X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/2d21ac55c334faf3a56e5634905ed6987fc787d4..5ba3f43ea354af8ad55bea84372a2bc834d8757c:/osfmk/kern/ipc_host.c

diff --git a/osfmk/kern/ipc_host.c b/osfmk/kern/ipc_host.c
index 69d620e8c..19a9c0a97 100644
--- a/osfmk/kern/ipc_host.c
+++ b/osfmk/kern/ipc_host.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2009 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
@@ -67,7 +67,6 @@
 #include <mach/host_priv_server.h>
 #include <kern/host.h>
 #include <kern/processor.h>
-#include <kern/lock.h>
 #include <kern/task.h>
 #include <kern/thread.h>
 #include <kern/ipc_host.h>
@@ -77,18 +76,14 @@
 #include <ipc/ipc_port.h>
 #include <ipc/ipc_space.h>
 
+#if CONFIG_MACF
+#include <security/mac_mach_internal.h>
+#endif
+
 /*
  * Forward declarations
  */
 
-void
-ipc_processor_terminate(
-	processor_t	processor);
-
-void
-ipc_processor_disable(
-	processor_t	processor);
-
 boolean_t
 ref_pset_port_locked(
 	ipc_port_t port, boolean_t matchn, processor_set_t *ppset);
@@ -97,12 +92,15 @@ ref_pset_port_locked(
  *	ipc_host_init: set up various things.
  */
 
+extern lck_grp_t		host_notify_lock_grp;
+extern lck_attr_t		host_notify_lock_attr;
+
 void ipc_host_init(void)
 {
 	ipc_port_t	port;
 	int i;
 
-	mutex_init(&realhost.lock, 0);
+	lck_mtx_init(&realhost.lock, &host_notify_lock_grp, &host_notify_lock_attr);
 
 	/*
 	 *	Allocate and set up the two host ports.
@@ -135,6 +133,10 @@ void ipc_host_init(void)
 
 	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
 			realhost.exc_actions[i].port = IP_NULL;
+			/* The mac framework is not yet initialized, so we defer
+			 * initializing the labels to later, when they are set
+			 * for the first time. */
+			realhost.exc_actions[i].label = NULL;
 		}/* for */
 
 	/*
@@ -165,10 +167,13 @@ mach_port_name_t
 host_self_trap(
 	__unused struct host_self_trap_args *args)
 {
+	task_t self = current_task();
 	ipc_port_t sright;
 	mach_port_name_t name;
 
-	sright = ipc_port_copy_send(current_task()->itk_host);
+	itk_lock(self);
+	sright = ipc_port_copy_send(self->itk_host);
+	itk_unlock(self);
 	name = ipc_port_copyout_send(sright, current_space());
 	return name;
 }
@@ -205,51 +210,6 @@ ipc_processor_enable(
 	myport = processor->processor_self;
 	ipc_kobject_set(myport, (ipc_kobject_t) processor, IKOT_PROCESSOR);
 }
-
-/*
- *	ipc_processor_disable:
- *
- *	Disable ipc control of processor by clearing port object.
- */
-void
-ipc_processor_disable(
-	processor_t	processor)
-{
-	ipc_port_t	myport;
-
-	myport = processor->processor_self;
-	if (myport == IP_NULL)
-		return;
-	ipc_kobject_set(myport, IKO_NULL, IKOT_NONE);
-}
-
-/*
- *	ipc_processor_terminate:
- *
- *	Processor is off-line.  Destroy ipc control port.
- */
-void
-ipc_processor_terminate(
-	processor_t	processor)
-{
-	ipc_port_t	myport;
-	spl_t		s;
-
-	s = splsched();
-	processor_lock(processor);
-	myport = processor->processor_self;
-	if (myport == IP_NULL) {
-		processor_unlock(processor);
-		splx(s);
-		return;
-	}
-
-	processor->processor_self = IP_NULL;
-	processor_unlock(processor);
-	splx(s);
-
-	ipc_port_dealloc_kernel(myport);
-}
 	
 /*
  *	ipc_pset_init:
@@ -321,15 +281,12 @@ convert_port_to_host(
 	host_t host = HOST_NULL;
 
 	if (IP_VALID(port)) {
-		ip_lock(port);
-		if (ip_active(port) &&
-		    ((ip_kotype(port) == IKOT_HOST) ||
-		     (ip_kotype(port) == IKOT_HOST_PRIV) 
-		     ))
+		if (ip_kotype(port) == IKOT_HOST ||
+		    ip_kotype(port) == IKOT_HOST_PRIV) {
 			host = (host_t) port->ip_kobject;
-		ip_unlock(port);
+			assert(ip_active(port));
+		}
 	}
-
 	return host;
 }
 
@@ -480,6 +437,7 @@ convert_host_to_port(
  *	Purpose:
  *		Convert from a processor to a port.
  *		Produces a naked send right which may be invalid.
+ *		Processors are not reference counted, so nothing to release.
  *	Conditions:
  *		Nothing locked.
  */
@@ -488,20 +446,10 @@ ipc_port_t
 convert_processor_to_port(
 	processor_t		processor)
 {
-	ipc_port_t port;
-	spl_t	s;
-
-	s = splsched();
-	processor_lock(processor);
-
-	if (processor->processor_self != IP_NULL)
-		port = ipc_port_make_send(processor->processor_self);
-	else
-		port = IP_NULL;
-
-	processor_unlock(processor);
-	splx(s);
+	ipc_port_t port = processor->processor_self;
 
+	if (port != IP_NULL)
+		port = ipc_port_make_send(port);
 	return port;
 }
 
@@ -509,8 +457,8 @@ convert_processor_to_port(
  *	Routine:	convert_pset_to_port
  *	Purpose:
  *		Convert from a pset to a port.
- *		Produces a naked send right
- *		which may be invalid.
+ *		Produces a naked send right which may be invalid.
+ *		Processor sets are not reference counted, so nothing to release.
  *	Conditions:
  *		Nothing locked.
  */
@@ -531,8 +479,8 @@ convert_pset_to_port(
  *	Routine:	convert_pset_name_to_port
  *	Purpose:
  *		Convert from a pset to a port.
- *		Produces a naked send right
- *		which may be invalid.
+ *		Produces a naked send right which may be invalid.
+ *		Processor sets are not reference counted, so nothing to release.
  *	Conditions:
  *		Nothing locked.
  */
@@ -593,22 +541,25 @@ convert_port_to_host_security(
  */
 kern_return_t
 host_set_exception_ports(
-	host_priv_t				host_priv,
+	host_priv_t			host_priv,
 	exception_mask_t		exception_mask,
 	ipc_port_t			new_port,
 	exception_behavior_t		new_behavior,
 	thread_state_flavor_t		new_flavor)
 {
-	register int	i;
+	int	i;
 	ipc_port_t	old_port[EXC_TYPES_COUNT];
 
+#if CONFIG_MACF
+	struct label *deferred_labels[EXC_TYPES_COUNT];
+	struct label *new_label;
+#endif	
+
 	if (host_priv == HOST_PRIV_NULL) {
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	assert(host_priv == &realhost);
-
-	if (exception_mask & ~EXC_MASK_ALL) {
+	if (exception_mask & ~EXC_MASK_VALID) {
 		return KERN_INVALID_ARGUMENT;
 	}
 
@@ -622,30 +573,78 @@ host_set_exception_ports(
 			return KERN_INVALID_ARGUMENT;
 		}
 	}
-	/* Cannot easily check "new_flavor", but that just means that
-	 * the flavor in the generated exception message might be garbage:
-	 * GIGO
+
+	/*
+	 * Check the validity of the thread_state_flavor by calling the
+	 * VALID_THREAD_STATE_FLAVOR architecture dependent macro defined in
+	 * osfmk/mach/ARCHITECTURE/thread_status.h
 	 */
+	if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor))
+		return (KERN_INVALID_ARGUMENT);
+
+#if CONFIG_MACF
+	if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0)
+		return KERN_NO_ACCESS;
+
+	new_label = mac_exc_create_label_for_current_proc();
+
+	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
+		if (host_priv->exc_actions[i].label == NULL) {
+			deferred_labels[i] = mac_exc_create_label();
+		} else {
+			deferred_labels[i] = NULL;
+		}
+	}
+#endif
+
+	assert(host_priv == &realhost);
+
 	host_lock(host_priv);
 
 	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
-		if (exception_mask & (1 << i)) {
+#if CONFIG_MACF
+		if (host_priv->exc_actions[i].label == NULL) {
+			// Lazy initialization (see ipc_port_init).
+			mac_exc_associate_action_label(&host_priv->exc_actions[i], deferred_labels[i]);
+			deferred_labels[i] = NULL; // Label is used, do not free.
+		}
+#endif
+
+		if ((exception_mask & (1 << i))
+#if CONFIG_MACF
+			&& mac_exc_update_action_label(&host_priv->exc_actions[i], new_label) == 0
+#endif
+			) {
 			old_port[i] = host_priv->exc_actions[i].port;
+
 			host_priv->exc_actions[i].port =
 				ipc_port_copy_send(new_port);
 			host_priv->exc_actions[i].behavior = new_behavior;
 			host_priv->exc_actions[i].flavor = new_flavor;
-		} else
+		} else {
 			old_port[i] = IP_NULL;
+		}
 	}/* for */
 
 	/*
 	 * Consume send rights without any lock held.
 	 */
 	host_unlock(host_priv);
-	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++)
+
+#if CONFIG_MACF
+	mac_exc_free_label(new_label);
+#endif
+	
+	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
 		if (IP_VALID(old_port[i]))
 			ipc_port_release_send(old_port[i]);
+#if CONFIG_MACF
+		if (deferred_labels[i] != NULL) {
+			/* Deferred label went unused: Another thread has completed the lazy initialization. */
+			mac_exc_free_label(deferred_labels[i]);
+		}
+#endif
+	}
 	if (IP_VALID(new_port))		 /* consume send right */
 		ipc_port_release_send(new_port);
 
@@ -685,7 +684,7 @@ host_get_exception_ports(
 	if (host_priv == HOST_PRIV_NULL)
 		return KERN_INVALID_ARGUMENT;
 
-	if (exception_mask & ~EXC_MASK_ALL) {
+	if (exception_mask & ~EXC_MASK_VALID) {
 		return KERN_INVALID_ARGUMENT;
 	}
 
@@ -731,7 +730,7 @@ host_get_exception_ports(
 
 kern_return_t
 host_swap_exception_ports(
-	host_priv_t				host_priv,
+	host_priv_t			host_priv,
 	exception_mask_t		exception_mask,
 	ipc_port_t			new_port,
 	exception_behavior_t		new_behavior,
@@ -747,10 +746,15 @@ host_swap_exception_ports(
 			count;
 	ipc_port_t	old_port[EXC_TYPES_COUNT];
 
+#if CONFIG_MACF
+	struct label *deferred_labels[EXC_TYPES_COUNT];
+	struct label *new_label;
+#endif	
+
 	if (host_priv == HOST_PRIV_NULL)
 		return KERN_INVALID_ARGUMENT;
 
-	if (exception_mask & ~EXC_MASK_ALL) {
+	if (exception_mask & ~EXC_MASK_VALID) {
 		return KERN_INVALID_ARGUMENT;
 	}
 
@@ -764,16 +768,42 @@ host_swap_exception_ports(
 			return KERN_INVALID_ARGUMENT;
 		}
 	}
-	/* Cannot easily check "new_flavor", but that just means that
-	 * the flavor in the generated exception message might be garbage:
-	 * GIGO */
 
-	host_lock(host_priv);
+	if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor))
+		return (KERN_INVALID_ARGUMENT);
 
-	count = 0;
+#if CONFIG_MACF
+	if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0)
+		return KERN_NO_ACCESS;
 
+	new_label = mac_exc_create_label_for_current_proc();
+	
 	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
-		if (exception_mask & (1 << i)) {
+		if (host_priv->exc_actions[i].label == NULL) {
+			deferred_labels[i] = mac_exc_create_label();
+		} else {
+			deferred_labels[i] = NULL;
+		}
+	}
+#endif /* CONFIG_MACF */
+
+	host_lock(host_priv);
+
+	assert(EXC_TYPES_COUNT > FIRST_EXCEPTION);
+	for (count=0, i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT && count < *CountCnt; i++) {
+#if CONFIG_MACF
+		if (host_priv->exc_actions[i].label == NULL) {
+			// Lazy initialization (see ipc_port_init).
+			mac_exc_associate_action_label(&host_priv->exc_actions[i], deferred_labels[i]);
+			deferred_labels[i] = NULL; // Label is used, do not free.
+		}
+#endif
+
+		if ((exception_mask & (1 << i))
+#if CONFIG_MACF
+			&& mac_exc_update_action_label(&host_priv->exc_actions[i], new_label) == 0
+#endif
+			) {
 			for (j = 0; j < count; j++) {
 /*
  *				search for an identical entry, if found
@@ -800,20 +830,29 @@ host_swap_exception_ports(
 				ipc_port_copy_send(new_port);
 			host_priv->exc_actions[i].behavior = new_behavior;
 			host_priv->exc_actions[i].flavor = new_flavor;
-			if (count > *CountCnt) {
-				break;
-			}
-		} else
+		} else {
 			old_port[i] = IP_NULL;
+		}
 	}/* for */
 	host_unlock(host_priv);
 
+#if CONFIG_MACF
+	mac_exc_free_label(new_label);
+#endif
+	
 	/*
 	 * Consume send rights without any lock held.
 	 */
-	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++)
+	while (--i >= FIRST_EXCEPTION) {
 		if (IP_VALID(old_port[i]))
 			ipc_port_release_send(old_port[i]);
+#if CONFIG_MACF
+		if (deferred_labels[i] != NULL) {
+			mac_exc_free_label(deferred_labels[i]); // Label unused.
+		}
+#endif
+	}
+
 	if (IP_VALID(new_port))		 /* consume send right */
 		ipc_port_release_send(new_port);
 	*CountCnt = count;