| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | /* |
| 29 | * @OSF_COPYRIGHT@ |
| 30 | */ |
| 31 | /* |
| 32 | * Mach Operating System |
| 33 | * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University |
| 34 | * All Rights Reserved. |
| 35 | * |
| 36 | * Permission to use, copy, modify and distribute this software and its |
| 37 | * documentation is hereby granted, provided that both the copyright |
| 38 | * notice and this permission notice appear in all copies of the |
| 39 | * software, derivative works or modified versions, and any portions |
| 40 | * thereof, and that both notices appear in supporting documentation. |
| 41 | * |
| 42 | * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" |
| 43 | * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR |
| 44 | * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. |
| 45 | * |
| 46 | * Carnegie Mellon requests users of this software to return to |
| 47 | * |
| 48 | * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU |
| 49 | * School of Computer Science |
| 50 | * Carnegie Mellon University |
| 51 | * Pittsburgh PA 15213-3890 |
| 52 | * |
| 53 | * any improvements or extensions that they make and grant Carnegie Mellon |
| 54 | * the rights to redistribute these changes. |
| 55 | */ |
| 56 | /* |
| 57 | * NOTICE: This file was modified by McAfee Research in 2004 to introduce |
| 58 | * support for mandatory and extensible security protections. This notice |
| 59 | * is included in support of clause 2.2 (b) of the Apple Public License, |
| 60 | * Version 2.0. |
| 61 | */ |
| 62 | /* |
| 63 | */ |
| 64 | /* |
| 65 | * File: mach/port.h |
| 66 | * |
| 67 | * Definition of a Mach port |
| 68 | * |
| 69 | * Mach ports are the endpoints to Mach-implemented communications |
| 70 | * channels (usually uni-directional message queues, but other types |
| 71 | * also exist). |
| 72 | * |
| 73 | * Unique collections of these endpoints are maintained for each |
| 74 | * Mach task. Each Mach port in the task's collection is given a |
| 75 | * [task-local] name to identify it - and the the various "rights" |
| 76 | * held by the task for that specific endpoint. |
| 77 | * |
| 78 | * This header defines the types used to identify these Mach ports |
| 79 | * and the various rights associated with them. For more info see: |
| 80 | * |
| 81 | * <mach/mach_port.h> - manipulation of port rights in a given space |
| 82 | * <mach/message.h> - message queue [and port right passing] mechanism |
| 83 | * |
| 84 | */ |
| 85 | |
| 86 | #ifndef _MACH_PORT_H_ |
| 87 | #define _MACH_PORT_H_ |
| 88 | |
| 89 | #include <sys/cdefs.h> |
| 90 | #include <stdint.h> |
| 91 | #include <mach/boolean.h> |
| 92 | #include <mach/machine/vm_types.h> |
| 93 | |
| 94 | /* |
| 95 | * mach_port_name_t - the local identity for a Mach port |
| 96 | * |
| 97 | * The name is Mach port namespace specific. It is used to |
| 98 | * identify the rights held for that port by the task whose |
| 99 | * namespace is implied [or specifically provided]. |
| 100 | * |
| 101 | * Use of this type usually implies just a name - no rights. |
| 102 | * See mach_port_t for a type that implies a "named right." |
| 103 | * |
| 104 | */ |
| 105 | |
| 106 | typedef natural_t mach_port_name_t; |
| 107 | typedef mach_port_name_t *mach_port_name_array_t; |
| 108 | |
| 109 | #ifdef KERNEL |
| 110 | |
| 111 | /* |
| 112 | * mach_port_t - a named port right |
| 113 | * |
| 114 | * In the kernel, "rights" are represented [named] by pointers to |
| 115 | * the ipc port object in question. There is no port namespace for the |
| 116 | * rights to be collected. |
| 117 | * |
| 118 | * Actually, there is namespace for the kernel task. But most kernel |
| 119 | * code - including, but not limited to, Mach IPC code - lives in the |
| 120 | * limbo between the current user-level task and the "next" task. Very |
| 121 | * little of the kernel code runs in full kernel task context. So very |
| 122 | * little of it gets to use the kernel task's port name space. |
| 123 | * |
| 124 | * Because of this implementation approach, all in-kernel rights for |
| 125 | * a given port coalesce [have the same name/pointer]. The actual |
| 126 | * references are counted in the port itself. It is up to the kernel |
| 127 | * code in question to "just remember" how many [and what type of] |
| 128 | * rights it holds and handle them appropriately. |
| 129 | * |
| 130 | */ |
| 131 | |
| 132 | #ifndef MACH_KERNEL_PRIVATE |
| 133 | /* |
| 134 | * For kernel code that resides outside of Mach proper, we opaque the |
| 135 | * port structure definition. |
| 136 | */ |
| 137 | struct ipc_port; |
| 138 | |
| 139 | #endif /* MACH_KERNEL_PRIVATE */ |
| 140 | |
| 141 | typedef struct ipc_port *ipc_port_t; |
| 142 | |
| 143 | #define IPC_PORT_NULL __unsafe_forge_single(ipc_port_t, NULL) |
| 144 | #define IPC_PORT_DEAD __unsafe_forge_single(ipc_port_t, ~0UL) |
| 145 | #define IPC_PORT_VALID(port) ipc_port_valid(port) |
| 146 | |
| 147 | static inline boolean_t |
| 148 | ipc_port_valid(ipc_port_t port) |
| 149 | { |
| 150 | return port != IPC_PORT_DEAD && port; |
| 151 | } |
| 152 | |
| 153 | typedef ipc_port_t mach_port_t; |
| 154 | |
| 155 | /* |
| 156 | * Since the 32-bit and 64-bit representations of ~0 are different, |
| 157 | * explicitly handle MACH_PORT_DEAD |
| 158 | */ |
| 159 | |
| 160 | #define CAST_MACH_PORT_TO_NAME(x) ((mach_port_name_t)(uintptr_t)(x)) |
| 161 | #define CAST_MACH_NAME_TO_PORT(x) ((x) == MACH_PORT_DEAD ? (mach_port_t)IPC_PORT_DEAD : (mach_port_t)(uintptr_t)(x)) |
| 162 | |
| 163 | #else /* KERNEL */ |
| 164 | |
| 165 | /* |
| 166 | * mach_port_t - a named port right |
| 167 | * |
| 168 | * In user-space, "rights" are represented by the name of the |
| 169 | * right in the Mach port namespace. Even so, this type is |
| 170 | * presented as a unique one to more clearly denote the presence |
| 171 | * of a right coming along with the name. |
| 172 | * |
| 173 | * Often, various rights for a port held in a single name space |
| 174 | * will coalesce and are, therefore, be identified by a single name |
| 175 | * [this is the case for send and receive rights]. But not |
| 176 | * always [send-once rights currently get a unique name for |
| 177 | * each right]. |
| 178 | * |
| 179 | */ |
| 180 | |
| 181 | #include <sys/_types.h> |
| 182 | #include <sys/_types/_mach_port_t.h> |
| 183 | |
| 184 | #endif /* KERNEL */ |
| 185 | |
| 186 | typedef mach_port_t *mach_port_array_t; |
| 187 | |
| 188 | /* |
| 189 | * MACH_PORT_NULL is a legal value that can be carried in messages. |
| 190 | * It indicates the absence of any port or port rights. (A port |
| 191 | * argument keeps the message from being "simple", even if the |
| 192 | * value is MACH_PORT_NULL.) The value MACH_PORT_DEAD is also a legal |
| 193 | * value that can be carried in messages. It indicates |
| 194 | * that a port right was present, but it died. |
| 195 | */ |
| 196 | |
| 197 | #if defined(XNU_KERNEL_PRIVATE) && defined(__cplusplus) |
| 198 | #define MACH_PORT_NULL NULL |
| 199 | #else |
| 200 | #define MACH_PORT_NULL 0 /* intentional loose typing */ |
| 201 | #endif |
| 202 | #define MACH_PORT_DEAD ((mach_port_name_t) ~0) |
| 203 | #if MACH_KERNEL_PRIVATE |
| 204 | #define MACH_PORT_SPECIAL_DEFAULT ((mach_port_name_t)1) |
| 205 | #endif /* MACH_KERNEL_PRIVATE */ |
| 206 | #define MACH_PORT_VALID(name) \ |
| 207 | (((name) != MACH_PORT_NULL) && \ |
| 208 | ((name) != MACH_PORT_DEAD)) |
| 209 | |
| 210 | |
| 211 | /* |
| 212 | * For kernel-selected [assigned] port names, the name is |
| 213 | * comprised of two parts: a generation number and an index. |
| 214 | * This approach keeps the exact same name from being generated |
| 215 | * and reused too quickly [to catch right/reference counting bugs]. |
| 216 | * The dividing line between the constituent parts is exposed so |
| 217 | * that efficient "mach_port_name_t to data structure pointer" |
| 218 | * conversion implementation can be made. But it is possible |
| 219 | * for user-level code to assign their own names to Mach ports. |
| 220 | * These are not required to participate in this algorithm. So |
| 221 | * care should be taken before "assuming" this model. |
| 222 | * |
| 223 | */ |
| 224 | |
| 225 | #ifndef NO_PORT_GEN |
| 226 | |
| 227 | #define MACH_PORT_INDEX(name) ((name) >> 8) |
| 228 | #define MACH_PORT_GEN(name) (((name) & 0xff) << 24) |
| 229 | #define MACH_PORT_MAKE(index, gen) \ |
| 230 | (((index) << 8) | (gen) >> 24) |
| 231 | |
| 232 | #else /* NO_PORT_GEN */ |
| 233 | |
| 234 | #define MACH_PORT_INDEX(name) (name) |
| 235 | #define MACH_PORT_GEN(name) (0) |
| 236 | #define MACH_PORT_MAKE(index, gen) (index) |
| 237 | |
| 238 | #endif /* NO_PORT_GEN */ |
| 239 | |
| 240 | |
| 241 | /* |
| 242 | * These are the different rights a task may have for a port. |
| 243 | * The MACH_PORT_RIGHT_* definitions are used as arguments |
| 244 | * to mach_port_allocate, mach_port_get_refs, etc, to specify |
| 245 | * a particular right to act upon. The mach_port_names and |
| 246 | * mach_port_type calls return bitmasks using the MACH_PORT_TYPE_* |
| 247 | * definitions. This is because a single name may denote |
| 248 | * multiple rights. |
| 249 | */ |
| 250 | |
| 251 | typedef natural_t mach_port_right_t; |
| 252 | |
| 253 | #define MACH_PORT_RIGHT_SEND ((mach_port_right_t) 0) |
| 254 | #define MACH_PORT_RIGHT_RECEIVE ((mach_port_right_t) 1) |
| 255 | #define MACH_PORT_RIGHT_SEND_ONCE ((mach_port_right_t) 2) |
| 256 | #define MACH_PORT_RIGHT_PORT_SET ((mach_port_right_t) 3) |
| 257 | #define MACH_PORT_RIGHT_DEAD_NAME ((mach_port_right_t) 4) |
| 258 | #define MACH_PORT_RIGHT_LABELH ((mach_port_right_t) 5) /* obsolete right */ |
| 259 | #define MACH_PORT_RIGHT_NUMBER ((mach_port_right_t) 6) /* right not implemented */ |
| 260 | |
| 261 | #ifdef MACH_KERNEL_PRIVATE |
| 262 | #define MACH_PORT_RIGHT_VALID_TRANSLATE(right) \ |
| 263 | ((right) >= MACH_PORT_RIGHT_SEND && (right) <= MACH_PORT_RIGHT_DEAD_NAME) |
| 264 | #endif |
| 265 | |
| 266 | typedef natural_t mach_port_type_t; |
| 267 | typedef mach_port_type_t *mach_port_type_array_t; |
| 268 | |
| 269 | #define MACH_PORT_TYPE(right) \ |
| 270 | ((mach_port_type_t)(((mach_port_type_t) 1) \ |
| 271 | << ((right) + ((mach_port_right_t) 16)))) |
| 272 | #define MACH_PORT_TYPE_NONE ((mach_port_type_t) 0L) |
| 273 | #define MACH_PORT_TYPE_SEND MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND) |
| 274 | #define MACH_PORT_TYPE_RECEIVE MACH_PORT_TYPE(MACH_PORT_RIGHT_RECEIVE) |
| 275 | #define MACH_PORT_TYPE_SEND_ONCE MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND_ONCE) |
| 276 | #define MACH_PORT_TYPE_PORT_SET MACH_PORT_TYPE(MACH_PORT_RIGHT_PORT_SET) |
| 277 | #define MACH_PORT_TYPE_DEAD_NAME MACH_PORT_TYPE(MACH_PORT_RIGHT_DEAD_NAME) |
| 278 | #define MACH_PORT_TYPE_LABELH MACH_PORT_TYPE(MACH_PORT_RIGHT_LABELH) /* obsolete */ |
| 279 | |
| 280 | #ifdef MACH_KERNEL_PRIVATE |
| 281 | /* Holder used to have a receive right - remembered to filter exceptions */ |
| 282 | #define MACH_PORT_TYPE_EX_RECEIVE MACH_PORT_TYPE_LABELH |
| 283 | #endif |
| 284 | |
| 285 | /* Convenient combinations. */ |
| 286 | |
| 287 | #define MACH_PORT_TYPE_SEND_RECEIVE \ |
| 288 | (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_RECEIVE) |
| 289 | #define MACH_PORT_TYPE_SEND_RIGHTS \ |
| 290 | (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_SEND_ONCE) |
| 291 | #define MACH_PORT_TYPE_PORT_RIGHTS \ |
| 292 | (MACH_PORT_TYPE_SEND_RIGHTS|MACH_PORT_TYPE_RECEIVE) |
| 293 | #define MACH_PORT_TYPE_PORT_OR_DEAD \ |
| 294 | (MACH_PORT_TYPE_PORT_RIGHTS|MACH_PORT_TYPE_DEAD_NAME) |
| 295 | #define MACH_PORT_TYPE_ALL_RIGHTS \ |
| 296 | (MACH_PORT_TYPE_PORT_OR_DEAD|MACH_PORT_TYPE_PORT_SET) |
| 297 | |
| 298 | /* Dummy type bits that mach_port_type/mach_port_names can return. */ |
| 299 | |
| 300 | #define MACH_PORT_TYPE_DNREQUEST 0x80000000 |
| 301 | #define MACH_PORT_TYPE_SPREQUEST 0x40000000 |
| 302 | #define MACH_PORT_TYPE_SPREQUEST_DELAYED 0x20000000 |
| 303 | |
| 304 | /* User-references for capabilities. */ |
| 305 | |
| 306 | typedef natural_t mach_port_urefs_t; |
| 307 | typedef integer_t mach_port_delta_t; /* change in urefs */ |
| 308 | |
| 309 | /* Attributes of ports. (See mach_port_get_receive_status.) */ |
| 310 | |
| 311 | typedef natural_t mach_port_seqno_t; /* sequence number */ |
| 312 | typedef natural_t mach_port_mscount_t; /* make-send count */ |
| 313 | typedef natural_t mach_port_msgcount_t; /* number of msgs */ |
| 314 | typedef natural_t mach_port_rights_t; /* number of rights */ |
| 315 | |
| 316 | /* |
| 317 | * Are there outstanding send rights for a given port? |
| 318 | */ |
| 319 | #define MACH_PORT_SRIGHTS_NONE 0 /* no srights */ |
| 320 | #define MACH_PORT_SRIGHTS_PRESENT 1 /* srights */ |
| 321 | typedef unsigned int mach_port_srights_t; /* status of send rights */ |
| 322 | |
| 323 | typedef struct mach_port_status { |
| 324 | mach_port_rights_t mps_pset; /* count of containing port sets */ |
| 325 | mach_port_seqno_t mps_seqno; /* sequence number */ |
| 326 | mach_port_mscount_t mps_mscount; /* make-send count */ |
| 327 | mach_port_msgcount_t mps_qlimit; /* queue limit */ |
| 328 | mach_port_msgcount_t mps_msgcount; /* number in the queue */ |
| 329 | mach_port_rights_t mps_sorights; /* how many send-once rights */ |
| 330 | boolean_t mps_srights; /* do send rights exist? */ |
| 331 | boolean_t mps_pdrequest; /* port-deleted requested? */ |
| 332 | boolean_t mps_nsrequest; /* no-senders requested? */ |
| 333 | natural_t mps_flags; /* port flags */ |
| 334 | } mach_port_status_t; |
| 335 | |
| 336 | /* System-wide values for setting queue limits on a port */ |
| 337 | #define MACH_PORT_QLIMIT_ZERO (0) |
| 338 | #define MACH_PORT_QLIMIT_BASIC (5) |
| 339 | #define MACH_PORT_QLIMIT_SMALL (16) |
| 340 | #define MACH_PORT_QLIMIT_LARGE (1024) |
| 341 | #define MACH_PORT_QLIMIT_KERNEL (65534) |
| 342 | #define MACH_PORT_QLIMIT_MIN MACH_PORT_QLIMIT_ZERO |
| 343 | #define MACH_PORT_QLIMIT_DEFAULT MACH_PORT_QLIMIT_BASIC |
| 344 | #define MACH_PORT_QLIMIT_MAX MACH_PORT_QLIMIT_LARGE |
| 345 | |
| 346 | typedef struct mach_port_limits { |
| 347 | mach_port_msgcount_t mpl_qlimit; /* number of msgs */ |
| 348 | } mach_port_limits_t; |
| 349 | |
| 350 | /* Possible values for mps_flags (part of mach_port_status_t) */ |
| 351 | #define MACH_PORT_STATUS_FLAG_TEMPOWNER 0x01 |
| 352 | #define MACH_PORT_STATUS_FLAG_GUARDED 0x02 |
| 353 | #define MACH_PORT_STATUS_FLAG_STRICT_GUARD 0x04 |
| 354 | #define MACH_PORT_STATUS_FLAG_IMP_DONATION 0x08 |
| 355 | #define MACH_PORT_STATUS_FLAG_REVIVE 0x10 |
| 356 | #define MACH_PORT_STATUS_FLAG_TASKPTR 0x20 |
| 357 | #define MACH_PORT_STATUS_FLAG_GUARD_IMMOVABLE_RECEIVE 0x40 |
| 358 | #define MACH_PORT_STATUS_FLAG_NO_GRANT 0x80 |
| 359 | |
| 360 | typedef struct mach_port_info_ext { |
| 361 | mach_port_status_t mpie_status; |
| 362 | mach_port_msgcount_t mpie_boost_cnt; |
| 363 | uint32_t reserved[6]; |
| 364 | } mach_port_info_ext_t; |
| 365 | |
| 366 | typedef struct mach_port_guard_info { |
| 367 | uint64_t mpgi_guard; /* guard value */ |
| 368 | } mach_port_guard_info_t; |
| 369 | |
| 370 | typedef integer_t *mach_port_info_t; /* varying array of natural_t */ |
| 371 | |
| 372 | /* Flavors for mach_port_get/set/assert_attributes() */ |
| 373 | typedef int mach_port_flavor_t; |
| 374 | #define MACH_PORT_LIMITS_INFO 1 /* uses mach_port_limits_t */ |
| 375 | #define MACH_PORT_RECEIVE_STATUS 2 /* uses mach_port_status_t */ |
| 376 | #define MACH_PORT_DNREQUESTS_SIZE 3 /* info is int */ |
| 377 | #define MACH_PORT_TEMPOWNER 4 /* indicates receive right will be reassigned to another task */ |
| 378 | #define MACH_PORT_IMPORTANCE_RECEIVER 5 /* indicates recieve right accepts priority donation */ |
| 379 | #define MACH_PORT_DENAP_RECEIVER 6 /* indicates receive right accepts de-nap donation */ |
| 380 | #define MACH_PORT_INFO_EXT 7 /* uses mach_port_info_ext_t */ |
| 381 | #define MACH_PORT_GUARD_INFO 8 /* asserts if the strict guard value is correct */ |
| 382 | #define MACH_PORT_SERVICE_THROTTLED 9 /* info is an integer that indicates if service port is throttled or not */ |
| 383 | |
| 384 | #define MACH_PORT_LIMITS_INFO_COUNT ((natural_t) \ |
| 385 | (sizeof(mach_port_limits_t)/sizeof(natural_t))) |
| 386 | #define MACH_PORT_RECEIVE_STATUS_COUNT ((natural_t) \ |
| 387 | (sizeof(mach_port_status_t)/sizeof(natural_t))) |
| 388 | #define MACH_PORT_DNREQUESTS_SIZE_COUNT 1 |
| 389 | #define MACH_PORT_INFO_EXT_COUNT ((natural_t) \ |
| 390 | (sizeof(mach_port_info_ext_t)/sizeof(natural_t))) |
| 391 | #define MACH_PORT_GUARD_INFO_COUNT ((natural_t) \ |
| 392 | (sizeof(mach_port_guard_info_t)/sizeof(natural_t))) |
| 393 | #define MACH_PORT_SERVICE_THROTTLED_COUNT 1 |
| 394 | |
| 395 | /* |
| 396 | * Structure used to pass information about port allocation requests. |
| 397 | * Must be padded to 64-bits total length. |
| 398 | */ |
| 399 | typedef struct mach_port_qos { |
| 400 | unsigned int name:1; /* name given */ |
| 401 | unsigned int prealloc:1; /* prealloced message */ |
| 402 | boolean_t pad1:30; |
| 403 | natural_t len; |
| 404 | } mach_port_qos_t; |
| 405 | |
| 406 | /* |
| 407 | * Structure used to pass information about the service port |
| 408 | */ |
| 409 | #define MACH_SERVICE_PORT_INFO_STRING_NAME_MAX_BUF_LEN 255 /* Maximum length of the port string name buffer */ |
| 410 | |
| 411 | typedef struct mach_service_port_info { |
| 412 | char mspi_string_name[MACH_SERVICE_PORT_INFO_STRING_NAME_MAX_BUF_LEN]; /* Service port's string name */ |
| 413 | uint8_t mspi_domain_type; /* Service port domain */ |
| 414 | } mach_service_port_info_data_t; |
| 415 | |
| 416 | #define MACH_SERVICE_PORT_INFO_COUNT ((char) \ |
| 417 | (sizeof(mach_service_port_info_data_t)/sizeof(char))) |
| 418 | |
| 419 | typedef struct mach_service_port_info * mach_service_port_info_t; |
| 420 | |
| 421 | /* |
| 422 | * Flags for mach_port_options (used for |
| 423 | * invocation of mach_port_construct). |
| 424 | * Indicates attributes to be set for the newly |
| 425 | * allocated port. |
| 426 | */ |
| 427 | #define MPO_CONTEXT_AS_GUARD 0x01 /* Add guard to the port */ |
| 428 | #define MPO_QLIMIT 0x02 /* Set qlimit for the port msg queue */ |
| 429 | #define MPO_TEMPOWNER 0x04 /* Set the tempowner bit of the port */ |
| 430 | #define MPO_IMPORTANCE_RECEIVER 0x08 /* Mark the port as importance receiver */ |
| 431 | #define MPO_INSERT_SEND_RIGHT 0x10 /* Insert a send right for the port */ |
| 432 | #define MPO_STRICT 0x20 /* Apply strict guarding for port */ |
| 433 | #define MPO_DENAP_RECEIVER 0x40 /* Mark the port as App de-nap receiver */ |
| 434 | #define MPO_IMMOVABLE_RECEIVE 0x80 /* Mark the port as immovable; protected by the guard context */ |
| 435 | #define MPO_FILTER_MSG 0x100 /* Allow message filtering */ |
| 436 | #define MPO_TG_BLOCK_TRACKING 0x200 /* Track blocking relationship for thread group during sync IPC */ |
| 437 | #define MPO_SERVICE_PORT 0x400 /* Create a service port with the given name; should be used only by launchd */ |
| 438 | #define MPO_CONNECTION_PORT 0x800 /* Derive new peer connection port from a given service port */ |
| 439 | #define MPO_REPLY_PORT 0x1000 /* Designate port as a reply port. */ |
| 440 | #define MPO_ENFORCE_REPLY_PORT_SEMANTICS 0x2000 /* When talking to this port, local port of mach msg needs to follow reply port semantics.*/ |
| 441 | #define MPO_PROVISIONAL_REPLY_PORT 0x4000 /* Designate port as a provisional reply port. */ |
| 442 | #define MPO_PROVISIONAL_ID_PROT_OPTOUT 0x8000 /* Opted out of EXCEPTION_IDENTITY_PROTECTED violation for now */ |
| 443 | |
| 444 | |
| 445 | /* |
| 446 | * Structure to define optional attributes for a newly |
| 447 | * constructed port. |
| 448 | */ |
| 449 | typedef struct mach_port_options { |
| 450 | uint32_t flags; /* Flags defining attributes for port */ |
| 451 | mach_port_limits_t mpl; /* Message queue limit for port */ |
| 452 | union { |
| 453 | uint64_t reserved[2]; /* Reserved */ |
| 454 | mach_port_name_t work_interval_port; /* Work interval port */ |
| 455 | #if KERNEL |
| 456 | uint32_t service_port_info32; /* Service port (MPO_SERVICE_PORT) */ |
| 457 | uint64_t service_port_info64; /* Service port (MPO_SERVICE_PORT) */ |
| 458 | #else |
| 459 | mach_service_port_info_t service_port_info; /* Service port (MPO_SERVICE_PORT) */ |
| 460 | #endif |
| 461 | mach_port_name_t service_port_name; /* Service port (MPO_CONNECTION_PORT) */ |
| 462 | }; |
| 463 | }mach_port_options_t; |
| 464 | |
| 465 | typedef mach_port_options_t *mach_port_options_ptr_t; |
| 466 | |
| 467 | /* Mach Port Guarding definitions */ |
| 468 | |
| 469 | /* |
| 470 | * EXC_GUARD represents a guard violation for both |
| 471 | * mach ports and file descriptors. GUARD_TYPE_ is used |
| 472 | * to differentiate among them. |
| 473 | */ |
| 474 | #define GUARD_TYPE_MACH_PORT 0x1 |
| 475 | |
| 476 | /* Reasons for exception for a guarded mach port */ |
| 477 | enum mach_port_guard_exception_codes { |
| 478 | kGUARD_EXC_DESTROY = 1, |
| 479 | kGUARD_EXC_MOD_REFS = 2, |
| 480 | kGUARD_EXC_INVALID_OPTIONS = 3, |
| 481 | kGUARD_EXC_SET_CONTEXT = 4, |
| 482 | kGUARD_EXC_THREAD_SET_STATE = 5, |
| 483 | kGUARD_EXC_EXCEPTION_BEHAVIOR_ENFORCE= 6, |
| 484 | kGUARD_EXC_UNGUARDED = 1u << 3, |
| 485 | kGUARD_EXC_INCORRECT_GUARD = 1u << 4, |
| 486 | kGUARD_EXC_IMMOVABLE = 1u << 5, |
| 487 | kGUARD_EXC_STRICT_REPLY = 1u << 6, |
| 488 | kGUARD_EXC_MSG_FILTERED = 1u << 7, |
| 489 | /* start of [optionally] non-fatal guards */ |
| 490 | kGUARD_EXC_INVALID_RIGHT = 1u << 8, |
| 491 | kGUARD_EXC_INVALID_NAME = 1u << 9, |
| 492 | kGUARD_EXC_INVALID_VALUE = 1u << 10, |
| 493 | kGUARD_EXC_INVALID_ARGUMENT = 1u << 11, |
| 494 | kGUARD_EXC_RIGHT_EXISTS = 1u << 12, |
| 495 | kGUARD_EXC_KERN_NO_SPACE = 1u << 13, |
| 496 | kGUARD_EXC_KERN_FAILURE = 1u << 14, |
| 497 | kGUARD_EXC_KERN_RESOURCE = 1u << 15, |
| 498 | kGUARD_EXC_SEND_INVALID_REPLY = 1u << 16, |
| 499 | kGUARD_EXC_SEND_INVALID_VOUCHER = 1u << 17, |
| 500 | kGUARD_EXC_SEND_INVALID_RIGHT = 1u << 18, |
| 501 | kGUARD_EXC_RCV_INVALID_NAME = 1u << 19, |
| 502 | /* start of always non-fatal guards */ |
| 503 | kGUARD_EXC_RCV_GUARDED_DESC = 1u << 20, /* for development only */ |
| 504 | kGUARD_EXC_MOD_REFS_NON_FATAL = 1u << 21, |
| 505 | kGUARD_EXC_IMMOVABLE_NON_FATAL = 1u << 22, |
| 506 | kGUARD_EXC_REQUIRE_REPLY_PORT_SEMANTICS = 1u << 23, |
| 507 | }; |
| 508 | |
| 509 | #define MAX_FATAL_kGUARD_EXC_CODE (1u << 7) |
| 510 | |
| 511 | /* |
| 512 | * Mach port guard flags. |
| 513 | */ |
| 514 | #define MPG_FLAGS_NONE (0x00ull) |
| 515 | |
| 516 | #define MAX_OPTIONAL_kGUARD_EXC_CODE (1u << 19) |
| 517 | |
| 518 | /* |
| 519 | * These flags are used as bits in the subcode of kGUARD_EXC_STRICT_REPLY exceptions. |
| 520 | */ |
| 521 | #define MPG_FLAGS_STRICT_REPLY_INVALID_REPLY_DISP (0x01ull << 56) |
| 522 | #define MPG_FLAGS_STRICT_REPLY_INVALID_REPLY_PORT (0x02ull << 56) |
| 523 | #define MPG_FLAGS_STRICT_REPLY_INVALID_VOUCHER (0x04ull << 56) |
| 524 | #define MPG_FLAGS_STRICT_REPLY_NO_BANK_ATTR (0x08ull << 56) |
| 525 | #define MPG_FLAGS_STRICT_REPLY_MISMATCHED_PERSONA (0x10ull << 56) |
| 526 | #define MPG_FLAGS_STRICT_REPLY_MASK (0xffull << 56) |
| 527 | |
| 528 | /* |
| 529 | * These flags are used as bits in the subcode of kGUARD_EXC_MOD_REFS exceptions. |
| 530 | */ |
| 531 | #define MPG_FLAGS_MOD_REFS_PINNED_DEALLOC (0x01ull << 56) |
| 532 | #define MPG_FLAGS_MOD_REFS_PINNED_DESTROY (0x02ull << 56) |
| 533 | #define MPG_FLAGS_MOD_REFS_PINNED_COPYIN (0x04ull << 56) |
| 534 | |
| 535 | /* |
| 536 | * These flags are used as bits in the subcode of kGUARD_EXC_IMMOVABLE exceptions. |
| 537 | */ |
| 538 | #define MPG_FLAGS_IMMOVABLE_PINNED (0x01ull << 56) |
| 539 | |
| 540 | /* |
| 541 | * Flags for mach_port_guard_with_flags. These flags extend |
| 542 | * the attributes associated with a guarded port. |
| 543 | */ |
| 544 | #define MPG_STRICT 0x01 /* Apply strict guarding for a port */ |
| 545 | #define MPG_IMMOVABLE_RECEIVE 0x02 /* Receive right cannot be moved out of the space */ |
| 546 | |
| 547 | #if !__DARWIN_UNIX03 && !defined(_NO_PORT_T_FROM_MACH) |
| 548 | /* |
| 549 | * Mach 3.0 renamed everything to have mach_ in front of it. |
| 550 | * These types and macros are provided for backward compatibility |
| 551 | * but are deprecated. |
| 552 | */ |
| 553 | typedef mach_port_t port_t; |
| 554 | typedef mach_port_name_t port_name_t; |
| 555 | typedef mach_port_name_t *port_name_array_t; |
| 556 | |
| 557 | #define PORT_NULL ((port_t) 0) |
| 558 | #define PORT_DEAD ((port_t) ~0) |
| 559 | #define PORT_VALID(name) \ |
| 560 | ((port_t)(name) != PORT_NULL && (port_t)(name) != PORT_DEAD) |
| 561 | |
| 562 | #endif /* !__DARWIN_UNIX03 && !_NO_PORT_T_FROM_MACH */ |
| 563 | |
| 564 | #endif /* _MACH_PORT_H_ */ |
| 565 |
Generated while processing xnu-build/RELEASE_ARM64_VMAPPLE/bsd/RELEASE/audit_kevents.c
Generated on 2024-Jun-06 from project xnu revision 10063.121.3
Powered by 
Code Browser 2.1
Generator usage only permitted with license.