1 | /* |
2 | * Copyright (c) 2004-2010 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | /* |
29 | * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce |
30 | * support for mandatory and extensible security protections. This notice |
31 | * is included in support of clause 2.2 (b) of the Apple Public License, |
32 | * Version 2.0. |
33 | */ |
34 | |
35 | #ifndef _SYS_KAUTH_H |
36 | #define _SYS_KAUTH_H |
37 | |
38 | #include <sys/appleapiopts.h> |
39 | #include <sys/cdefs.h> |
40 | #include <mach/boolean.h> |
41 | #include <machine/types.h> /* u_int8_t, etc. */ |
42 | #include <sys/_types.h> /* __offsetof() */ |
43 | #include <sys/_types/_uid_t.h> /* uid_t */ |
44 | #include <sys/_types/_gid_t.h> /* gid_t */ |
45 | #include <sys/_types/_guid_t.h> |
46 | #include <sys/syslimits.h> /* NGROUPS_MAX */ |
47 | #ifdef KERNEL |
48 | #include <stdbool.h> |
49 | #include <sys/ucred.h> |
50 | #include <sys/lock.h> /* lck_grp_t */ |
51 | #endif /* KERNEL */ |
52 | #if KERNEL_PRIVATE |
53 | #include <kern/smr_types.h> |
54 | #endif |
55 | |
56 | __BEGIN_DECLS |
57 | |
58 | #ifdef __APPLE_API_EVOLVING |
59 | |
60 | /* |
61 | * Identities. |
62 | */ |
63 | |
64 | #define KAUTH_UID_NONE (~(uid_t)0 - 100) /* not a valid UID */ |
65 | #define KAUTH_GID_NONE (~(gid_t)0 - 100) /* not a valid GID */ |
66 | |
67 | /* NT Security Identifier, structure as defined by Microsoft */ |
68 | #pragma pack(1) /* push packing of 1 byte */ |
69 | typedef struct { |
70 | u_int8_t sid_kind; |
71 | u_int8_t sid_authcount; |
72 | u_int8_t sid_authority[6]; |
73 | #define KAUTH_NTSID_MAX_AUTHORITIES 16 |
74 | u_int32_t sid_authorities[KAUTH_NTSID_MAX_AUTHORITIES]; |
75 | } ntsid_t; |
76 | #pragma pack() /* pop packing to previous packing level */ |
77 | #define _NTSID_T |
78 | |
79 | /* valid byte count inside a SID structure */ |
80 | #define KAUTH_NTSID_HDRSIZE (8) |
81 | #define KAUTH_NTSID_SIZE(_s) (KAUTH_NTSID_HDRSIZE + ((_s)->sid_authcount * sizeof(u_int32_t))) |
82 | |
83 | /* |
84 | * External lookup message payload; this structure is shared between the |
85 | * kernel group membership resolver, and the user space group membership |
86 | * resolver daemon, and is use to communicate resolution requests from the |
87 | * kernel to user space, and the result of that request from user space to |
88 | * the kernel. |
89 | */ |
90 | struct kauth_identity_extlookup { |
91 | u_int32_t el_seqno; /* request sequence number */ |
92 | u_int32_t el_result; /* lookup result */ |
93 | #define KAUTH_EXTLOOKUP_SUCCESS 0 /* results here are good */ |
94 | #define KAUTH_EXTLOOKUP_BADRQ 1 /* request badly formatted */ |
95 | #define KAUTH_EXTLOOKUP_FAILURE 2 /* transient failure during lookup */ |
96 | #define KAUTH_EXTLOOKUP_FATAL 3 /* permanent failure during lookup */ |
97 | #define KAUTH_EXTLOOKUP_INPROG 100 /* request in progress */ |
98 | u_int32_t el_flags; |
99 | #define KAUTH_EXTLOOKUP_VALID_UID (1<<0) |
100 | #define KAUTH_EXTLOOKUP_VALID_UGUID (1<<1) |
101 | #define KAUTH_EXTLOOKUP_VALID_USID (1<<2) |
102 | #define KAUTH_EXTLOOKUP_VALID_GID (1<<3) |
103 | #define KAUTH_EXTLOOKUP_VALID_GGUID (1<<4) |
104 | #define KAUTH_EXTLOOKUP_VALID_GSID (1<<5) |
105 | #define KAUTH_EXTLOOKUP_WANT_UID (1<<6) |
106 | #define KAUTH_EXTLOOKUP_WANT_UGUID (1<<7) |
107 | #define KAUTH_EXTLOOKUP_WANT_USID (1<<8) |
108 | #define KAUTH_EXTLOOKUP_WANT_GID (1<<9) |
109 | #define KAUTH_EXTLOOKUP_WANT_GGUID (1<<10) |
110 | #define KAUTH_EXTLOOKUP_WANT_GSID (1<<11) |
111 | #define KAUTH_EXTLOOKUP_WANT_MEMBERSHIP (1<<12) |
112 | #define KAUTH_EXTLOOKUP_VALID_MEMBERSHIP (1<<13) |
113 | #define KAUTH_EXTLOOKUP_ISMEMBER (1<<14) |
114 | #define KAUTH_EXTLOOKUP_VALID_PWNAM (1<<15) |
115 | #define KAUTH_EXTLOOKUP_WANT_PWNAM (1<<16) |
116 | #define KAUTH_EXTLOOKUP_VALID_GRNAM (1<<17) |
117 | #define KAUTH_EXTLOOKUP_WANT_GRNAM (1<<18) |
118 | #define KAUTH_EXTLOOKUP_VALID_SUPGRPS (1<<19) |
119 | #define KAUTH_EXTLOOKUP_WANT_SUPGRPS (1<<20) |
120 | |
121 | __darwin_pid_t el_info_pid; /* request on behalf of PID */ |
122 | u_int64_t el_extend; /* extension field */ |
123 | u_int32_t el_info_reserved_1; /* reserved (APPLE) */ |
124 | |
125 | uid_t el_uid; /* user ID */ |
126 | guid_t el_uguid; /* user GUID */ |
127 | u_int32_t el_uguid_valid; /* TTL on translation result (seconds) */ |
128 | ntsid_t el_usid; /* user NT SID */ |
129 | u_int32_t el_usid_valid; /* TTL on translation result (seconds) */ |
130 | gid_t el_gid; /* group ID */ |
131 | guid_t el_gguid; /* group GUID */ |
132 | u_int32_t el_gguid_valid; /* TTL on translation result (seconds) */ |
133 | ntsid_t el_gsid; /* group SID */ |
134 | u_int32_t el_gsid_valid; /* TTL on translation result (seconds) */ |
135 | u_int32_t el_member_valid; /* TTL on group lookup result */ |
136 | u_int32_t el_sup_grp_cnt; /* count of supplemental groups up to NGROUPS */ |
137 | gid_t el_sup_groups[NGROUPS_MAX]; /* supplemental group list */ |
138 | }; |
139 | |
140 | struct kauth_cache_sizes { |
141 | u_int32_t kcs_group_size; |
142 | u_int32_t kcs_id_size; |
143 | }; |
144 | |
145 | #define KAUTH_EXTLOOKUP_REGISTER (0) |
146 | #define KAUTH_EXTLOOKUP_RESULT (1<<0) |
147 | #define KAUTH_EXTLOOKUP_WORKER (1<<1) |
148 | #define KAUTH_EXTLOOKUP_DEREGISTER (1<<2) |
149 | #define KAUTH_GET_CACHE_SIZES (1<<3) |
150 | #define KAUTH_SET_CACHE_SIZES (1<<4) |
151 | #define KAUTH_CLEAR_CACHES (1<<5) |
152 | |
153 | #define IDENTITYSVC_ENTITLEMENT "com.apple.private.identitysvc" |
154 | |
155 | #ifdef KERNEL |
156 | #pragma mark - kauth_cred |
157 | |
158 | /*! |
159 | * @brief |
160 | * Retains a credential data structure. |
161 | * |
162 | * @Description |
163 | * The reference returned must be released with @c kauth_cred_unref(). |
164 | */ |
165 | extern void kauth_cred_ref(kauth_cred_t cred); |
166 | |
167 | /*! |
168 | * @brief |
169 | * Releases a credential data structure, and nils out the pointer. |
170 | * |
171 | * @Description |
172 | * @c credp must be non NULL, but can point to a NULL/NOCRED credential. |
173 | */ |
174 | extern void kauth_cred_unref(kauth_cred_t *credp); |
175 | |
176 | |
177 | /*! |
178 | * @brief |
179 | * Returns the current thread assumed credentials. |
180 | * |
181 | * @discussion |
182 | * These might differ from the proc's credential if settid() has been called. |
183 | * This never returns NULL/NOCRED. |
184 | * |
185 | * This function doesn't take a reference, and the returned pointer is valid |
186 | * for the duration of the current syscall. |
187 | * |
188 | * This function returns cached credentials without a reference which are valid |
189 | * for the duration of a MACF hook. If a copy of this pointer has to be stashed, |
190 | * the credentials must be retained with kauth_cred_ref(). |
191 | * |
192 | * (this function should really be called @c current_thread_cred()) |
193 | */ |
194 | extern kauth_cred_t kauth_cred_get(void) __pure2; |
195 | #define current_thread_cred() kauth_cred_get() |
196 | |
197 | /*! |
198 | * @brief |
199 | * Returns the current MAC label slot value for the thread assumed credentials. |
200 | * |
201 | * @discussion |
202 | * These might differ from the proc's credential if settid() has been called. |
203 | */ |
204 | extern intptr_t current_thread_cred_label_get(int slot) __pure2; |
205 | |
206 | /*! |
207 | * @brief |
208 | * Returns the current thread assumed credentials, with a reference. |
209 | * |
210 | * @discussion |
211 | * These might differ from the proc's credential if settid() has been called. |
212 | * This never returns NULL/NOCRED. |
213 | * |
214 | * The caller must call kauth_cred_unref() to dispose of the returned value. |
215 | * |
216 | * This is equivalent to @c kauth_cred_ref(kauth_cred_get()) |
217 | * |
218 | * (this function should really be called @c current_thread_cred_ref()) |
219 | */ |
220 | extern kauth_cred_t kauth_cred_get_with_ref(void); |
221 | #define current_thread_cred_ref() kauth_cred_get_with_ref() |
222 | |
223 | /*! |
224 | * @brief |
225 | * Returns the current cached proc credentials. |
226 | * |
227 | * @discussion |
228 | * This function will panic if its argument is neither PROC_NULL nor |
229 | * current_proc() (this can be used to protect against programming mistakes |
230 | * assuming the incorrect context). |
231 | * |
232 | * Note that this function returns the credential the proc had |
233 | * at the time of the last syscall this thread performed. |
234 | * |
235 | * This function returns cached credentials without a reference which are valid |
236 | * for the duration of a syscall only. If a copy of this pointer has to be |
237 | * stashed, the credentials must be retained with kauth_cred_ref(). |
238 | * |
239 | * For the freshest credentials, kauth_cred_proc_ref() |
240 | * must be used against @c current_proc(). |
241 | * |
242 | * This never returns NULL/NOCRED. |
243 | */ |
244 | extern kauth_cred_t current_cached_proc_cred(proc_t) __pure2; |
245 | |
246 | /*! |
247 | * @brief |
248 | * Returns the current MAC label slot value for the cached proc credentials. |
249 | */ |
250 | extern intptr_t current_cached_proc_label_get(int slot) __pure2; |
251 | |
252 | /*! |
253 | * @brief |
254 | * Returns the current cached proc credentials, with a reference. |
255 | * |
256 | * @discussion |
257 | * This function will panic if its argument is neither PROC_NULL nor |
258 | * current_proc() (this can be used to protect against programming mistakes |
259 | * assuming the incorrect context). |
260 | * |
261 | * Note that this function returns the credential the proc had |
262 | * at the time of the last syscall this thread performed. |
263 | * |
264 | * For the freshest credentials, kauth_cred_proc_ref() |
265 | * must be used against @c current_proc(). |
266 | * |
267 | * The caller must call kauth_cred_unref() to dispose of the returned value. |
268 | * |
269 | * This never returns NULL/NOCRED. |
270 | */ |
271 | extern kauth_cred_t current_cached_proc_cred_ref(proc_t); |
272 | |
273 | /*! |
274 | * @brief |
275 | * Returns the specified proc credentials, with a reference. |
276 | * |
277 | * @discussion |
278 | * The caller must call kauth_cred_unref() to dispose of the returned value. |
279 | * This never returns NULL/NOCRED. |
280 | * |
281 | * The caller must call kauth_cred_unref() to dispose of the returned value. |
282 | */ |
283 | extern kauth_cred_t kauth_cred_proc_ref(proc_t procp); |
284 | |
285 | /*! |
286 | * @brief |
287 | * Returns the specified proc credentials, with a reference, or NOCRED. |
288 | * |
289 | * @discussion |
290 | * The caller must call kauth_cred_unref() to dispose of the returned value. |
291 | */ |
292 | extern kauth_cred_t kauth_cred_proc_ref_for_pid(pid_t pid); |
293 | |
294 | /*! |
295 | * @brief |
296 | * Returns the specified proc credentials, with a reference, or NOCRED. |
297 | * |
298 | * @discussion |
299 | * The caller must call kauth_cred_unref() to dispose of the returned value. |
300 | */ |
301 | extern kauth_cred_t kauth_cred_proc_ref_for_pidversion(pid_t pid, uint32_t version); |
302 | |
303 | |
304 | /*! |
305 | * @brief |
306 | * Obsolete way to create a valid posix-only credential structure out of |
307 | * a model, DO NOT USE. |
308 | */ |
309 | extern kauth_cred_t kauth_cred_create(kauth_cred_t cred); |
310 | |
311 | |
312 | #pragma mark kauth_cred: accessors |
313 | |
314 | /*! |
315 | * @brief |
316 | * Returns the effective user ID for the specified @c kauth_cred_t. |
317 | */ |
318 | extern uid_t kauth_cred_getuid(kauth_cred_t _cred); |
319 | |
320 | /*! |
321 | * @brief |
322 | * Returns the real user ID for the specified @c kauth_cred_t. |
323 | */ |
324 | extern uid_t kauth_cred_getruid(kauth_cred_t _cred); |
325 | |
326 | /*! |
327 | * @brief |
328 | * Returns the saved user ID for the specified @c kauth_cred_t. |
329 | */ |
330 | extern uid_t kauth_cred_getsvuid(kauth_cred_t _cred); |
331 | |
332 | /*! |
333 | * @brief |
334 | * Returns whether the current credential effective user ID is the super user. |
335 | */ |
336 | extern int kauth_cred_issuser(kauth_cred_t _cred); |
337 | |
338 | /*! |
339 | * @brief |
340 | * Returns the effective group ID for the specified @c kauth_cred_t. |
341 | */ |
342 | extern gid_t kauth_cred_getgid(kauth_cred_t _cred); |
343 | |
344 | /*! |
345 | * @brief |
346 | * Returns the real group ID for the specified @c kauth_cred_t. |
347 | */ |
348 | extern gid_t kauth_cred_getrgid(kauth_cred_t _cred); |
349 | |
350 | /*! |
351 | * @brief |
352 | * Returns the saved group ID for the specified @c kauth_cred_t. |
353 | */ |
354 | extern gid_t kauth_cred_getsvgid(kauth_cred_t _cred); |
355 | |
356 | /*! |
357 | * @brief |
358 | * Returns the effective user ID for the current thread. |
359 | * |
360 | * @Description |
361 | * Equivalent to @c kauth_getuid(kauth_cred_get()) |
362 | */ |
363 | extern uid_t kauth_getuid(void); |
364 | |
365 | /*! |
366 | * @brief |
367 | * Returns the real user ID for the current thread. |
368 | * |
369 | * @Description |
370 | * Equivalent to @c kauth_getruid(kauth_cred_get()) |
371 | */ |
372 | extern uid_t kauth_getruid(void); |
373 | |
374 | /*! |
375 | * @brief |
376 | * Returns the effective group ID for the current thread. |
377 | * |
378 | * @Description |
379 | * Equivalent to @c kauth_getgid(kauth_cred_get()) |
380 | */ |
381 | extern gid_t kauth_getgid(void); |
382 | |
383 | /*! |
384 | * @brief |
385 | * Returns the real group ID for the current thread. |
386 | * |
387 | * @Description |
388 | * Equivalent to @c kauth_getrgid(kauth_cred_get()) |
389 | */ |
390 | extern gid_t kauth_getrgid(void); |
391 | |
392 | |
393 | #pragma mark kauth_cred: MACF label updates |
394 | |
395 | struct label; |
396 | |
397 | /*! |
398 | * @brief |
399 | * Updates the MAC label associated with a credential. |
400 | * |
401 | * @discussion |
402 | * This function returns a new credential where the passed |
403 | * in label is updated with the specified one. |
404 | * |
405 | * This will cause the @c cred_label_associate() MAC hook to be invoked |
406 | * first (so that all MAC policies have a chance to make the newly formed |
407 | * credential inherit labels) then the @c cred_label_update() hook |
408 | * (which will allow the newly made credential labels to be overridden). |
409 | * |
410 | * This never returns NULL/NOCRED. |
411 | * |
412 | * @param cred (ref consumed) the credentials to use as a model. |
413 | * @param label the model label to copy from. |
414 | */ |
415 | extern kauth_cred_t kauth_cred_label_update( |
416 | kauth_cred_t cred, |
417 | struct label *label); |
418 | |
419 | |
420 | /*! |
421 | * @brief |
422 | * Updates the MAC label insde the proc's credentials. |
423 | * |
424 | * @discussion |
425 | * This function applies @c kauth_cred_label_update() to the specified |
426 | * process's credntials, and updates the process's credentials |
427 | * with the outcome. |
428 | * |
429 | * This function never fails (returns 0 all the time). |
430 | * |
431 | * @param proc the process which creedntials must be updated. |
432 | * @param label the model label to copy from. |
433 | */ |
434 | extern int kauth_proc_label_update( |
435 | struct proc *proc, |
436 | struct label *label); |
437 | |
438 | |
439 | #pragma mark kauth_cred: group membership (private API) |
440 | /* |
441 | * This part of the kernel is considered private and prototypes |
442 | * will be eventually be removed from the public headers. |
443 | */ |
444 | |
445 | extern int kauth_cred_pwnam2guid(char *pwnam, guid_t *guidp); |
446 | extern int kauth_cred_grnam2guid(char *grnam, guid_t *guidp); |
447 | extern int kauth_cred_guid2pwnam(guid_t *guidp, char *pwnam); |
448 | extern int kauth_cred_guid2grnam(guid_t *guidp, char *grnam); |
449 | extern int kauth_cred_guid2uid(guid_t *_guid, uid_t *_uidp); |
450 | extern int kauth_cred_guid2gid(guid_t *_guid, gid_t *_gidp); |
451 | extern int kauth_cred_ntsid2uid(ntsid_t *_sid, uid_t *_uidp); |
452 | extern int kauth_cred_ntsid2gid(ntsid_t *_sid, gid_t *_gidp); |
453 | extern int kauth_cred_ntsid2guid(ntsid_t *_sid, guid_t *_guidp); |
454 | extern int kauth_cred_uid2guid(uid_t _uid, guid_t *_guidp); |
455 | extern int kauth_cred_getguid(kauth_cred_t _cred, guid_t *_guidp); |
456 | extern int kauth_cred_gid2guid(gid_t _gid, guid_t *_guidp); |
457 | extern int kauth_cred_uid2ntsid(uid_t _uid, ntsid_t *_sidp); |
458 | extern int kauth_cred_getntsid(kauth_cred_t _cred, ntsid_t *_sidp); |
459 | extern int kauth_cred_gid2ntsid(gid_t _gid, ntsid_t *_sidp); |
460 | extern int kauth_cred_guid2ntsid(guid_t *_guid, ntsid_t *_sidp); |
461 | extern int kauth_cred_ismember_gid(kauth_cred_t _cred, gid_t _gid, int *_resultp); |
462 | extern int kauth_cred_ismember_guid(kauth_cred_t _cred, guid_t *_guidp, int *_resultp); |
463 | extern int kauth_cred_nfs4domain2dsnode(char *nfs4domain, char *dsnode); |
464 | extern int kauth_cred_dsnode2nfs4domain(char *dsnode, char *nfs4domain); |
465 | |
466 | extern int groupmember(gid_t gid, kauth_cred_t cred); |
467 | |
468 | |
469 | #ifdef KERNEL_PRIVATE |
470 | #pragma mark kauth_cred: private KPI |
471 | |
472 | extern int kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, size_t *_groupcount); |
473 | |
474 | #endif /* KERNEL_PRIVATE */ |
475 | #ifdef XNU_KERNEL_PRIVATE |
476 | #pragma mark kauth_cred: XNU only |
477 | #pragma GCC visibility push(hidden) |
478 | |
479 | extern lck_grp_t kauth_lck_grp; |
480 | |
481 | extern void kauth_init(void); |
482 | |
483 | #pragma mark XNU only: kauth_cred interfaces |
484 | |
485 | extern kauth_cred_t posix_cred_create(posix_cred_t pcred); |
486 | extern posix_cred_t posix_cred_get(kauth_cred_t cred) __pure2; |
487 | extern int posix_cred_access(kauth_cred_t cred, id_t object_uid, id_t object_gid, mode_t object_mode, mode_t mode_req); |
488 | |
489 | extern int cantrace(proc_t cur_procp, kauth_cred_t creds, proc_t traced_procp, int *errp); |
490 | extern kauth_cred_t kauth_cred_copy_real(kauth_cred_t cred); |
491 | |
492 | |
493 | /*! |
494 | * @brief |
495 | * Type of functions used to derive credentials from an original one. |
496 | * |
497 | * @description |
498 | * The @c model argument is an on-stack template that is to be mutated |
499 | * in place, and that will be used to make the derived credential. |
500 | * |
501 | * The function should return false if it made no modifications, |
502 | * and true if it did (it is OK to return true incorrectly, |
503 | * it is just a little less efficient). |
504 | */ |
505 | typedef bool (^kauth_cred_derive_t)(kauth_cred_t parent, kauth_cred_t model); |
506 | |
507 | /*! |
508 | * @brief |
509 | * Derive a credential from a given cred. |
510 | * |
511 | * @description |
512 | * This function never returns NULL. |
513 | */ |
514 | extern kauth_cred_t kauth_cred_derive(kauth_cred_t cred, kauth_cred_derive_t fn); |
515 | |
516 | __enum_decl(proc_settoken_t, uint32_t, { |
517 | PROC_SETTOKEN_NONE = 0x0000, |
518 | PROC_SETTOKEN_LAZY = 0x0001, /* set the security token on change */ |
519 | PROC_SETTOKEN_ALWAYS = 0x0002, /* set the security token all the time */ |
520 | PROC_SETTOKEN_SETUGID = 0x0003, /* PROC_SETTOKEN_LAZY + set P_SUGID */ |
521 | }); |
522 | |
523 | /*! |
524 | * @brief |
525 | * Update the credential on the specified proc. |
526 | * |
527 | * @description |
528 | * The function returns true if an update took place. |
529 | */ |
530 | extern bool kauth_cred_proc_update(proc_t p, proc_settoken_t action, kauth_cred_derive_t fn); |
531 | |
532 | extern bool kauth_cred_model_setresuid(kauth_cred_t model, uid_t ruid, uid_t euid, uid_t svuid, uid_t gmuid); |
533 | extern bool kauth_cred_model_setresgid(kauth_cred_t model, gid_t rgid, gid_t egid, gid_t svgid); |
534 | extern bool kauth_cred_model_setuidgid(kauth_cred_t model, uid_t uid, gid_t gid); |
535 | extern bool kauth_cred_model_setgroups(kauth_cred_t model, gid_t *groups, size_t groupcount, uid_t gmuid); |
536 | extern bool kauth_cred_model_setauditinfo(kauth_cred_t model, au_session_t *); |
537 | |
538 | extern void kauth_cred_thread_update(struct thread *, proc_t); |
539 | #ifdef CONFIG_MACF |
540 | extern void kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, off_t offset, struct vnode *scriptvp, struct label *scriptlabel, struct label *execlabel, unsigned int *csflags, void *psattr, int *disjoint, int *update_return); |
541 | #endif |
542 | extern int kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp); |
543 | |
544 | extern kauth_cred_t kauth_cred_require(kauth_cred_t cred) __pure2; |
545 | |
546 | extern void kauth_cred_set(kauth_cred_t *credp, kauth_cred_t new_cred); |
547 | #if CONFIG_EXT_RESOLVER |
548 | extern void kauth_resolver_identity_reset(void); |
549 | #endif |
550 | |
551 | /* update the thread's proc cred cache, called on syscall entry */ |
552 | extern void current_cached_proc_cred_update(void); |
553 | |
554 | /* |
555 | * `kauth_cred_set` and `kauth_cred_unref` take pointers to a |
556 | * `kauth_cred_t`, which the compiler considers strictly different from a |
557 | * pointer to a signed `kauth_cred_t` (as it should do). These macros |
558 | * therefore authenticate the arguments into naked locals, pass them to the |
559 | * function and then write back the results, signing them in the process. |
560 | */ |
561 | #define kauth_cred_set(credp, new_cred) \ |
562 | do { \ |
563 | kauth_cred_t _cred __single = *(credp); \ |
564 | (kauth_cred_set)(&_cred, (new_cred)); \ |
565 | *(credp) = _cred; \ |
566 | } while (0) |
567 | |
568 | #define kauth_cred_unref(credp) \ |
569 | do { \ |
570 | kauth_cred_t _credp __single = *(credp); \ |
571 | (kauth_cred_unref)(&_credp); \ |
572 | *(credp) = _credp; \ |
573 | } while (0) |
574 | |
575 | #pragma GCC visibility pop |
576 | #endif /* XNU_KERNEL_PRIVATE */ |
577 | #endif /* KERNEL */ |
578 | #if defined(KERNEL) || defined (_SYS_ACL_H) |
579 | #pragma mark - kauth |
580 | #pragma mark kauth: Generic Access Control Lists. |
581 | |
582 | typedef u_int32_t kauth_ace_rights_t; |
583 | |
584 | /* Access Control List Entry (ACE) */ |
585 | struct kauth_ace { |
586 | guid_t ace_applicable; |
587 | u_int32_t ace_flags; |
588 | #define KAUTH_ACE_KINDMASK 0xf |
589 | #define KAUTH_ACE_PERMIT 1 |
590 | #define KAUTH_ACE_DENY 2 |
591 | #define KAUTH_ACE_AUDIT 3 /* not implemented */ |
592 | #define KAUTH_ACE_ALARM 4 /* not implemented */ |
593 | #define KAUTH_ACE_INHERITED (1<<4) |
594 | #define KAUTH_ACE_FILE_INHERIT (1<<5) |
595 | #define KAUTH_ACE_DIRECTORY_INHERIT (1<<6) |
596 | #define KAUTH_ACE_LIMIT_INHERIT (1<<7) |
597 | #define KAUTH_ACE_ONLY_INHERIT (1<<8) |
598 | #define KAUTH_ACE_SUCCESS (1<<9) /* not implemented (AUDIT/ALARM) */ |
599 | #define KAUTH_ACE_FAILURE (1<<10) /* not implemented (AUDIT/ALARM) */ |
600 | /* All flag bits controlling ACE inheritance */ |
601 | #define KAUTH_ACE_INHERIT_CONTROL_FLAGS \ |
602 | (KAUTH_ACE_FILE_INHERIT | \ |
603 | KAUTH_ACE_DIRECTORY_INHERIT | \ |
604 | KAUTH_ACE_LIMIT_INHERIT | \ |
605 | KAUTH_ACE_ONLY_INHERIT) |
606 | kauth_ace_rights_t ace_rights; /* scope specific */ |
607 | /* These rights are never tested, but may be present in an ACL */ |
608 | #define KAUTH_ACE_GENERIC_ALL (1<<21) |
609 | #define KAUTH_ACE_GENERIC_EXECUTE (1<<22) |
610 | #define KAUTH_ACE_GENERIC_WRITE (1<<23) |
611 | #define KAUTH_ACE_GENERIC_READ (1<<24) |
612 | }; |
613 | |
614 | #ifndef _KAUTH_ACE |
615 | #define _KAUTH_ACE |
616 | typedef struct kauth_ace *kauth_ace_t; |
617 | #endif |
618 | |
619 | |
620 | /* Access Control List */ |
621 | struct kauth_acl { |
622 | u_int32_t acl_entrycount; |
623 | u_int32_t acl_flags; |
624 | |
625 | struct kauth_ace acl_ace[1]; |
626 | }; |
627 | |
628 | /* |
629 | * XXX this value needs to be raised - 3893388 |
630 | */ |
631 | #define KAUTH_ACL_MAX_ENTRIES 128 |
632 | |
633 | /* |
634 | * The low 16 bits of the flags field are reserved for filesystem |
635 | * internal use and must be preserved by all APIs. This includes |
636 | * round-tripping flags through user-space interfaces. |
637 | */ |
638 | #define KAUTH_ACL_FLAGS_PRIVATE (0xffff) |
639 | |
640 | /* |
641 | * The high 16 bits of the flags are used to store attributes and |
642 | * to request specific handling of the ACL. |
643 | */ |
644 | |
645 | /* inheritance will be deferred until the first rename operation */ |
646 | #define KAUTH_ACL_DEFER_INHERIT (1<<16) |
647 | /* this ACL must not be overwritten as part of an inheritance operation */ |
648 | #define KAUTH_ACL_NO_INHERIT (1<<17) |
649 | |
650 | /* acl_entrycount that tells us the ACL is not valid */ |
651 | #define KAUTH_FILESEC_NOACL ((u_int32_t)(-1)) |
652 | |
653 | /* |
654 | * If the acl_entrycount field is KAUTH_FILESEC_NOACL, then the size is the |
655 | * same as a kauth_acl structure; the intent is to put an actual entrycount of |
656 | * KAUTH_FILESEC_NOACL on disk to distinguish a kauth_filesec_t with an empty |
657 | * entry (Windows treats this as "deny all") from one that merely indicates a |
658 | * file group and/or owner guid values. |
659 | */ |
660 | #define KAUTH_ACL_SIZE(c) (__offsetof(struct kauth_acl, acl_ace) + ((u_int32_t)(c) != KAUTH_FILESEC_NOACL ? ((c) * sizeof(struct kauth_ace)) : 0)) |
661 | #define KAUTH_ACL_COPYSIZE(p) KAUTH_ACL_SIZE((p)->acl_entrycount) |
662 | |
663 | |
664 | #ifndef _KAUTH_ACL |
665 | #define _KAUTH_ACL |
666 | typedef struct kauth_acl *kauth_acl_t; |
667 | #endif |
668 | |
669 | #ifdef KERNEL |
670 | kauth_acl_t kauth_acl_alloc(int size); |
671 | void kauth_acl_free(kauth_acl_t fsp); |
672 | #endif |
673 | |
674 | |
675 | /* |
676 | * Extended File Security. |
677 | */ |
678 | |
679 | /* File Security information */ |
680 | struct kauth_filesec { |
681 | u_int32_t fsec_magic; |
682 | #define KAUTH_FILESEC_MAGIC 0x012cc16d |
683 | guid_t fsec_owner; |
684 | guid_t fsec_group; |
685 | |
686 | struct kauth_acl fsec_acl; |
687 | }; |
688 | |
689 | /* backwards compatibility */ |
690 | #define fsec_entrycount fsec_acl.acl_entrycount |
691 | #define fsec_flags fsec_acl.acl_flags |
692 | #define fsec_ace fsec_acl.acl_ace |
693 | #define KAUTH_FILESEC_FLAGS_PRIVATE KAUTH_ACL_FLAGS_PRIVATE |
694 | #define KAUTH_FILESEC_DEFER_INHERIT KAUTH_ACL_DEFER_INHERIT |
695 | #define KAUTH_FILESEC_NO_INHERIT KAUTH_ACL_NO_INHERIT |
696 | #define KAUTH_FILESEC_NONE ((kauth_filesec_t)0) |
697 | #define KAUTH_FILESEC_WANTED ((kauth_filesec_t)1) |
698 | |
699 | #ifndef _KAUTH_FILESEC |
700 | #define _KAUTH_FILESEC |
701 | typedef struct kauth_filesec *kauth_filesec_t; |
702 | #endif |
703 | |
704 | #define KAUTH_FILESEC_SIZE(c) (__offsetof(struct kauth_filesec, fsec_acl) + __offsetof(struct kauth_acl, acl_ace) + (c) * sizeof(struct kauth_ace)) |
705 | #define KAUTH_FILESEC_COPYSIZE(p) KAUTH_FILESEC_SIZE(((p)->fsec_entrycount == KAUTH_FILESEC_NOACL) ? 0 : (p)->fsec_entrycount) |
706 | #define KAUTH_FILESEC_COUNT(s) (((s) - KAUTH_FILESEC_SIZE(0)) / sizeof(struct kauth_ace)) |
707 | #define KAUTH_FILESEC_VALID(s) ((s) >= KAUTH_FILESEC_SIZE(0) && (((s) - KAUTH_FILESEC_SIZE(0)) % sizeof(struct kauth_ace)) == 0) |
708 | |
709 | #define KAUTH_FILESEC_XATTR "com.apple.system.Security" |
710 | |
711 | /* Allowable first arguments to kauth_filesec_acl_setendian() */ |
712 | #define KAUTH_ENDIAN_HOST 0x00000001 /* set host endianness */ |
713 | #define KAUTH_ENDIAN_DISK 0x00000002 /* set disk endianness */ |
714 | |
715 | #endif /* KERNEL || <sys/acl.h> */ |
716 | #ifdef KERNEL |
717 | #pragma mark kauth: Scope management |
718 | |
719 | struct kauth_scope; |
720 | typedef struct kauth_scope *kauth_scope_t; |
721 | struct kauth_listener; |
722 | typedef struct kauth_listener *kauth_listener_t; |
723 | #ifndef _KAUTH_ACTION_T |
724 | typedef int kauth_action_t; |
725 | # define _KAUTH_ACTION_T |
726 | #endif |
727 | |
728 | typedef int (* kauth_scope_callback_t)(kauth_cred_t _credential, |
729 | void *_idata, |
730 | kauth_action_t _action, |
731 | uintptr_t _arg0, |
732 | uintptr_t _arg1, |
733 | uintptr_t _arg2, |
734 | uintptr_t _arg3); |
735 | |
736 | #define KAUTH_RESULT_ALLOW (1) |
737 | #define KAUTH_RESULT_DENY (2) |
738 | #define KAUTH_RESULT_DEFER (3) |
739 | |
740 | struct kauth_acl_eval { |
741 | kauth_ace_t ae_acl; |
742 | int ae_count; |
743 | kauth_ace_rights_t ae_requested; |
744 | kauth_ace_rights_t ae_residual; |
745 | int ae_result; |
746 | boolean_t ae_found_deny; |
747 | int ae_options; |
748 | #define KAUTH_AEVAL_IS_OWNER (1<<0) /* authorizing operation for owner */ |
749 | #define KAUTH_AEVAL_IN_GROUP (1<<1) /* authorizing operation for groupmember */ |
750 | #define KAUTH_AEVAL_IN_GROUP_UNKNOWN (1<<2) /* authorizing operation for unknown group membership */ |
751 | /* expansions for 'generic' rights bits */ |
752 | kauth_ace_rights_t ae_exp_gall; |
753 | kauth_ace_rights_t ae_exp_gread; |
754 | kauth_ace_rights_t ae_exp_gwrite; |
755 | kauth_ace_rights_t ae_exp_gexec; |
756 | }; |
757 | |
758 | typedef struct kauth_acl_eval *kauth_acl_eval_t; |
759 | |
760 | kauth_filesec_t kauth_filesec_alloc(int size); |
761 | void kauth_filesec_free(kauth_filesec_t fsp); |
762 | extern kauth_scope_t kauth_register_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata); |
763 | extern void kauth_deregister_scope(kauth_scope_t _scope); |
764 | __kpi_deprecated("Use EndpointSecurity instead" ) |
765 | extern kauth_listener_t kauth_listen_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata); |
766 | __kpi_deprecated("Use EndpointSecurity instead" ) |
767 | extern void kauth_unlisten_scope(kauth_listener_t _scope); |
768 | extern int kauth_authorize_action(kauth_scope_t _scope, kauth_cred_t _credential, kauth_action_t _action, |
769 | uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3); |
770 | |
771 | /* |
772 | * Generic scope. |
773 | */ |
774 | #define KAUTH_SCOPE_GENERIC "com.apple.kauth.generic" |
775 | |
776 | /* Actions */ |
777 | #define KAUTH_GENERIC_ISSUSER 1 |
778 | |
779 | /* |
780 | * Process/task scope. |
781 | */ |
782 | #define KAUTH_SCOPE_PROCESS "com.apple.kauth.process" |
783 | |
784 | /* Actions */ |
785 | #define KAUTH_PROCESS_CANSIGNAL 1 |
786 | #define KAUTH_PROCESS_CANTRACE 2 |
787 | |
788 | extern int kauth_authorize_process(kauth_cred_t _credential, kauth_action_t _action, |
789 | struct proc *_process, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3); |
790 | |
791 | /* |
792 | * Vnode operation scope. |
793 | * |
794 | * Prototype for vnode_authorize is in vnode.h |
795 | */ |
796 | #define KAUTH_SCOPE_VNODE "com.apple.kauth.vnode" |
797 | |
798 | /* |
799 | * File system operation scope. |
800 | * |
801 | */ |
802 | #define KAUTH_SCOPE_FILEOP "com.apple.kauth.fileop" |
803 | |
804 | /* Actions */ |
805 | #define KAUTH_FILEOP_OPEN 1 |
806 | #define KAUTH_FILEOP_CLOSE 2 |
807 | #define KAUTH_FILEOP_RENAME 3 |
808 | #define KAUTH_FILEOP_EXCHANGE 4 |
809 | #define KAUTH_FILEOP_LINK 5 |
810 | #define KAUTH_FILEOP_EXEC 6 |
811 | #define KAUTH_FILEOP_DELETE 7 |
812 | #define KAUTH_FILEOP_WILL_RENAME 8 |
813 | |
814 | /* |
815 | * arguments passed to KAUTH_FILEOP_OPEN listeners |
816 | * arg0 is pointer to vnode (vnode *) for given user path. |
817 | * arg1 is pointer to path (char *) passed in to open. |
818 | * arguments passed to KAUTH_FILEOP_CLOSE listeners |
819 | * arg0 is pointer to vnode (vnode *) for file to be closed. |
820 | * arg1 is pointer to path (char *) of file to be closed. |
821 | * arg2 is close flags. |
822 | * arguments passed to KAUTH_FILEOP_WILL_RENAME listeners |
823 | * arg0 is pointer to vnode (vnode *) of the file being renamed |
824 | * arg1 is pointer to the "from" path (char *) |
825 | * arg2 is pointer to the "to" path (char *) |
826 | * arguments passed to KAUTH_FILEOP_RENAME listeners |
827 | * arg0 is pointer to "from" path (char *). |
828 | * arg1 is pointer to "to" path (char *). |
829 | * arguments passed to KAUTH_FILEOP_EXCHANGE listeners |
830 | * arg0 is pointer to file 1 path (char *). |
831 | * arg1 is pointer to file 2 path (char *). |
832 | * arguments passed to KAUTH_FILEOP_LINK listeners |
833 | * arg0 is pointer to path to file we are linking to (char *). |
834 | * arg1 is pointer to path to the new link file (char *). |
835 | * arguments passed to KAUTH_FILEOP_EXEC listeners |
836 | * arg0 is pointer to vnode (vnode *) for executable. |
837 | * arg1 is pointer to path (char *) to executable. |
838 | * arguments passed to KAUTH_FILEOP_DELETE listeners |
839 | * arg0 is pointer to vnode (vnode *) of file/dir that was deleted. |
840 | * arg1 is pointer to path (char *) of file/dir that was deleted. |
841 | */ |
842 | |
843 | /* Flag values returned to close listeners. */ |
844 | #define KAUTH_FILEOP_CLOSE_MODIFIED (1<<1) |
845 | |
846 | /* GUID, NTSID helpers */ |
847 | extern guid_t kauth_null_guid; |
848 | extern int kauth_guid_equal(guid_t *_guid1, guid_t *_guid2); |
849 | |
850 | #ifdef KERNEL_PRIVATE |
851 | |
852 | extern int kauth_acl_evaluate(kauth_cred_t _credential, kauth_acl_eval_t _eval); |
853 | |
854 | #endif /* KERNEL_PRIVATE */ |
855 | #ifdef XNU_KERNEL_PRIVATE |
856 | #pragma mark kauth: XNU only |
857 | #pragma GCC visibility push(hidden) |
858 | |
859 | void kauth_filesec_acl_setendian(int, kauth_filesec_t, kauth_acl_t); |
860 | int kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp); |
861 | extern int kauth_acl_inherit(vnode_t _dvp, kauth_acl_t _initial, kauth_acl_t *_product, int _isdir, vfs_context_t _ctx); |
862 | |
863 | extern int kauth_authorize_allow(kauth_cred_t _credential, void *_idata, kauth_action_t _action, |
864 | uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3); |
865 | |
866 | extern int kauth_authorize_generic(kauth_cred_t credential, kauth_action_t action); |
867 | |
868 | extern int kauth_authorize_fileop_has_listeners(void); |
869 | |
870 | extern int kauth_authorize_fileop(kauth_cred_t _credential, kauth_action_t _action, |
871 | uintptr_t _arg0, uintptr_t _arg1); |
872 | |
873 | extern int kauth_ntsid_equal(ntsid_t *_sid1, ntsid_t *_sid2); |
874 | |
875 | extern int kauth_wellknown_guid(guid_t *_guid); |
876 | #define KAUTH_WKG_NOT 0 /* not a well-known GUID */ |
877 | #define KAUTH_WKG_OWNER 1 |
878 | #define KAUTH_WKG_GROUP 2 |
879 | #define KAUTH_WKG_NOBODY 3 |
880 | #define KAUTH_WKG_EVERYBODY 4 |
881 | |
882 | #pragma GCC visibility pop |
883 | #endif /* XNU_KERNEL_PRIVATE */ |
884 | #endif /* KERNEL */ |
885 | |
886 | /* Actions, also rights bits in an ACE */ |
887 | |
888 | #if defined(KERNEL) || defined (_SYS_ACL_H) |
889 | #define KAUTH_VNODE_READ_DATA (1U<<1) |
890 | #define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA |
891 | #define KAUTH_VNODE_WRITE_DATA (1U<<2) |
892 | #define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA |
893 | #define KAUTH_VNODE_EXECUTE (1U<<3) |
894 | #define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE |
895 | #define KAUTH_VNODE_DELETE (1U<<4) |
896 | #define KAUTH_VNODE_APPEND_DATA (1U<<5) |
897 | #define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA |
898 | #define KAUTH_VNODE_DELETE_CHILD (1U<<6) |
899 | #define KAUTH_VNODE_READ_ATTRIBUTES (1U<<7) |
900 | #define KAUTH_VNODE_WRITE_ATTRIBUTES (1U<<8) |
901 | #define KAUTH_VNODE_READ_EXTATTRIBUTES (1U<<9) |
902 | #define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1U<<10) |
903 | #define KAUTH_VNODE_READ_SECURITY (1U<<11) |
904 | #define KAUTH_VNODE_WRITE_SECURITY (1U<<12) |
905 | #define KAUTH_VNODE_TAKE_OWNERSHIP (1U<<13) |
906 | |
907 | /* backwards compatibility only */ |
908 | #define KAUTH_VNODE_CHANGE_OWNER KAUTH_VNODE_TAKE_OWNERSHIP |
909 | |
910 | /* For Windows interoperability only */ |
911 | #define KAUTH_VNODE_SYNCHRONIZE (1U<<20) |
912 | |
913 | /* (1<<21) - (1<<24) are reserved for generic rights bits */ |
914 | |
915 | /* Actions not expressed as rights bits */ |
916 | /* |
917 | * Authorizes the vnode as the target of a hard link. |
918 | */ |
919 | #define KAUTH_VNODE_LINKTARGET (1U<<25) |
920 | |
921 | /* |
922 | * Indicates that other steps have been taken to authorise the action, |
923 | * but authorisation should be denied for immutable objects. |
924 | */ |
925 | #define KAUTH_VNODE_CHECKIMMUTABLE (1U<<26) |
926 | |
927 | /* Action modifiers */ |
928 | /* |
929 | * The KAUTH_VNODE_ACCESS bit is passed to the callback if the authorisation |
930 | * request in progress is advisory, rather than authoritative. Listeners |
931 | * performing consequential work (i.e. not strictly checking authorisation) |
932 | * may test this flag to avoid performing unnecessary work. |
933 | * |
934 | * This bit will never be present in an ACE. |
935 | */ |
936 | #define KAUTH_VNODE_ACCESS (1U<<31) |
937 | |
938 | /* |
939 | * The KAUTH_VNODE_NOIMMUTABLE bit is passed to the callback along with the |
940 | * KAUTH_VNODE_WRITE_SECURITY bit (and no others) to indicate that the |
941 | * caller wishes to change one or more of the immutable flags, and the |
942 | * state of these flags should not be considered when authorizing the request. |
943 | * The system immutable flags are only ignored when the system securelevel |
944 | * is low enough to allow their removal. |
945 | */ |
946 | #define KAUTH_VNODE_NOIMMUTABLE (1U<<30) |
947 | |
948 | |
949 | /* |
950 | * fake right that is composed by the following... |
951 | * vnode must have search for owner, group and world allowed |
952 | * plus there must be no deny modes present for SEARCH... this fake |
953 | * right is used by the fast lookup path to avoid checking |
954 | * for an exact match on the last credential to lookup |
955 | * the component being acted on |
956 | */ |
957 | #define KAUTH_VNODE_SEARCHBYANYONE (1U<<29) |
958 | |
959 | |
960 | /* |
961 | * when passed as an 'action' to "vnode_uncache_authorized_actions" |
962 | * it indicates that all of the cached authorizations for that |
963 | * vnode should be invalidated |
964 | */ |
965 | #define KAUTH_INVALIDATE_CACHED_RIGHTS ((kauth_action_t)~0) |
966 | |
967 | |
968 | |
969 | /* The expansions of the GENERIC bits at evaluation time */ |
970 | #define KAUTH_VNODE_GENERIC_READ_BITS (KAUTH_VNODE_READ_DATA | \ |
971 | KAUTH_VNODE_READ_ATTRIBUTES | \ |
972 | KAUTH_VNODE_READ_EXTATTRIBUTES | \ |
973 | KAUTH_VNODE_READ_SECURITY) |
974 | |
975 | #define KAUTH_VNODE_GENERIC_WRITE_BITS (KAUTH_VNODE_WRITE_DATA | \ |
976 | KAUTH_VNODE_APPEND_DATA | \ |
977 | KAUTH_VNODE_DELETE | \ |
978 | KAUTH_VNODE_DELETE_CHILD | \ |
979 | KAUTH_VNODE_WRITE_ATTRIBUTES | \ |
980 | KAUTH_VNODE_WRITE_EXTATTRIBUTES | \ |
981 | KAUTH_VNODE_WRITE_SECURITY) |
982 | |
983 | #define KAUTH_VNODE_GENERIC_EXECUTE_BITS (KAUTH_VNODE_EXECUTE) |
984 | |
985 | #define KAUTH_VNODE_GENERIC_ALL_BITS (KAUTH_VNODE_GENERIC_READ_BITS | \ |
986 | KAUTH_VNODE_GENERIC_WRITE_BITS | \ |
987 | KAUTH_VNODE_GENERIC_EXECUTE_BITS) |
988 | |
989 | /* |
990 | * Some sets of bits, defined here for convenience. |
991 | */ |
992 | #define KAUTH_VNODE_WRITE_RIGHTS (KAUTH_VNODE_ADD_FILE | \ |
993 | KAUTH_VNODE_ADD_SUBDIRECTORY | \ |
994 | KAUTH_VNODE_DELETE_CHILD | \ |
995 | KAUTH_VNODE_WRITE_DATA | \ |
996 | KAUTH_VNODE_APPEND_DATA | \ |
997 | KAUTH_VNODE_DELETE | \ |
998 | KAUTH_VNODE_WRITE_ATTRIBUTES | \ |
999 | KAUTH_VNODE_WRITE_EXTATTRIBUTES | \ |
1000 | KAUTH_VNODE_WRITE_SECURITY | \ |
1001 | KAUTH_VNODE_TAKE_OWNERSHIP | \ |
1002 | KAUTH_VNODE_LINKTARGET | \ |
1003 | KAUTH_VNODE_CHECKIMMUTABLE) |
1004 | |
1005 | |
1006 | #endif /* KERNEL || <sys/acl.h> */ |
1007 | |
1008 | #ifdef KERNEL |
1009 | /* |
1010 | * Debugging |
1011 | * |
1012 | * XXX this wouldn't be necessary if we had a *real* debug-logging system. |
1013 | */ |
1014 | #if 0 |
1015 | # ifndef _FN_KPRINTF |
1016 | # define _FN_KPRINTF |
1017 | void kprintf(const char *fmt, ...) __printflike(1, 2); |
1018 | # endif /* !_FN_KPRINTF */ |
1019 | # define KAUTH_DEBUG_ENABLE |
1020 | # define K_UUID_FMT "%08x:%08x:%08x:%08x" |
1021 | # define K_UUID_ARG(_u) &_u.g_guid_asint[0],&_u.g_guid_asint[1],&_u.g_guid_asint[2],&_u.g_guid_asint[3] |
1022 | # define KAUTH_DEBUG(fmt, args...) do { kprintf("%s:%d: " fmt "\n", __PRETTY_FUNCTION__, __LINE__ , ##args); } while (0) |
1023 | # define KAUTH_DEBUG_CTX(_c) KAUTH_DEBUG("p = %p c = %p", _c->vc_proc, _c->vc_ucred) |
1024 | # define VFS_DEBUG(_ctx, _vp, fmt, args...) \ |
1025 | do { \ |
1026 | kprintf("%p '%s' %s:%d " fmt "\n", \ |
1027 | _ctx, \ |
1028 | (_vp != NULL && _vp->v_name != NULL) ? _vp->v_name : "????", \ |
1029 | __PRETTY_FUNCTION__, __LINE__ , \ |
1030 | ##args); \ |
1031 | } while(0) |
1032 | #else /* !0 */ |
1033 | # define KAUTH_DEBUG(fmt, args...) do { } while (0) |
1034 | # define VFS_DEBUG(ctx, vp, fmt, args...) do { } while(0) |
1035 | #endif /* !0 */ |
1036 | #endif /* KERNEL */ |
1037 | |
1038 | #endif /* __APPLE_API_EVOLVING */ |
1039 | |
1040 | __END_DECLS |
1041 | |
1042 | #endif /* _SYS_KAUTH_H */ |
1043 | |