X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/39236c6e673c41db228275375ab7fdb0f837b292..143464d58d2bd6378e74eec636961ceb0d32fb91:/bsd/kern/kern_kpc.c?ds=sidebyside

diff --git a/bsd/kern/kern_kpc.c b/bsd/kern/kern_kpc.c
index 321fa1b5a..9cf0ab817 100644
--- a/bsd/kern/kern_kpc.c
+++ b/bsd/kern/kern_kpc.c
@@ -37,6 +37,7 @@
 #include <kern/kpc.h>
 
 #include <pexpert/pexpert.h>
+#include <kperf/kperf.h>
 
 /* Various sysctl requests */
 #define REQ_CLASSES              (1)
@@ -387,6 +388,24 @@ kpc_sysctl SYSCTL_HANDLER_ARGS
 	if( !kpc_initted )
 		panic("kpc_init not called");
 
+	// Most sysctls require an access check, but a few are public.
+	switch( (uintptr_t) arg1 ) {
+	case REQ_CLASSES:
+	case REQ_CONFIG_COUNT:
+	case REQ_COUNTER_COUNT:
+		// These read-only sysctls are public.
+		break;
+
+	default:
+		// Require kperf access to read or write anything else.
+		// This is either root or the blessed pid.
+		ret = kperf_access_check();
+		if (ret) {
+			return ret;
+		}
+		break;
+	}
+
 	lck_mtx_lock(&sysctl_buffer_lock);
 
 	/* which request */