X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/1c79356b52d46aa6b508fb032f5ae709b1f2897b..4a3eedf9ecc9bbe3f3a5c6ce5e53ad199d639d32:/osfmk/ipc/mach_port.c?ds=sidebyside diff --git a/osfmk/ipc/mach_port.c b/osfmk/ipc/mach_port.c index 78afb8353..e220fc9fb 100644 --- a/osfmk/ipc/mach_port.c +++ b/osfmk/ipc/mach_port.c @@ -1,23 +1,29 @@ /* - * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2000-2007 Apple Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * @OSF_COPYRIGHT@ @@ -47,6 +53,13 @@ * any improvements or extensions that they make and grant Carnegie Mellon * the rights to redistribute these changes. */ +/* + * NOTICE: This file was modified by McAfee Research in 2004 to introduce + * support for mandatory and extensible security protections. This notice + * is included in support of clause 2.2 (b) of the Apple Public License, + * Version 2.0. + * Copyright (c) 2005-2006 SPARTA, Inc. + */ /* */ /* @@ -69,8 +82,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -82,7 +95,11 @@ #include #include #include +#include #include +#include + +#include /* * Forward declarations @@ -93,8 +110,7 @@ void mach_port_names_helper( mach_port_name_t name, mach_port_name_t *names, mach_port_type_t *types, - ipc_entry_num_t *actualp, - ipc_space_t space); + ipc_entry_num_t *actualp); void mach_port_gst_helper( ipc_pset_t pset, @@ -121,8 +137,7 @@ mach_port_names_helper( mach_port_name_t name, mach_port_name_t *names, mach_port_type_t *types, - ipc_entry_num_t *actualp, - ipc_space_t space) + ipc_entry_num_t *actualp) { ipc_entry_bits_t bits; ipc_port_request_index_t request; @@ -196,7 +211,6 @@ mach_port_names( mach_port_type_t **typesp, mach_msg_type_number_t *typesCnt) { - ipc_entry_bits_t *capability; ipc_tree_entry_t tentry; ipc_entry_t table; ipc_entry_num_t tsize; @@ -251,11 +265,11 @@ mach_port_names( } size = size_needed; - kr = vm_allocate(ipc_kernel_map, &addr1, size, TRUE); + kr = vm_allocate(ipc_kernel_map, &addr1, size, VM_FLAGS_ANYWHERE); if (kr != KERN_SUCCESS) return KERN_RESOURCE_SHORTAGE; - kr = vm_allocate(ipc_kernel_map, &addr2, size, TRUE); + kr = vm_allocate(ipc_kernel_map, &addr2, size, VM_FLAGS_ANYWHERE); if (kr != KERN_SUCCESS) { kmem_free(ipc_kernel_map, addr1, size); return KERN_RESOURCE_SHORTAGE; @@ -263,13 +277,24 @@ mach_port_names( /* can't fault while we hold locks */ - kr = vm_map_wire(ipc_kernel_map, addr1, addr1 + size, - VM_PROT_READ|VM_PROT_WRITE, FALSE); - assert(kr == KERN_SUCCESS); + kr = vm_map_wire(ipc_kernel_map, vm_map_trunc_page(addr1), + vm_map_round_page(addr1 + size), + VM_PROT_READ|VM_PROT_WRITE, FALSE); + if (kr != KERN_SUCCESS) { + kmem_free(ipc_kernel_map, addr1, size); + kmem_free(ipc_kernel_map, addr2, size); + return KERN_RESOURCE_SHORTAGE; + } + + kr = vm_map_wire(ipc_kernel_map, vm_map_trunc_page(addr2), + vm_map_round_page(addr2 + size), + VM_PROT_READ|VM_PROT_WRITE, FALSE); + if (kr != KERN_SUCCESS) { + kmem_free(ipc_kernel_map, addr1, size); + kmem_free(ipc_kernel_map, addr2, size); + return KERN_RESOURCE_SHORTAGE; + } - kr = vm_map_wire(ipc_kernel_map, addr2, addr2 + size, - VM_PROT_READ|VM_PROT_WRITE, FALSE); - assert(kr == KERN_SUCCESS); } /* space is read-locked and active */ @@ -291,7 +316,7 @@ mach_port_names( name = MACH_PORT_MAKE(index, IE_BITS_GEN(bits)); mach_port_names_helper(timestamp, entry, name, names, - types, &actual, space); + types, &actual); } } @@ -303,7 +328,7 @@ mach_port_names( assert(IE_BITS_TYPE(tentry->ite_bits) != MACH_PORT_TYPE_NONE); mach_port_names_helper(timestamp, entry, name, names, - types, &actual, space); + types, &actual); } ipc_splay_traverse_finish(&space->is_tree); is_read_unlock(space); @@ -328,20 +353,20 @@ mach_port_names( * copied-in form. Free any unused memory. */ - kr = vm_map_unwire(ipc_kernel_map, - addr1, addr1 + vm_size_used, FALSE); + kr = vm_map_unwire(ipc_kernel_map, vm_map_trunc_page(addr1), + vm_map_round_page(addr1 + vm_size_used), FALSE); assert(kr == KERN_SUCCESS); - kr = vm_map_unwire(ipc_kernel_map, - addr2, addr2 + vm_size_used, FALSE); + kr = vm_map_unwire(ipc_kernel_map, vm_map_trunc_page(addr2), + vm_map_round_page(addr2 + vm_size_used), FALSE); assert(kr == KERN_SUCCESS); - kr = vm_map_copyin(ipc_kernel_map, addr1, size_used, - TRUE, &memory1); + kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr1, + (vm_map_size_t)size_used, TRUE, &memory1); assert(kr == KERN_SUCCESS); - kr = vm_map_copyin(ipc_kernel_map, addr2, size_used, - TRUE, &memory2); + kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr2, + (vm_map_size_t)size_used, TRUE, &memory2); assert(kr == KERN_SUCCESS); if (vm_size_used != size) { @@ -499,7 +524,7 @@ mach_port_allocate_name( if (!MACH_PORT_VALID(name)) return KERN_INVALID_VALUE; - kr = mach_port_allocate_full (space, right, SUBSYSTEM_NULL, + kr = mach_port_allocate_full (space, right, MACH_PORT_NULL, &qos, &name); return (kr); } @@ -531,7 +556,7 @@ mach_port_allocate( kern_return_t kr; mach_port_qos_t qos = qos_template; - kr = mach_port_allocate_full (space, right, SUBSYSTEM_NULL, + kr = mach_port_allocate_full (space, right, MACH_PORT_NULL, &qos, namep); return (kr); } @@ -564,50 +589,13 @@ mach_port_allocate_qos( { kern_return_t kr; - if (qosp->name == TRUE) + if (qosp->name) return KERN_INVALID_ARGUMENT; - kr = mach_port_allocate_full (space, right, SUBSYSTEM_NULL, + kr = mach_port_allocate_full (space, right, MACH_PORT_NULL, qosp, namep); return (kr); } -/* - * Routine: mach_port_allocate_subsystem [kernel call] - * Purpose: - * Allocates a receive right in a space. Like - * mach_port_allocate, except that the caller specifies an - * RPC subsystem that is to be used to implement RPC's to the - * port. When possible, allocate rpc subsystem ports without - * nms, since within RPC ports are intended to be used for - * identity only (i.e. nms is painful in the distributed case - * and we don't need or want it for RPC anyway). - * Conditions: - * Nothing locked. - * Returns: - * KERN_SUCCESS The right is allocated. - * KERN_INVALID_TASK The space is null. - * KERN_INVALID_TASK The space is dead. - * KERN_RESOURCE_SHORTAGE Couldn't allocate memory. - * KERN_NO_SPACE No room in space for another right. - * KERN_INVALID_ARGUMENT bogus subsystem - */ - -kern_return_t -mach_port_allocate_subsystem( - ipc_space_t space, - subsystem_t subsystem, - mach_port_name_t *namep) -{ - kern_return_t kr; - ipc_port_t port; - mach_port_qos_t qos = qos_template; - - kr = mach_port_allocate_full (space, - MACH_PORT_RIGHT_RECEIVE, - subsystem, &qos, namep); - return (kr); -} - /* * Routine: mach_port_allocate_full [kernel call] * Purpose: @@ -631,16 +619,19 @@ kern_return_t mach_port_allocate_full( ipc_space_t space, mach_port_right_t right, - subsystem_t subsystem, + mach_port_t proto, mach_port_qos_t *qosp, mach_port_name_t *namep) { - ipc_kmsg_t kmsg; + ipc_kmsg_t kmsg = IKM_NULL; kern_return_t kr; if (space == IS_NULL) return (KERN_INVALID_TASK); + if (proto != MACH_PORT_NULL) + return (KERN_INVALID_VALUE); + if (qosp->name) { if (!MACH_PORT_VALID (*namep)) return (KERN_INVALID_VALUE); @@ -648,19 +639,17 @@ mach_port_allocate_full( return (KERN_FAILURE); } - if (subsystem != SUBSYSTEM_NULL) { - if (right != MACH_PORT_RIGHT_RECEIVE) - return (KERN_INVALID_VALUE); - } - if (qosp->prealloc) { - mach_msg_size_t size = qosp->len + MAX_TRAILER_SIZE; - if (right != MACH_PORT_RIGHT_RECEIVE) - return (KERN_INVALID_VALUE); - kmsg = (ipc_kmsg_t)kalloc(ikm_plus_overhead(size)); - if (kmsg == IKM_NULL) - return (KERN_RESOURCE_SHORTAGE); - ikm_init(kmsg, size); + if (qosp->len > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) { + return KERN_RESOURCE_SHORTAGE; + } else { + mach_msg_size_t size = qosp->len + MAX_TRAILER_SIZE; + if (right != MACH_PORT_RIGHT_RECEIVE) + return (KERN_INVALID_VALUE); + kmsg = (ipc_kmsg_t)ipc_kmsg_alloc(size); + if (kmsg == IKM_NULL) + return (KERN_RESOURCE_SHORTAGE); + } } switch (right) { @@ -673,16 +662,12 @@ mach_port_allocate_full( else kr = ipc_port_alloc(space, namep, &port); if (kr == KERN_SUCCESS) { - if (qosp->prealloc) + if (kmsg != IKM_NULL) ipc_kmsg_set_prealloc(kmsg, port); - if (subsystem != SUBSYSTEM_NULL) { - port->ip_subsystem = &subsystem->user; - subsystem_reference (subsystem); - } ip_unlock(port); - } else if (qosp->prealloc) + } else if (kmsg != IKM_NULL) ipc_kmsg_free(kmsg); break; } @@ -1021,7 +1006,6 @@ mach_port_gst_helper( mach_port_name_t *names, ipc_entry_num_t *actualp) { - ipc_pset_t ip_pset; mach_port_name_t name; assert(port != IP_NULL); @@ -1091,7 +1075,7 @@ mach_port_get_set_status( mach_port_name_t *names; ipc_pset_t pset; - kr = vm_allocate(ipc_kernel_map, &addr, size, TRUE); + kr = vm_allocate(ipc_kernel_map, &addr, size, VM_FLAGS_ANYWHERE); if (kr != KERN_SUCCESS) return KERN_RESOURCE_SHORTAGE; @@ -1179,12 +1163,12 @@ mach_port_get_set_status( * copied-in form. Free any unused memory. */ - kr = vm_map_unwire(ipc_kernel_map, - addr, addr + vm_size_used, FALSE); + kr = vm_map_unwire(ipc_kernel_map, vm_map_trunc_page(addr), + vm_map_round_page(addr + vm_size_used), FALSE); assert(kr == KERN_SUCCESS); - kr = vm_map_copyin(ipc_kernel_map, addr, size_used, - TRUE, &memory); + kr = vm_map_copyin(ipc_kernel_map, (vm_map_address_t)addr, + (vm_map_size_t)size_used, TRUE, &memory); assert(kr == KERN_SUCCESS); if (vm_size_used != size) @@ -1269,7 +1253,7 @@ mach_port_move_member( assert(nset != IPS_NULL); } ip_lock(port); - ipc_pset_remove_all(port); + ipc_pset_remove_from_all(port); if (nset != IPS_NULL) { ips_lock(nset); @@ -1335,9 +1319,6 @@ mach_port_request_notification( ipc_port_t *previousp) { kern_return_t kr; - ipc_entry_t entry; - ipc_port_t port; - if (space == IS_NULL) return KERN_INVALID_TASK; @@ -1349,18 +1330,23 @@ mach_port_request_notification( /* * Requesting notifications on RPC ports is an error. */ - kr = ipc_right_lookup_write(space, name, &entry); - if (kr != KERN_SUCCESS) - return kr; + { + ipc_port_t port; + ipc_entry_t entry; - port = (ipc_port_t) entry->ie_object; + kr = ipc_right_lookup_write(space, name, &entry); + if (kr != KERN_SUCCESS) + return kr; - if (port->ip_subsystem != NULL) { + port = (ipc_port_t) entry->ie_object; + + if (port->ip_subsystem != NULL) { + is_write_unlock(space); + panic("mach_port_request_notification: on RPC port!!"); + return KERN_INVALID_CAPABILITY; + } is_write_unlock(space); - panic("mach_port_request_notification: on RPC port!!"); - return KERN_INVALID_CAPABILITY; } - is_write_unlock(space); #endif /* NOTYET */ @@ -1761,7 +1747,6 @@ mach_port_extract_member( mach_port_name_t name, mach_port_name_t psname) { - mach_port_name_t oldname; ipc_object_t psobj; ipc_object_t obj; kern_return_t kr; @@ -1788,3 +1773,196 @@ mach_port_extract_member( return kr; } +/* + * task_set_port_space: + * + * Set port name space of task to specified size. + */ +kern_return_t +task_set_port_space( + ipc_space_t space, + int table_entries) +{ + kern_return_t kr; + + is_write_lock(space); + kr = ipc_entry_grow_table(space, table_entries); + if (kr == KERN_SUCCESS) + is_write_unlock(space); + return kr; +} + +/* + * Get a (new) label handle representing the given port's port label. + */ +#if CONFIG_MACF_MACH +kern_return_t +mach_get_label( + ipc_space_t space, + mach_port_name_t name, + mach_port_name_t *outlabel) +{ + ipc_entry_t entry; + ipc_port_t port; + struct label outl; + kern_return_t kr; + int dead; + + if (!MACH_PORT_VALID(name)) + return KERN_INVALID_NAME; + + /* Lookup the port name in the task's space. */ + kr = ipc_right_lookup_write(space, name, &entry); + if (kr != KERN_SUCCESS) + return kr; + + port = (ipc_port_t) entry->ie_object; + dead = ipc_right_check(space, port, name, entry); + if (dead) { + is_write_unlock(space); + return KERN_INVALID_RIGHT; + } + /* port is now locked */ + + is_write_unlock(space); + /* Make sure we are not dealing with a label handle. */ + if (ip_kotype(port) == IKOT_LABELH) { + /* already is a label handle! */ + ip_unlock(port); + return KERN_INVALID_ARGUMENT; + } + + /* Copy the port label and stash it in a new label handle. */ + mac_port_label_init(&outl); + mac_port_label_copy(&port->ip_label, &outl); + kr = labelh_new_user(space, &outl, outlabel); + ip_unlock(port); + + return KERN_SUCCESS; +} +#else +kern_return_t +mach_get_label( + __unused ipc_space_t space, + __unused mach_port_name_t name, + __unused mach_port_name_t *outlabel) +{ + return KERN_INVALID_ARGUMENT; +} +#endif + +/* + * also works on label handles + */ +#if CONFIG_MACF_MACH +kern_return_t +mach_get_label_text( + ipc_space_t space, + mach_port_name_t name, + labelstr_t policies, + labelstr_t outlabel) +{ + ipc_entry_t entry; + kern_return_t kr; + struct label *l; + int dead; + + if (space == IS_NULL || space->is_task == NULL) + return KERN_INVALID_TASK; + + if (!MACH_PORT_VALID(name)) + return KERN_INVALID_NAME; + + kr = ipc_right_lookup_write(space, name, &entry); + if (kr != KERN_SUCCESS) + return kr; + + dead = ipc_right_check(space, (ipc_port_t) entry->ie_object, name, + entry); + if (dead) { + is_write_unlock(space); + return KERN_INVALID_RIGHT; + } + /* object (port) is now locked */ + + is_write_unlock (space); + l = io_getlabel(entry->ie_object); + + mac_port_label_externalize(l, policies, outlabel, 512, 0); + + io_unlocklabel(entry->ie_object); + io_unlock(entry->ie_object); + return KERN_SUCCESS; +} +#else +kern_return_t +mach_get_label_text( + __unused ipc_space_t space, + __unused mach_port_name_t name, + __unused labelstr_t policies, + __unused labelstr_t outlabel) +{ + return KERN_INVALID_ARGUMENT; +} +#endif + + +#if CONFIG_MACF_MACH +kern_return_t +mach_set_port_label( + ipc_space_t space, + mach_port_name_t name, + labelstr_t labelstr) +{ + ipc_entry_t entry; + kern_return_t kr; + struct label inl; + ipc_port_t port; + int rc; + + if (space == IS_NULL || space->is_task == NULL) + return KERN_INVALID_TASK; + + if (!MACH_PORT_VALID(name)) + return KERN_INVALID_NAME; + + mac_port_label_init(&inl); + rc = mac_port_label_internalize(&inl, labelstr); + if (rc) + return KERN_INVALID_ARGUMENT; + + kr = ipc_right_lookup_write(space, name, &entry); + if (kr != KERN_SUCCESS) + return kr; + + if (io_otype(entMACry->ie_object) != IOT_PORT) { + is_write_unlock(space); + return KERN_INVALID_RIGHT; + } + + port = (ipc_port_t) entry->ie_object; + ip_lock(port); + + tasklabel_lock(space->is_task); + rc = mac_port_check_label_update(&space->is_task->maclabel, + &port->ip_label, &inl); + tasklabel_unlock(space->is_task); + if (rc) + kr = KERN_NO_ACCESS; + else + mac_port_label_copy(&inl, &port->ip_label); + + ip_unlock(port); + is_write_unlock(space); + return kr; +} +#else +kern_return_t +mach_set_port_label( + ipc_space_t space __unused, + mach_port_name_t name __unused, + labelstr_t labelstr __unused) +{ + return KERN_INVALID_ARGUMENT; +} +#endif