X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/3e170ce000f1506b7b5d2c5c7faec85ceabb573d..813fb2f63a553c957e917ede5f119b021d6ce391:/osfmk/kern/ipc_host.c

diff --git a/osfmk/kern/ipc_host.c b/osfmk/kern/ipc_host.c
index 88e629de4..8e61a5dfe 100644
--- a/osfmk/kern/ipc_host.c
+++ b/osfmk/kern/ipc_host.c
@@ -133,6 +133,10 @@ void ipc_host_init(void)
 
 	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
 			realhost.exc_actions[i].port = IP_NULL;
+			realhost.exc_actions[i].label = NULL;
+			/* The mac framework is not yet initialized, so we defer
+			 * initializing the labels to later, when they are set
+			 * for the first time. */
 		}/* for */
 
 	/*
@@ -163,10 +167,13 @@ mach_port_name_t
 host_self_trap(
 	__unused struct host_self_trap_args *args)
 {
+	task_t self = current_task();
 	ipc_port_t sright;
 	mach_port_name_t name;
 
-	sright = ipc_port_copy_send(current_task()->itk_host);
+	itk_lock(self);
+	sright = ipc_port_copy_send(self->itk_host);
+	itk_unlock(self);
 	name = ipc_port_copyout_send(sright, current_space());
 	return name;
 }
@@ -274,15 +281,12 @@ convert_port_to_host(
 	host_t host = HOST_NULL;
 
 	if (IP_VALID(port)) {
-		ip_lock(port);
-		if (ip_active(port) &&
-		    ((ip_kotype(port) == IKOT_HOST) ||
-		     (ip_kotype(port) == IKOT_HOST_PRIV) 
-		     ))
+		if (ip_kotype(port) == IKOT_HOST ||
+		    ip_kotype(port) == IKOT_HOST_PRIV) {
 			host = (host_t) port->ip_kobject;
-		ip_unlock(port);
+			assert(ip_active(port));
+		}
 	}
-
 	return host;
 }
 
@@ -543,7 +547,7 @@ host_set_exception_ports(
 	exception_behavior_t		new_behavior,
 	thread_state_flavor_t		new_flavor)
 {
-	register int	i;
+	int	i;
 	ipc_port_t	old_port[EXC_TYPES_COUNT];
 
 	if (host_priv == HOST_PRIV_NULL) {
@@ -583,14 +587,27 @@ host_set_exception_ports(
 	host_lock(host_priv);
 
 	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
-		if (exception_mask & (1 << i)) {
+#if CONFIG_MACF
+		if (host_priv->exc_actions[i].label == NULL) {
+			// Lazy initialization (see ipc_port_init).
+			mac_exc_action_label_init(host_priv->exc_actions + i);
+		}
+#endif
+
+		if ((exception_mask & (1 << i))
+#if CONFIG_MACF
+			&& mac_exc_action_label_update(current_task(), host_priv->exc_actions + i) == 0
+#endif
+			) {
 			old_port[i] = host_priv->exc_actions[i].port;
+
 			host_priv->exc_actions[i].port =
 				ipc_port_copy_send(new_port);
 			host_priv->exc_actions[i].behavior = new_behavior;
 			host_priv->exc_actions[i].flavor = new_flavor;
-		} else
+		} else {
 			old_port[i] = IP_NULL;
+		}
 	}/* for */
 
 	/*
@@ -650,6 +667,13 @@ host_get_exception_ports(
 	count = 0;
 
 	for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
+#if CONFIG_MACF
+		if (host_priv->exc_actions[i].label == NULL) {
+			// Lazy initialization (see ipc_port_init).
+			mac_exc_action_label_init(host_priv->exc_actions + i);
+		}
+#endif
+
 		if (exception_mask & (1 << i)) {
 			for (j = 0; j < count; j++) {
 /*
@@ -731,7 +755,18 @@ host_swap_exception_ports(
 
 	assert(EXC_TYPES_COUNT > FIRST_EXCEPTION);
 	for (count=0, i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT && count < *CountCnt; i++) {
-		if (exception_mask & (1 << i)) {
+#if CONFIG_MACF
+		if (host_priv->exc_actions[i].label == NULL) {
+			// Lazy initialization (see ipc_port_init).
+			mac_exc_action_label_init(host_priv->exc_actions + i);
+		}
+#endif
+
+		if ((exception_mask & (1 << i))
+#if CONFIG_MACF
+			&& mac_exc_action_label_update(current_task(), host_priv->exc_actions + i) == 0
+#endif
+			) {
 			for (j = 0; j < count; j++) {
 /*
  *				search for an identical entry, if found