X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/b0d623f7f2ae71ed96e60569f61f9a9a27016e80..d41d1dae2cd00cc08c7982087d1c445180cad9f5:/iokit/Kernel/IOUserClient.cpp?ds=inline

diff --git a/iokit/Kernel/IOUserClient.cpp b/iokit/Kernel/IOUserClient.cpp
index 7f2c78d13..084471c3c 100644
--- a/iokit/Kernel/IOUserClient.cpp
+++ b/iokit/Kernel/IOUserClient.cpp
@@ -851,6 +851,23 @@ static OSDictionary * CopyConsoleUser(UInt32 uid)
     return user;
 }
 
+static bool IOUCIsBackgroundTask(task_t task, bool * isBg)
+{
+    kern_return_t               kr;
+    task_category_policy_data_t info;
+    mach_msg_type_number_t      count = TASK_CATEGORY_POLICY_COUNT;
+    boolean_t                   get_default = false;
+
+    kr = task_policy_get(current_task(),
+                         TASK_CATEGORY_POLICY,
+                         (task_policy_t) &info,
+                         &count,
+                         &get_default);
+
+    *isBg = ((KERN_SUCCESS == kr) && (info.role == TASK_THROTTLE_APPLICATION));
+    return (kr);
+}
+
 IOReturn IOUserClient::clientHasPrivilege( void * securityToken,
                                             const char * privilegeName )
 {
@@ -861,6 +878,18 @@ IOReturn IOUserClient::clientHasPrivilege( void * securityToken,
     OSDictionary *          user;
     bool                    secureConsole;
 
+
+    if (!strncmp(privilegeName, kIOClientPrivilegeForeground, 
+                sizeof(kIOClientPrivilegeForeground)))
+    {
+        bool isBg;
+        kern_return_t kr = IOUCIsBackgroundTask(current_task(), &isBg);
+
+        if (KERN_SUCCESS != kr)
+            return (kr);
+        return (isBg ? kIOReturnNotPrivileged : kIOReturnSuccess);
+    }
+
     if ((secureConsole = !strncmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess,
             sizeof(kIOClientPrivilegeSecureConsoleProcess))))
         task = (task_t)((IOUCProcessToken *)securityToken)->token;
@@ -4082,6 +4111,15 @@ IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArgume
 	if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) )
 	    return (kIOReturnUnsupported);
 
+    if (kIOUCForegroundOnly & method->flags)
+    {
+        bool isBg;
+        kern_return_t kr = IOUCIsBackgroundTask(current_task(), &isBg);
+    
+        if ((KERN_SUCCESS == kr) && isBg)
+            return (kIOReturnNotPermitted);
+    }
+
 	switch (method->flags & kIOUCTypeMask)
 	{
 	    case kIOUCScalarIStructI:
@@ -4125,6 +4163,15 @@ IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArgume
 	if( !(method = getTargetAndMethodForIndex(&object, selector)) )
 	    return (kIOReturnUnsupported);
 
+    if (kIOUCForegroundOnly & method->flags)
+    {
+        bool isBg;
+        kern_return_t kr = IOUCIsBackgroundTask(current_task(), &isBg);
+    
+        if ((KERN_SUCCESS == kr) && isBg)
+            return (kIOReturnNotPermitted);
+    }
+
 	switch (method->flags & kIOUCTypeMask)
 	{
 	    case kIOUCScalarIStructI: