X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/55e303ae13a4cf49d70f2294092726f2fffb9ef2..cc8bc92ae4a8e9f1a1ab61bf83d34ad8150b3405:/bsd/kern/kern_xxx.c

diff --git a/bsd/kern/kern_xxx.c b/bsd/kern/kern_xxx.c
index 730ec3194..c4674fc33 100644
--- a/bsd/kern/kern_xxx.c
+++ b/bsd/kern/kern_xxx.c
@@ -1,16 +1,19 @@
 /*
- * Copyright (c) 2000-2003 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2009 Apple Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ * 
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
  * 
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
@@ -20,7 +23,7 @@
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
 /*
@@ -57,158 +60,100 @@
  *
  *	@(#)kern_xxx.c	8.2 (Berkeley) 11/14/93
  */
-
-#include <cputypes.h> 
+/*
+ * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
+ * support for mandatory and extensible security protections.  This notice
+ * is included in support of clause 2.2 (b) of the Apple Public License,
+ * Version 2.0.
+ */
 
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
-#include <sys/proc.h>
+#include <sys/proc_internal.h>
+#include <sys/kauth.h>
 #include <sys/reboot.h>
 #include <sys/vm.h>
 #include <sys/sysctl.h>
 #include <sys/buf.h>
 
-#include <sys/mount.h>
+#include <security/audit/audit.h>
 
-#if COMPAT_43
-/* ARGSUSED */
-int
-ogethostid(p, uap, retval)
-struct proc *p;
-void *uap;
-register_t *retval;
-{
+#include <sys/mount_internal.h>
+#include <sys/sysproto.h>
+#if CONFIG_MACF
+#include <security/mac_framework.h>
+#endif
 
-	*retval = hostid;
-	return 0;
-}
+int pshm_cache_purge_all(proc_t p);
+int psem_cache_purge_all(proc_t p);
 
-struct osethostid_args {
-	long hostid;
-};
-/* ARGSUSED */
 int
-osethostid(p, uap, retval)
-struct proc *p;
-register struct osethostid_args *uap;
-register_t *retval;
+reboot(struct proc *p, struct reboot_args *uap, __unused int32_t *retval)
 {
-	int error;
-
-	if (error = suser(p->p_ucred, &p->p_acflag))
-		return (error);
-	hostid = uap->hostid;
-	return (0);
-
-}
-
-struct ogethostname_args {
-		char	*hostname;
-		u_int	len;
-};
-/* ARGSUSED */
-int
-ogethostname(p, uap, retval)
-struct proc *p;
-register struct ogethostname_args *uap;
-register_t *retval;
-{
-	int name;
-
-	name = KERN_HOSTNAME;
+	char message[128];
+	int error=0;
+	size_t dummy=0;
+#if CONFIG_MACF
+	kauth_cred_t my_cred;
+#endif
+
+	AUDIT_ARG(cmd, uap->opt);
+
+	message[0] = '\0';
+
+	if ((error = suser(kauth_cred_get(), &p->p_acflag))) {
+#if (DEVELOPMENT || DEBUG)
+		/* allow non-root user to call panic on dev/debug kernels */
+		if (!(uap->opt & RB_PANIC))
+			return error;
+#else
+		return error;
+#endif
+	}
 
-	return (kern_sysctl(&name, 1, uap->hostname, &uap->len, 0, 0));
-}
+	if (uap->opt & RB_COMMAND)
+                return ENOSYS;
 
-struct osethostname_args {
-		char	*hostname;
-		u_int	len;
-};
-/* ARGSUSED */
-int
-osethostname(p, uap, retval)
-struct proc *p;
-register struct osethostname_args *uap;
-register_t *retval;
-{
-	int name;
-	int error;
+        if (uap->opt & RB_PANIC) {
+		error = copyinstr(uap->command, (void *)message, sizeof(message), (size_t *)&dummy);
+        }
 
-	if (error = suser(p->p_ucred, &p->p_acflag))
+#if CONFIG_MACF
+#if (DEVELOPMENT || DEBUG)
+        if (uap->opt & RB_PANIC) {
+		/* on dev/debug kernels: allow anyone to call panic */
+		goto skip_cred_check;
+	}
+#endif
+	if (error)
 		return (error);
-		
-	name = KERN_HOSTNAME;
-	return (kern_sysctl(&name, 1, 0, 0, uap->hostname,
-	    uap->len));
-}
-
-struct ogetdomainname_args {
-		char	*domainname;
-		int	len;
-};
-/* ARGSUSED */
-int
-ogetdomainname(p, uap, retval)
-struct proc *p;
-register struct ogetdomainname_args *uap;
-register_t *retval;
-{
-	int name;
-	
-	name = KERN_DOMAINNAME;
-	return (kern_sysctl(&name, 1, uap->domainname,
-	    &uap->len, 0, 0));
+	my_cred = kauth_cred_proc_ref(p);
+	error = mac_system_check_reboot(my_cred, uap->opt);
+	kauth_cred_unref(&my_cred);
+#if (DEVELOPMENT || DEBUG)
+skip_cred_check:
+#endif
+#endif
+	if (!error) {
+		OSBitOrAtomic(P_REBOOT, &p->p_flag);  /* No more signals for this proc */
+		error = reboot_kernel(uap->opt, message);
+	}
+	return(error);
 }
 
-struct osetdomainname_args {
-		char	*domainname;
-		u_int	len;
-};
-/* ARGSUSED */
 int
-osetdomainname(p, uap, retval)
-struct proc *p;
-register struct osetdomainname_args *uap;
-register_t *retval;
-{
-	int name;
-	int error;
-
-	if (error = suser(p->p_ucred, &p->p_acflag))
-		return (error);
-	name = KERN_DOMAINNAME;
-	return (kern_sysctl(&name, 1, 0, 0, uap->domainname,
-	    uap->len));
-}
-#endif /* COMPAT_43 */
-
-struct reboot_args {
-		int	opt;
-		char	*command;
-};
-
-reboot(p, uap, retval)
-struct proc *p;
-register struct reboot_args *uap;
-register_t *retval;
+usrctl(struct proc *p, __unused struct usrctl_args *uap, __unused int32_t *retval)
 {
-	char command[64];
-	int error;
-	int dummy=0;
+	if (p != initproc) {
+		return EPERM;
+	}
 
-	command[0] = '\0';
+	int error = 0;
+	error = pshm_cache_purge_all(p);
+	if (error)
+		return error;
 
-	if (error = suser(p->p_cred->pc_ucred, &p->p_acflag))
-		return(error);	
-	
-	if (uap->opt & RB_COMMAND)
-		error = copyinstr((void *)uap->command,
-					(void *)command, sizeof(command), (size_t *)&dummy);
-	if (!error) {
-		SET(p->p_flag, P_REBOOT);	/* No more signals for this proc */
-		boot(RB_BOOT, uap->opt, command);
-	}
-	return(error);
+	error = psem_cache_purge_all(p);
+	return error;
 }
-