]> git.saurik.com Git - apple/xnu.git/blobdiff - osfmk/kern/ipc_host.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-3247.1.106.tar.gz
[apple/xnu.git] / osfmk / kern / ipc_host.c
diff --git a/osfmk/kern/ipc_host.c b/osfmk/kern/ipc_host.c
index 73cc4d4d399224a91042670259023fcdb98906a1..88e629de46e15f76036d459a42737001d95da68b 100644 (file)
--- a/osfmk/kern/ipc_host.c
+++ b/osfmk/kern/ipc_host.c
@@ -76,6 +76,10 @@
 #include <ipc/ipc_port.h>
 #include <ipc/ipc_space.h>
 
+#if CONFIG_MACF
+#include <security/mac_mach_internal.h>
+#endif
+
 /*
  * Forward declarations
  */
@@ -533,7 +537,7 @@ convert_port_to_host_security(
  */
 kern_return_t
 host_set_exception_ports(
-       host_priv_t                             host_priv,
+       host_priv_t                     host_priv,
        exception_mask_t                exception_mask,
        ipc_port_t                      new_port,
        exception_behavior_t            new_behavior,
@@ -546,8 +550,6 @@ host_set_exception_ports(
                return KERN_INVALID_ARGUMENT;
        }
 
-       assert(host_priv == &realhost);
-
        if (exception_mask & ~EXC_MASK_VALID) {
                return KERN_INVALID_ARGUMENT;
        }
@@ -571,6 +573,13 @@ host_set_exception_ports(
        if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor))
                return (KERN_INVALID_ARGUMENT);
 
+#if CONFIG_MACF
+       if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0)
+               return KERN_NO_ACCESS;
+#endif
+
+       assert(host_priv == &realhost);
+
        host_lock(host_priv);
 
        for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
@@ -676,7 +685,7 @@ host_get_exception_ports(
 
 kern_return_t
 host_swap_exception_ports(
-       host_priv_t                             host_priv,
+       host_priv_t                     host_priv,
        exception_mask_t                exception_mask,
        ipc_port_t                      new_port,
        exception_behavior_t            new_behavior,
@@ -713,6 +722,11 @@ host_swap_exception_ports(
        if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor))
                return (KERN_INVALID_ARGUMENT);
 
+#if CONFIG_MACF
+       if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0)
+               return KERN_NO_ACCESS;
+#endif /* CONFIG_MACF */
+
        host_lock(host_priv);
 
        assert(EXC_TYPES_COUNT > FIRST_EXCEPTION);
mirror of XNU