| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2015 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | #ifndef _SYS_PERSONA_H_ |
| 29 | #define _SYS_PERSONA_H_ |
| 30 | |
| 31 | #ifdef PRIVATE |
| 32 | #include <sys/param.h> |
| 33 | |
| 34 | enum { |
| 35 | PERSONA_INVALID = 0, |
| 36 | PERSONA_GUEST = 1, |
| 37 | PERSONA_MANAGED = 2, |
| 38 | PERSONA_PRIV = 3, |
| 39 | PERSONA_SYSTEM = 4, |
| 40 | |
| 41 | PERSONA_TYPE_MAX = PERSONA_SYSTEM, |
| 42 | }; |
| 43 | |
| 44 | #define PERSONA_ID_NONE ((uid_t)-1) |
| 45 | |
| 46 | struct kpersona_info { |
| 47 | uint32_t persona_info_version; |
| 48 | |
| 49 | uid_t persona_id; /* overlaps with UID */ |
| 50 | int persona_type; |
| 51 | gid_t persona_gid; |
| 52 | uint32_t persona_ngroups; |
| 53 | gid_t persona_groups[NGROUPS]; |
| 54 | uid_t persona_gmuid; |
| 55 | char persona_name[MAXLOGNAME+1]; |
| 56 | |
| 57 | /* TODO: MAC policies?! */ |
| 58 | }; |
| 59 | |
| 60 | #define PERSONA_INFO_V1 1 |
| 61 | #define PERSONA_INFO_V1_SIZE (sizeof(struct kpersona_info)) |
| 62 | |
| 63 | |
| 64 | #define PERSONA_OP_ALLOC 1 |
| 65 | #define PERSONA_OP_DEALLOC 2 |
| 66 | #define PERSONA_OP_GET 3 |
| 67 | #define PERSONA_OP_INFO 4 |
| 68 | #define PERSONA_OP_PIDINFO 5 |
| 69 | #define PERSONA_OP_FIND 6 |
| 70 | |
| 71 | #ifndef KERNEL |
| 72 | /* |
| 73 | * user space persona interface |
| 74 | */ |
| 75 | |
| 76 | /* |
| 77 | * kpersona_alloc: Allocate a new in-kernel persona |
| 78 | * |
| 79 | * Parameters: |
| 80 | * info: Pointer to persona info structure describing the |
| 81 | * attributes of the persona to create / allocate. |
| 82 | * |
| 83 | * id: output: set to the ID of the created persona |
| 84 | * |
| 85 | * Note: |
| 86 | * The 'persona_id' field of the 'info' parameter is ignored. |
| 87 | * |
| 88 | * Return: |
| 89 | * != 0: ERROR |
| 90 | * == 0: Success |
| 91 | */ |
| 92 | int kpersona_alloc(struct kpersona_info *info, uid_t *id); |
| 93 | |
| 94 | /* |
| 95 | * kpersona_dealloc: delete / destroy an in-kernel persona |
| 96 | * |
| 97 | * Parameters: |
| 98 | * id: the ID of the persona to destroy |
| 99 | * |
| 100 | * Return: |
| 101 | * < 0: ERROR |
| 102 | * 0: Success |
| 103 | */ |
| 104 | int kpersona_dealloc(uid_t id); |
| 105 | |
| 106 | |
| 107 | /* |
| 108 | * kpersona_get: retrieve the persona with which the current thread is running |
| 109 | * |
| 110 | * Parameters: |
| 111 | * id: output: will be filled with current thread's persona |
| 112 | * (or current processes persona) on success. |
| 113 | * |
| 114 | * Return: |
| 115 | * < 0: Thread is not running under any persona |
| 116 | * 0: Success (uuid is filled with running persona UUID) |
| 117 | */ |
| 118 | int kpersona_get(uid_t *id); |
| 119 | |
| 120 | |
| 121 | /* |
| 122 | * kpersona_info: gather info about the given persona |
| 123 | * |
| 124 | * Parameters: |
| 125 | * id: ID of the persona to investigate |
| 126 | * |
| 127 | * info: output: filled in with persona attributes on success. |
| 128 | * |
| 129 | * Return: |
| 130 | * < 0: ERROR |
| 131 | * 0: Success |
| 132 | */ |
| 133 | int kpersona_info(uid_t id, struct kpersona_info *info); |
| 134 | |
| 135 | |
| 136 | /* |
| 137 | * kpersona_pidinfo: gather persona info about the given PID |
| 138 | * |
| 139 | * Parameters: |
| 140 | * pid: PID of the process whose persona info we're to return |
| 141 | * |
| 142 | * info: output: filled in with persona attributes on success. |
| 143 | * |
| 144 | * Return: |
| 145 | * < 0: ERROR |
| 146 | * 0: Success |
| 147 | */ |
| 148 | int kpersona_pidinfo(pid_t pid, struct kpersona_info *info); |
| 149 | |
| 150 | |
| 151 | /* |
| 152 | * kpersona_find: lookup the kernel's UUID of a persona |
| 153 | * |
| 154 | * Parameters: |
| 155 | * name: Local login name of the persona. |
| 156 | * Set this to NULL to find personas by 'uid'. |
| 157 | * |
| 158 | * uid: UID of the persona. |
| 159 | * Set this to -1 to find personas by 'name' |
| 160 | * |
| 161 | * id: output: the ID(s) matching the input parameters |
| 162 | * idlen: input - size of 'id' buffer (in number of IDs) |
| 163 | * output - the total required size of the 'id' buffer |
| 164 | * (in number of IDs) - may be larger than input size |
| 165 | * Note: |
| 166 | * At least one of 'name' or 'uid' must be set. |
| 167 | * |
| 168 | * Return: |
| 169 | * < 0: ERROR |
| 170 | * >= 0: The number of IDs found to match the input parameters |
| 171 | */ |
| 172 | int kpersona_find(const char *name, uid_t uid, uid_t *id, size_t *idlen); |
| 173 | #endif /* !KERNEL */ |
| 174 | |
| 175 | #ifdef KERNEL_PRIVATE |
| 176 | /* XNU + kext private interface */ |
| 177 | #include <sys/cdefs.h> |
| 178 | #include <sys/kauth.h> |
| 179 | #include <libkern/libkern.h> |
| 180 | #include <os/refcnt.h> |
| 181 | |
| 182 | #ifdef PERSONA_DEBUG |
| 183 | #include <os/log.h> |
| 184 | #define persona_dbg(fmt, ...) \ |
| 185 | os_log(OS_LOG_DEFAULT, "[%4d] %s: " fmt "\n", \ |
| 186 | current_proc() ? current_proc()->p_pid : -1, \ |
| 187 | __func__, ## __VA_ARGS__) |
| 188 | #else |
| 189 | #define persona_dbg(fmt, ...) do { } while (0) |
| 190 | #endif |
| 191 | |
| 192 | /* |
| 193 | * Persona |
| 194 | */ |
| 195 | #ifdef XNU_KERNEL_PRIVATE |
| 196 | /* only XNU proper needs to see the persona structure */ |
| 197 | struct persona { |
| 198 | os_refcnt_t pna_refcount; |
| 199 | int32_t pna_valid; |
| 200 | |
| 201 | uid_t pna_id; |
| 202 | int pna_type; |
| 203 | char pna_login[MAXLOGNAME+1]; |
| 204 | |
| 205 | kauth_cred_t pna_cred; |
| 206 | uid_t pna_pgid; |
| 207 | |
| 208 | int pna_cred_locked; /* set upon first adoption */ |
| 209 | |
| 210 | LIST_ENTRY(persona) pna_list; |
| 211 | |
| 212 | /* this could go away if we used a coalition */ |
| 213 | LIST_HEAD(, proc) pna_members; |
| 214 | |
| 215 | lck_mtx_t pna_lock; |
| 216 | |
| 217 | /* |
| 218 | * We can add things here such as PID maps, UID maps, etc. |
| 219 | */ |
| 220 | #ifdef PERSONA_DEBUG |
| 221 | char pna_desc[128]; |
| 222 | #endif |
| 223 | }; |
| 224 | |
| 225 | #define persona_lock(persona) lck_mtx_lock(&(persona)->pna_lock) |
| 226 | #define persona_unlock(persona) lck_mtx_unlock(&(persona)->pna_lock) |
| 227 | #define persona_try_lock(persona) lck_mtx_try_lock(&(persona)->pna_lock) |
| 228 | |
| 229 | #define persona_lock_assert_held(persona) \ |
| 230 | LCK_MTX_ASSERT(&(persona)->pna_lock, LCK_MTX_ASSERT_OWNED) |
| 231 | |
| 232 | #ifdef PERSONA_DEBUG |
| 233 | static inline const char *persona_desc(struct persona *persona, int locked) |
| 234 | { |
| 235 | if (!persona) |
| 236 | return "<none>"; |
| 237 | |
| 238 | if (persona->pna_desc[0] != 0) |
| 239 | return persona->pna_desc; |
| 240 | |
| 241 | if (!locked) |
| 242 | persona_lock(persona); |
| 243 | if (persona->pna_desc[0] != 0) |
| 244 | goto out_unlock; |
| 245 | |
| 246 | char *p = &persona->pna_desc[0]; |
| 247 | char *end = p + sizeof(persona->pna_desc) - 1; |
| 248 | |
| 249 | *end = 0; |
| 250 | p += snprintf(p, end - p, "%s/%d:%d", |
| 251 | persona->pna_login, |
| 252 | kauth_cred_getuid(persona->pna_cred), |
| 253 | kauth_cred_getgid(persona->pna_cred)); |
| 254 | |
| 255 | if (p <= end) |
| 256 | *p = 0; |
| 257 | out_unlock: |
| 258 | if (!locked) |
| 259 | persona_unlock(persona); |
| 260 | |
| 261 | return persona->pna_desc; |
| 262 | } |
| 263 | #else /* !PERSONA_DEBUG */ |
| 264 | static inline const char *persona_desc(struct persona *persona, int locked) |
| 265 | { |
| 266 | (void)persona; |
| 267 | (void)locked; |
| 268 | return "<persona>"; |
| 269 | } |
| 270 | #endif |
| 271 | |
| 272 | #else /* !XNU_KERNEL_PRIVATE */ |
| 273 | /* kexts should only see an opaque persona structure */ |
| 274 | struct persona; |
| 275 | #endif |
| 276 | |
| 277 | __BEGIN_DECLS |
| 278 | |
| 279 | #ifndef _KAUTH_CRED_T |
| 280 | #define _KAUTH_CRED_T |
| 281 | typedef struct ucred *kauth_cred_t; |
| 282 | #endif /* !_KAUTH_CRED_T */ |
| 283 | |
| 284 | /* returns the persona ID for the given pesona structure */ |
| 285 | uid_t persona_get_id(struct persona *persona); |
| 286 | |
| 287 | /* returns the type of the persona (see enum above: PERSONA_GUEST, etc.) */ |
| 288 | int persona_get_type(struct persona *persona); |
| 289 | |
| 290 | /* returns ref on kauth_cred_t that must be dropped via kauth_cred_unref() */ |
| 291 | kauth_cred_t persona_get_cred(struct persona *persona); |
| 292 | |
| 293 | /* returns a reference that must be released with persona_put() */ |
| 294 | struct persona *persona_lookup(uid_t id); |
| 295 | |
| 296 | /* |
| 297 | * returns non-zero on error, on success returns 0 and updates 'plen' to |
| 298 | * total found (could be more than original value of 'plen') |
| 299 | */ |
| 300 | int persona_find(const char *login, uid_t uid, |
| 301 | struct persona **persona, size_t *plen); |
| 302 | |
| 303 | /* returns a reference to the persona tied to the current thread */ |
| 304 | struct persona *current_persona_get(void); |
| 305 | |
| 306 | /* get a reference to a persona structure */ |
| 307 | struct persona *persona_get(struct persona *persona); |
| 308 | |
| 309 | /* release a reference to a persona structure */ |
| 310 | void persona_put(struct persona *persona); |
| 311 | |
| 312 | #ifdef XNU_KERNEL_PRIVATE |
| 313 | |
| 314 | #if CONFIG_PERSONAS |
| 315 | #include <sys/proc_internal.h> |
| 316 | |
| 317 | /* |
| 318 | * In-kernel persona API |
| 319 | */ |
| 320 | extern uint32_t g_max_personas; |
| 321 | extern struct persona *g_system_persona; |
| 322 | |
| 323 | void personas_bootstrap(void); |
| 324 | |
| 325 | struct persona *persona_alloc(uid_t id, const char *login, |
| 326 | int type, int *error); |
| 327 | |
| 328 | int persona_init_begin(struct persona *persona); |
| 329 | void persona_init_end(struct persona *persona, int error); |
| 330 | |
| 331 | struct persona *persona_lookup_and_invalidate(uid_t id); |
| 332 | |
| 333 | static inline int proc_has_persona(proc_t p) |
| 334 | { |
| 335 | if (p && p->p_persona) |
| 336 | return 1; |
| 337 | return 0; |
| 338 | } |
| 339 | |
| 340 | static inline uid_t persona_id_from_proc(proc_t p) |
| 341 | { |
| 342 | if (p && p->p_persona) |
| 343 | return p->p_persona->pna_id; |
| 344 | return PERSONA_ID_NONE; |
| 345 | } |
| 346 | |
| 347 | int persona_proc_inherit(proc_t child, proc_t parent); |
| 348 | |
| 349 | int persona_proc_adopt_id(proc_t p, uid_t id, |
| 350 | kauth_cred_t auth_override); |
| 351 | int persona_proc_adopt(proc_t p, struct persona *persona, |
| 352 | kauth_cred_t auth_override); |
| 353 | int persona_proc_drop(proc_t p); |
| 354 | |
| 355 | int persona_set_cred(struct persona *persona, kauth_cred_t cred); |
| 356 | int persona_set_cred_from_proc(struct persona *persona, proc_t proc); |
| 357 | |
| 358 | uid_t persona_get_uid(struct persona *persona); |
| 359 | |
| 360 | int persona_set_gid(struct persona *persona, gid_t gid); |
| 361 | gid_t persona_get_gid(struct persona *persona); |
| 362 | |
| 363 | int persona_set_groups(struct persona *persona, gid_t *groups, unsigned ngroups, uid_t gmuid); |
| 364 | int persona_get_groups(struct persona *persona, unsigned *ngroups, gid_t *groups, unsigned groups_sz); |
| 365 | |
| 366 | uid_t persona_get_gmuid(struct persona *persona); |
| 367 | |
| 368 | int persona_get_login(struct persona *persona, char login[MAXLOGNAME+1]); |
| 369 | |
| 370 | /* returns a reference that must be released with persona_put() */ |
| 371 | struct persona *persona_proc_get(pid_t pid); |
| 372 | |
| 373 | #else /* !CONFIG_PERSONAS */ |
| 374 | |
| 375 | static inline int proc_has_persona(__unused proc_t p) |
| 376 | { |
| 377 | return 0; |
| 378 | } |
| 379 | |
| 380 | static inline uid_t persona_id_from_proc(__unused proc_t p) |
| 381 | { |
| 382 | return PERSONA_ID_NONE; |
| 383 | } |
| 384 | |
| 385 | #endif /* CONFIG_PERSONAS */ |
| 386 | #endif /* XNU_KERNEL_PRIVATE */ |
| 387 | __END_DECLS |
| 388 | |
| 389 | #endif /* KERNEL_PRIVATE */ |
| 390 | |
| 391 | #endif /* PRIVATE */ |
| 392 | #endif /* _SYS_PERSONA_H_ */ |
| 393 |
Generated while processing xnu/bsd/kern/kern_exec.c
Generated on 2018-Dec-24 from project xnu revision 4903.221.2
Powered by 
Code Browser 2.1
Generator usage only permitted with license.