               /* fall through */
+
+       case RUSAGE_INFO_V1:
+               /*
+                * p->p_stats->ri_child statistics are protected under proc lock.
+                */
+               proc_lock(p);
                 
                 
-               error = copyout((caddr_t)&iop_param, uap->arg, sizeof(iop_param));
+               ri_child = &(p->p_stats->ri_child);
+               ru->ri_child_user_time = ri_child->ri_child_user_time;
+               ru->ri_child_system_time = ri_child->ri_child_system_time;
+               ru->ri_child_pkg_idle_wkups = ri_child->ri_child_pkg_idle_wkups;
+               ru->ri_child_interrupt_wkups = ri_child->ri_child_interrupt_wkups;
+               ru->ri_child_pageins = ri_child->ri_child_pageins;
+               ru->ri_child_elapsed_abstime = ri_child->ri_child_elapsed_abstime;
+
+               proc_unlock(p);
+               /* fall through */
+
+       case RUSAGE_INFO_V0:
+               proc_getexecutableuuid(p, (unsigned char *)&ru->ri_uuid, sizeof (ru->ri_uuid));
+               fill_task_rusage(p->task, ru);
+               ru->ri_proc_start_abstime = p->p_stats->ps_start;
+       }
+}
+
+int
+proc_get_rusage(proc_t p, int flavor, user_addr_t buffer, __unused int is_zombie)
+{
+       rusage_info_current ri_current;
+
+       int error = 0;
+       size_t size = 0;
+
+       switch (flavor) {
+       case RUSAGE_INFO_V0:
+               size = sizeof(struct rusage_info_v0);
                 break;
                 break;
-       default:
-               error = EINVAL; // unknown command
+
+       case RUSAGE_INFO_V1:
+               size = sizeof(struct rusage_info_v1);
+               break;
+
+       case RUSAGE_INFO_V2:
+               size = sizeof(struct rusage_info_v2);
+               break;
+
+       case RUSAGE_INFO_V3:
+               size = sizeof(struct rusage_info_v3);
+               break;
+
+       case RUSAGE_INFO_V4:
+               size = sizeof(struct rusage_info_v4);
                 break;
                 break;
+
+       default:
+               return EINVAL;
+       }
+
+       if(size == 0) {
+               return EINVAL;
+       }
+
+        /*
+        * If task is still alive, collect info from the live task itself.
+        * Otherwise, look to the cached info in the zombie proc.
+        */
+       if (p->p_ru == NULL) {
+               gather_rusage_info(p, &ri_current, flavor);
+               ri_current.ri_proc_exit_abstime = 0;
+               error = copyout(&ri_current, buffer, size);
+       } else {
+               ri_current = p->p_ru->ri;
+               error = copyout(&p->p_ru->ri, buffer, size);
         }
  
         }
  
-  exit:
-       *retval = error;
         return (error);
  }
  
         return (error);
  }
  
+static int
+mach_to_bsd_rv(int mach_rv)
+{
+       int bsd_rv = 0;
  
  
-boolean_t thread_is_io_throttled(void);
+       switch (mach_rv) {
+       case KERN_SUCCESS:
+               bsd_rv = 0;
+               break;
+       case KERN_INVALID_ARGUMENT:
+               bsd_rv = EINVAL;
+               break;
+       default:
+               panic("unknown error %#x", mach_rv);
+       }
+
+       return bsd_rv;
+}
+
+/*
+ * Resource limit controls
+ *
+ * uap->flavor available flavors:
+ *
+ *     RLIMIT_WAKEUPS_MONITOR
+ */
+int
+proc_rlimit_control(__unused struct proc *p, struct proc_rlimit_control_args *uap, __unused int32_t *retval)
+{
+       proc_t  targetp;
+       int     error = 0;
+       struct  proc_rlimit_control_wakeupmon wakeupmon_args;
+       uint32_t cpumon_flags;
+       uint32_t cpulimits_flags;
+       kauth_cred_t my_cred, target_cred;
+
+       /* -1 implicitly means our own process (perhaps even the current thread for per-thread attributes) */
+       if (uap->pid == -1) {
+               targetp = proc_self();
+       } else {
+               targetp = proc_find(uap->pid);
+       }
+
+       /* proc_self() can return NULL for an exiting process */
+       if (targetp == PROC_NULL) {
+               return (ESRCH);
+       }
+
+       my_cred = kauth_cred_get();
+       target_cred = kauth_cred_proc_ref(targetp);
+
+       if (!kauth_cred_issuser(my_cred) && kauth_cred_getruid(my_cred) &&
+           kauth_cred_getuid(my_cred) != kauth_cred_getuid(target_cred) &&
+           kauth_cred_getruid(my_cred) != kauth_cred_getuid(target_cred)) {
+               proc_rele(targetp);
+               kauth_cred_unref(&target_cred);
+               return (EACCES);
+       }
  
  
-boolean_t
-thread_is_io_throttled(void) {
+       switch (uap->flavor) {
+       case RLIMIT_WAKEUPS_MONITOR:
+               if ((error = copyin(uap->arg, &wakeupmon_args, sizeof (wakeupmon_args))) != 0) {
+                       break;
+               }
+               if ((error = mach_to_bsd_rv(task_wakeups_monitor_ctl(targetp->task, &wakeupmon_args.wm_flags,
+                    &wakeupmon_args.wm_rate))) != 0) {
+                       break;
+               }
+               error = copyout(&wakeupmon_args, uap->arg, sizeof (wakeupmon_args));
+               break;
+       case RLIMIT_CPU_USAGE_MONITOR:
+               cpumon_flags = uap->arg; // XXX temporarily stashing flags in argp (12592127)
+               error = mach_to_bsd_rv(task_cpu_usage_monitor_ctl(targetp->task, &cpumon_flags));
+               break;
+       case RLIMIT_THREAD_CPULIMITS:
+               cpulimits_flags = (uint32_t)uap->arg; // only need a limited set of bits, pass in void * argument
  
  
-       int     policy;
-       struct uthread  *ut;
+               if (uap->pid != -1) {
+                       error = EINVAL;
+                       break;
+               }
  
  
-       ut = get_bsdthread_info(current_thread());
+               uint8_t percent = 0;
+               uint32_t ms_refill = 0;
+               uint64_t ns_refill;
  
  
-       if(ut){
-               policy = current_proc()->p_iopol_disk;
+               percent = (uint8_t)(cpulimits_flags & 0xffU);                                   /* low 8 bits for percent */
+               ms_refill = (cpulimits_flags >> 8) & 0xffffff;          /* next 24 bits represent ms refill value */
+               if (percent >= 100) {
+                       error = EINVAL;
+                       break;
+               }
  
  
-               if (ut->uu_iopol_disk != IOPOL_DEFAULT)
-                       policy = ut->uu_iopol_disk;
+               ns_refill = ((uint64_t)ms_refill) * NSEC_PER_MSEC;
  
  
-               if (policy == IOPOL_THROTTLE)
-                       return TRUE;
+               error = mach_to_bsd_rv(thread_set_cpulimit(THREAD_CPULIMIT_BLOCK, percent, ns_refill));
+               break;
+       default:
+               error = EINVAL;
+               break;
         }
         }
-       return FALSE;
+
+       proc_rele(targetp);
+       kauth_cred_unref(&target_cred);
+
+       /*
+        * Return value from this function becomes errno to userland caller.
+        */
+       return (error);
+}
+
+/*
+ * Return the current amount of CPU consumed by this thread (in either user or kernel mode)
+ */
+int thread_selfusage(struct proc *p __unused, struct thread_selfusage_args *uap __unused, uint64_t *retval)
+{
+       uint64_t runtime;
+
+       runtime = thread_get_runtime_self();
+       *retval = runtime;
+
+       return (0);
+}
+
+#if !MONOTONIC
+int thread_selfcounts(__unused struct proc *p, __unused struct thread_selfcounts_args *uap, __unused int *ret_out)
+{
+       return ENOTSUP;
  }
  }
+#endif /* !MONOTONIC */