X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/6d2010ae8f7a6078e10b361c6962983bab233e0f..813fb2f63a553c957e917ede5f119b021d6ce391:/security/mac.h

diff --git a/security/mac.h b/security/mac.h
index 3e0cf7a89..9563a7796 100644
--- a/security/mac.h
+++ b/security/mac.h
@@ -97,6 +97,19 @@ struct mac {
 typedef struct mac	*mac_t;
 
 #ifdef KERNEL
+
+#ifndef PRIVATE
+#warning "MAC policy is not KPI, see Technical Q&A QA1574"
+#endif
+
+#if DEBUG
+#define SECURITY_MAC_CTLFLAGS (CTLFLAG_RW | CTLFLAG_LOCKED)
+#define SECURITY_MAC_CHECK_ENFORCE 1
+#else
+#define SECURITY_MAC_CTLFLAGS (CTLFLAG_RD | CTLFLAG_LOCKED)
+#define SECURITY_MAC_CHECK_ENFORCE 0
+#endif
+
 struct user_mac {
 	user_size_t	m_buflen;
 	user_addr_t	m_string;
@@ -147,7 +160,8 @@ struct user64_mac {
 #define MAC_PROC_CHECK_SUSPEND   		0
 #define MAC_PROC_CHECK_RESUME    		1
 #define MAC_PROC_CHECK_HIBERNATE 		2
-#define MAC_PROC_CHECK_SHUTDOWN_SOCKETS	3
+#define MAC_PROC_CHECK_SHUTDOWN_SOCKETS		3
+#define MAC_PROC_CHECK_PIDBIND			4
 
 #ifndef KERNEL
 /*
@@ -166,14 +180,11 @@ __BEGIN_DECLS
 int	 __mac_execve(char *fname, char **argv, char **envv, mac_t _label);
 int	 __mac_get_fd(int _fd, mac_t _label);
 int	 __mac_get_file(const char *_path, mac_t _label);
-int	 __mac_get_lcid(pid_t _lcid, mac_t _label);
-int	 __mac_get_lctx(mac_t _label);
 int	 __mac_get_link(const char *_path, mac_t _label);
 int	 __mac_get_pid(pid_t _pid, mac_t _label);
 int	 __mac_get_proc(mac_t _label);
 int	 __mac_set_fd(int _fildes, const mac_t _label);
 int	 __mac_set_file(const char *_path, mac_t _label);
-int	 __mac_set_lctx(mac_t _label);
 int	 __mac_set_link(const char *_path, mac_t _label);
 int	 __mac_mount(const char *type, const char *path, int flags, void *data,
     struct mac *label);