1 | /* |
2 | * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | /* |
29 | * @OSF_COPYRIGHT@ |
30 | */ |
31 | /* |
32 | * Mach Operating System |
33 | * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University |
34 | * All Rights Reserved. |
35 | * |
36 | * Permission to use, copy, modify and distribute this software and its |
37 | * documentation is hereby granted, provided that both the copyright |
38 | * notice and this permission notice appear in all copies of the |
39 | * software, derivative works or modified versions, and any portions |
40 | * thereof, and that both notices appear in supporting documentation. |
41 | * |
42 | * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" |
43 | * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR |
44 | * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. |
45 | * |
46 | * Carnegie Mellon requests users of this software to return to |
47 | * |
48 | * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU |
49 | * School of Computer Science |
50 | * Carnegie Mellon University |
51 | * Pittsburgh PA 15213-3890 |
52 | * |
53 | * any improvements or extensions that they make and grant Carnegie Mellon |
54 | * the rights to redistribute these changes. |
55 | */ |
56 | /* |
57 | * NOTICE: This file was modified by McAfee Research in 2004 to introduce |
58 | * support for mandatory and extensible security protections. This notice |
59 | * is included in support of clause 2.2 (b) of the Apple Public License, |
60 | * Version 2.0. |
61 | */ |
62 | /* |
63 | */ |
64 | /* |
65 | * File: mach/port.h |
66 | * |
67 | * Definition of a Mach port |
68 | * |
69 | * Mach ports are the endpoints to Mach-implemented communications |
70 | * channels (usually uni-directional message queues, but other types |
71 | * also exist). |
72 | * |
73 | * Unique collections of these endpoints are maintained for each |
74 | * Mach task. Each Mach port in the task's collection is given a |
75 | * [task-local] name to identify it - and the the various "rights" |
76 | * held by the task for that specific endpoint. |
77 | * |
78 | * This header defines the types used to identify these Mach ports |
79 | * and the various rights associated with them. For more info see: |
80 | * |
81 | * <mach/mach_port.h> - manipulation of port rights in a given space |
82 | * <mach/message.h> - message queue [and port right passing] mechanism |
83 | * |
84 | */ |
85 | |
86 | #ifndef _MACH_PORT_H_ |
87 | #define _MACH_PORT_H_ |
88 | |
89 | #include <sys/cdefs.h> |
90 | #include <stdint.h> |
91 | #include <mach/boolean.h> |
92 | #include <mach/machine/vm_types.h> |
93 | |
94 | /* |
95 | * mach_port_name_t - the local identity for a Mach port |
96 | * |
97 | * The name is Mach port namespace specific. It is used to |
98 | * identify the rights held for that port by the task whose |
99 | * namespace is implied [or specifically provided]. |
100 | * |
101 | * Use of this type usually implies just a name - no rights. |
102 | * See mach_port_t for a type that implies a "named right." |
103 | * |
104 | */ |
105 | |
106 | typedef natural_t mach_port_name_t; |
107 | typedef mach_port_name_t *mach_port_name_array_t; |
108 | |
109 | #ifdef KERNEL |
110 | |
111 | /* |
112 | * mach_port_t - a named port right |
113 | * |
114 | * In the kernel, "rights" are represented [named] by pointers to |
115 | * the ipc port object in question. There is no port namespace for the |
116 | * rights to be collected. |
117 | * |
118 | * Actually, there is namespace for the kernel task. But most kernel |
119 | * code - including, but not limited to, Mach IPC code - lives in the |
120 | * limbo between the current user-level task and the "next" task. Very |
121 | * little of the kernel code runs in full kernel task context. So very |
122 | * little of it gets to use the kernel task's port name space. |
123 | * |
124 | * Because of this implementation approach, all in-kernel rights for |
125 | * a given port coalesce [have the same name/pointer]. The actual |
126 | * references are counted in the port itself. It is up to the kernel |
127 | * code in question to "just remember" how many [and what type of] |
128 | * rights it holds and handle them appropriately. |
129 | * |
130 | */ |
131 | |
132 | #ifndef MACH_KERNEL_PRIVATE |
133 | /* |
134 | * For kernel code that resides outside of Mach proper, we opaque the |
135 | * port structure definition. |
136 | */ |
137 | struct ipc_port; |
138 | |
139 | #endif /* MACH_KERNEL_PRIVATE */ |
140 | |
141 | typedef struct ipc_port *ipc_port_t; |
142 | |
143 | #define IPC_PORT_NULL __unsafe_forge_single(ipc_port_t, NULL) |
144 | #define IPC_PORT_DEAD __unsafe_forge_single(ipc_port_t, ~0UL) |
145 | #define IPC_PORT_VALID(port) ipc_port_valid(port) |
146 | |
147 | static inline boolean_t |
148 | ipc_port_valid(ipc_port_t port) |
149 | { |
150 | return port != IPC_PORT_DEAD && port; |
151 | } |
152 | |
153 | typedef ipc_port_t mach_port_t; |
154 | |
155 | /* |
156 | * Since the 32-bit and 64-bit representations of ~0 are different, |
157 | * explicitly handle MACH_PORT_DEAD |
158 | */ |
159 | |
160 | #define CAST_MACH_PORT_TO_NAME(x) ((mach_port_name_t)(uintptr_t)(x)) |
161 | #define CAST_MACH_NAME_TO_PORT(x) ((x) == MACH_PORT_DEAD ? (mach_port_t)IPC_PORT_DEAD : (mach_port_t)(uintptr_t)(x)) |
162 | |
163 | #else /* KERNEL */ |
164 | |
165 | /* |
166 | * mach_port_t - a named port right |
167 | * |
168 | * In user-space, "rights" are represented by the name of the |
169 | * right in the Mach port namespace. Even so, this type is |
170 | * presented as a unique one to more clearly denote the presence |
171 | * of a right coming along with the name. |
172 | * |
173 | * Often, various rights for a port held in a single name space |
174 | * will coalesce and are, therefore, be identified by a single name |
175 | * [this is the case for send and receive rights]. But not |
176 | * always [send-once rights currently get a unique name for |
177 | * each right]. |
178 | * |
179 | */ |
180 | |
181 | #include <sys/_types.h> |
182 | #include <sys/_types/_mach_port_t.h> |
183 | |
184 | #endif /* KERNEL */ |
185 | |
186 | typedef mach_port_t *mach_port_array_t; |
187 | |
188 | /* |
189 | * MACH_PORT_NULL is a legal value that can be carried in messages. |
190 | * It indicates the absence of any port or port rights. (A port |
191 | * argument keeps the message from being "simple", even if the |
192 | * value is MACH_PORT_NULL.) The value MACH_PORT_DEAD is also a legal |
193 | * value that can be carried in messages. It indicates |
194 | * that a port right was present, but it died. |
195 | */ |
196 | |
197 | #if defined(XNU_KERNEL_PRIVATE) && defined(__cplusplus) |
198 | #define MACH_PORT_NULL NULL |
199 | #else |
200 | #define MACH_PORT_NULL 0 /* intentional loose typing */ |
201 | #endif |
202 | #define MACH_PORT_DEAD ((mach_port_name_t) ~0) |
203 | #if MACH_KERNEL_PRIVATE |
204 | #define MACH_PORT_SPECIAL_DEFAULT ((mach_port_name_t)1) |
205 | #endif /* MACH_KERNEL_PRIVATE */ |
206 | #define MACH_PORT_VALID(name) \ |
207 | (((name) != MACH_PORT_NULL) && \ |
208 | ((name) != MACH_PORT_DEAD)) |
209 | |
210 | |
211 | /* |
212 | * For kernel-selected [assigned] port names, the name is |
213 | * comprised of two parts: a generation number and an index. |
214 | * This approach keeps the exact same name from being generated |
215 | * and reused too quickly [to catch right/reference counting bugs]. |
216 | * The dividing line between the constituent parts is exposed so |
217 | * that efficient "mach_port_name_t to data structure pointer" |
218 | * conversion implementation can be made. But it is possible |
219 | * for user-level code to assign their own names to Mach ports. |
220 | * These are not required to participate in this algorithm. So |
221 | * care should be taken before "assuming" this model. |
222 | * |
223 | */ |
224 | |
225 | #ifndef NO_PORT_GEN |
226 | |
227 | #define MACH_PORT_INDEX(name) ((name) >> 8) |
228 | #define MACH_PORT_GEN(name) (((name) & 0xff) << 24) |
229 | #define MACH_PORT_MAKE(index, gen) \ |
230 | (((index) << 8) | (gen) >> 24) |
231 | |
232 | #else /* NO_PORT_GEN */ |
233 | |
234 | #define MACH_PORT_INDEX(name) (name) |
235 | #define MACH_PORT_GEN(name) (0) |
236 | #define MACH_PORT_MAKE(index, gen) (index) |
237 | |
238 | #endif /* NO_PORT_GEN */ |
239 | |
240 | |
241 | /* |
242 | * These are the different rights a task may have for a port. |
243 | * The MACH_PORT_RIGHT_* definitions are used as arguments |
244 | * to mach_port_allocate, mach_port_get_refs, etc, to specify |
245 | * a particular right to act upon. The mach_port_names and |
246 | * mach_port_type calls return bitmasks using the MACH_PORT_TYPE_* |
247 | * definitions. This is because a single name may denote |
248 | * multiple rights. |
249 | */ |
250 | |
251 | typedef natural_t mach_port_right_t; |
252 | |
253 | #define MACH_PORT_RIGHT_SEND ((mach_port_right_t) 0) |
254 | #define MACH_PORT_RIGHT_RECEIVE ((mach_port_right_t) 1) |
255 | #define MACH_PORT_RIGHT_SEND_ONCE ((mach_port_right_t) 2) |
256 | #define MACH_PORT_RIGHT_PORT_SET ((mach_port_right_t) 3) |
257 | #define MACH_PORT_RIGHT_DEAD_NAME ((mach_port_right_t) 4) |
258 | #define MACH_PORT_RIGHT_LABELH ((mach_port_right_t) 5) /* obsolete right */ |
259 | #define MACH_PORT_RIGHT_NUMBER ((mach_port_right_t) 6) /* right not implemented */ |
260 | |
261 | #ifdef MACH_KERNEL_PRIVATE |
262 | #define MACH_PORT_RIGHT_VALID_TRANSLATE(right) \ |
263 | ((right) >= MACH_PORT_RIGHT_SEND && (right) <= MACH_PORT_RIGHT_DEAD_NAME) |
264 | #endif |
265 | |
266 | typedef natural_t mach_port_type_t; |
267 | typedef mach_port_type_t *mach_port_type_array_t; |
268 | |
269 | #define MACH_PORT_TYPE(right) \ |
270 | ((mach_port_type_t)(((mach_port_type_t) 1) \ |
271 | << ((right) + ((mach_port_right_t) 16)))) |
272 | #define MACH_PORT_TYPE_NONE ((mach_port_type_t) 0L) |
273 | #define MACH_PORT_TYPE_SEND MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND) |
274 | #define MACH_PORT_TYPE_RECEIVE MACH_PORT_TYPE(MACH_PORT_RIGHT_RECEIVE) |
275 | #define MACH_PORT_TYPE_SEND_ONCE MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND_ONCE) |
276 | #define MACH_PORT_TYPE_PORT_SET MACH_PORT_TYPE(MACH_PORT_RIGHT_PORT_SET) |
277 | #define MACH_PORT_TYPE_DEAD_NAME MACH_PORT_TYPE(MACH_PORT_RIGHT_DEAD_NAME) |
278 | #define MACH_PORT_TYPE_LABELH MACH_PORT_TYPE(MACH_PORT_RIGHT_LABELH) /* obsolete */ |
279 | |
280 | #ifdef MACH_KERNEL_PRIVATE |
281 | /* Holder used to have a receive right - remembered to filter exceptions */ |
282 | #define MACH_PORT_TYPE_EX_RECEIVE MACH_PORT_TYPE_LABELH |
283 | #endif |
284 | |
285 | /* Convenient combinations. */ |
286 | |
287 | #define MACH_PORT_TYPE_SEND_RECEIVE \ |
288 | (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_RECEIVE) |
289 | #define MACH_PORT_TYPE_SEND_RIGHTS \ |
290 | (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_SEND_ONCE) |
291 | #define MACH_PORT_TYPE_PORT_RIGHTS \ |
292 | (MACH_PORT_TYPE_SEND_RIGHTS|MACH_PORT_TYPE_RECEIVE) |
293 | #define MACH_PORT_TYPE_PORT_OR_DEAD \ |
294 | (MACH_PORT_TYPE_PORT_RIGHTS|MACH_PORT_TYPE_DEAD_NAME) |
295 | #define MACH_PORT_TYPE_ALL_RIGHTS \ |
296 | (MACH_PORT_TYPE_PORT_OR_DEAD|MACH_PORT_TYPE_PORT_SET) |
297 | |
298 | /* Dummy type bits that mach_port_type/mach_port_names can return. */ |
299 | |
300 | #define MACH_PORT_TYPE_DNREQUEST 0x80000000 |
301 | #define MACH_PORT_TYPE_SPREQUEST 0x40000000 |
302 | #define MACH_PORT_TYPE_SPREQUEST_DELAYED 0x20000000 |
303 | |
304 | /* User-references for capabilities. */ |
305 | |
306 | typedef natural_t mach_port_urefs_t; |
307 | typedef integer_t mach_port_delta_t; /* change in urefs */ |
308 | |
309 | /* Attributes of ports. (See mach_port_get_receive_status.) */ |
310 | |
311 | typedef natural_t mach_port_seqno_t; /* sequence number */ |
312 | typedef natural_t mach_port_mscount_t; /* make-send count */ |
313 | typedef natural_t mach_port_msgcount_t; /* number of msgs */ |
314 | typedef natural_t mach_port_rights_t; /* number of rights */ |
315 | |
316 | /* |
317 | * Are there outstanding send rights for a given port? |
318 | */ |
319 | #define MACH_PORT_SRIGHTS_NONE 0 /* no srights */ |
320 | #define MACH_PORT_SRIGHTS_PRESENT 1 /* srights */ |
321 | typedef unsigned int mach_port_srights_t; /* status of send rights */ |
322 | |
323 | typedef struct mach_port_status { |
324 | mach_port_rights_t mps_pset; /* count of containing port sets */ |
325 | mach_port_seqno_t mps_seqno; /* sequence number */ |
326 | mach_port_mscount_t mps_mscount; /* make-send count */ |
327 | mach_port_msgcount_t mps_qlimit; /* queue limit */ |
328 | mach_port_msgcount_t mps_msgcount; /* number in the queue */ |
329 | mach_port_rights_t mps_sorights; /* how many send-once rights */ |
330 | boolean_t mps_srights; /* do send rights exist? */ |
331 | boolean_t mps_pdrequest; /* port-deleted requested? */ |
332 | boolean_t mps_nsrequest; /* no-senders requested? */ |
333 | natural_t mps_flags; /* port flags */ |
334 | } mach_port_status_t; |
335 | |
336 | /* System-wide values for setting queue limits on a port */ |
337 | #define MACH_PORT_QLIMIT_ZERO (0) |
338 | #define MACH_PORT_QLIMIT_BASIC (5) |
339 | #define MACH_PORT_QLIMIT_SMALL (16) |
340 | #define MACH_PORT_QLIMIT_LARGE (1024) |
341 | #define MACH_PORT_QLIMIT_KERNEL (65534) |
342 | #define MACH_PORT_QLIMIT_MIN MACH_PORT_QLIMIT_ZERO |
343 | #define MACH_PORT_QLIMIT_DEFAULT MACH_PORT_QLIMIT_BASIC |
344 | #define MACH_PORT_QLIMIT_MAX MACH_PORT_QLIMIT_LARGE |
345 | |
346 | typedef struct mach_port_limits { |
347 | mach_port_msgcount_t mpl_qlimit; /* number of msgs */ |
348 | } mach_port_limits_t; |
349 | |
350 | /* Possible values for mps_flags (part of mach_port_status_t) */ |
351 | #define MACH_PORT_STATUS_FLAG_TEMPOWNER 0x01 |
352 | #define MACH_PORT_STATUS_FLAG_GUARDED 0x02 |
353 | #define MACH_PORT_STATUS_FLAG_STRICT_GUARD 0x04 |
354 | #define MACH_PORT_STATUS_FLAG_IMP_DONATION 0x08 |
355 | #define MACH_PORT_STATUS_FLAG_REVIVE 0x10 |
356 | #define MACH_PORT_STATUS_FLAG_TASKPTR 0x20 |
357 | #define MACH_PORT_STATUS_FLAG_GUARD_IMMOVABLE_RECEIVE 0x40 |
358 | #define MACH_PORT_STATUS_FLAG_NO_GRANT 0x80 |
359 | |
360 | typedef struct mach_port_info_ext { |
361 | mach_port_status_t mpie_status; |
362 | mach_port_msgcount_t mpie_boost_cnt; |
363 | uint32_t reserved[6]; |
364 | } mach_port_info_ext_t; |
365 | |
366 | typedef struct mach_port_guard_info { |
367 | uint64_t mpgi_guard; /* guard value */ |
368 | } mach_port_guard_info_t; |
369 | |
370 | typedef integer_t *mach_port_info_t; /* varying array of natural_t */ |
371 | |
372 | /* Flavors for mach_port_get/set/assert_attributes() */ |
373 | typedef int mach_port_flavor_t; |
374 | #define MACH_PORT_LIMITS_INFO 1 /* uses mach_port_limits_t */ |
375 | #define MACH_PORT_RECEIVE_STATUS 2 /* uses mach_port_status_t */ |
376 | #define MACH_PORT_DNREQUESTS_SIZE 3 /* info is int */ |
377 | #define MACH_PORT_TEMPOWNER 4 /* indicates receive right will be reassigned to another task */ |
378 | #define MACH_PORT_IMPORTANCE_RECEIVER 5 /* indicates recieve right accepts priority donation */ |
379 | #define MACH_PORT_DENAP_RECEIVER 6 /* indicates receive right accepts de-nap donation */ |
380 | #define MACH_PORT_INFO_EXT 7 /* uses mach_port_info_ext_t */ |
381 | #define MACH_PORT_GUARD_INFO 8 /* asserts if the strict guard value is correct */ |
382 | #define MACH_PORT_SERVICE_THROTTLED 9 /* info is an integer that indicates if service port is throttled or not */ |
383 | |
384 | #define MACH_PORT_LIMITS_INFO_COUNT ((natural_t) \ |
385 | (sizeof(mach_port_limits_t)/sizeof(natural_t))) |
386 | #define MACH_PORT_RECEIVE_STATUS_COUNT ((natural_t) \ |
387 | (sizeof(mach_port_status_t)/sizeof(natural_t))) |
388 | #define MACH_PORT_DNREQUESTS_SIZE_COUNT 1 |
389 | #define MACH_PORT_INFO_EXT_COUNT ((natural_t) \ |
390 | (sizeof(mach_port_info_ext_t)/sizeof(natural_t))) |
391 | #define MACH_PORT_GUARD_INFO_COUNT ((natural_t) \ |
392 | (sizeof(mach_port_guard_info_t)/sizeof(natural_t))) |
393 | #define MACH_PORT_SERVICE_THROTTLED_COUNT 1 |
394 | |
395 | /* |
396 | * Structure used to pass information about port allocation requests. |
397 | * Must be padded to 64-bits total length. |
398 | */ |
399 | typedef struct mach_port_qos { |
400 | unsigned int name:1; /* name given */ |
401 | unsigned int prealloc:1; /* prealloced message */ |
402 | boolean_t pad1:30; |
403 | natural_t len; |
404 | } mach_port_qos_t; |
405 | |
406 | /* |
407 | * Structure used to pass information about the service port |
408 | */ |
409 | #define MACH_SERVICE_PORT_INFO_STRING_NAME_MAX_BUF_LEN 255 /* Maximum length of the port string name buffer */ |
410 | |
411 | typedef struct mach_service_port_info { |
412 | char mspi_string_name[MACH_SERVICE_PORT_INFO_STRING_NAME_MAX_BUF_LEN]; /* Service port's string name */ |
413 | uint8_t mspi_domain_type; /* Service port domain */ |
414 | } mach_service_port_info_data_t; |
415 | |
416 | #define MACH_SERVICE_PORT_INFO_COUNT ((char) \ |
417 | (sizeof(mach_service_port_info_data_t)/sizeof(char))) |
418 | |
419 | typedef struct mach_service_port_info * mach_service_port_info_t; |
420 | |
421 | /* |
422 | * Flags for mach_port_options (used for |
423 | * invocation of mach_port_construct). |
424 | * Indicates attributes to be set for the newly |
425 | * allocated port. |
426 | */ |
427 | #define MPO_CONTEXT_AS_GUARD 0x01 /* Add guard to the port */ |
428 | #define MPO_QLIMIT 0x02 /* Set qlimit for the port msg queue */ |
429 | #define MPO_TEMPOWNER 0x04 /* Set the tempowner bit of the port */ |
430 | #define MPO_IMPORTANCE_RECEIVER 0x08 /* Mark the port as importance receiver */ |
431 | #define MPO_INSERT_SEND_RIGHT 0x10 /* Insert a send right for the port */ |
432 | #define MPO_STRICT 0x20 /* Apply strict guarding for port */ |
433 | #define MPO_DENAP_RECEIVER 0x40 /* Mark the port as App de-nap receiver */ |
434 | #define MPO_IMMOVABLE_RECEIVE 0x80 /* Mark the port as immovable; protected by the guard context */ |
435 | #define MPO_FILTER_MSG 0x100 /* Allow message filtering */ |
436 | #define MPO_TG_BLOCK_TRACKING 0x200 /* Track blocking relationship for thread group during sync IPC */ |
437 | #define MPO_SERVICE_PORT 0x400 /* Create a service port with the given name; should be used only by launchd */ |
438 | #define MPO_CONNECTION_PORT 0x800 /* Derive new peer connection port from a given service port */ |
439 | #define MPO_REPLY_PORT 0x1000 /* Designate port as a reply port. */ |
440 | #define MPO_ENFORCE_REPLY_PORT_SEMANTICS 0x2000 /* When talking to this port, local port of mach msg needs to follow reply port semantics.*/ |
441 | #define MPO_PROVISIONAL_REPLY_PORT 0x4000 /* Designate port as a provisional reply port. */ |
442 | #define MPO_PROVISIONAL_ID_PROT_OPTOUT 0x8000 /* Opted out of EXCEPTION_IDENTITY_PROTECTED violation for now */ |
443 | |
444 | |
445 | /* |
446 | * Structure to define optional attributes for a newly |
447 | * constructed port. |
448 | */ |
449 | typedef struct mach_port_options { |
450 | uint32_t flags; /* Flags defining attributes for port */ |
451 | mach_port_limits_t mpl; /* Message queue limit for port */ |
452 | union { |
453 | uint64_t reserved[2]; /* Reserved */ |
454 | mach_port_name_t work_interval_port; /* Work interval port */ |
455 | #if KERNEL |
456 | uint32_t service_port_info32; /* Service port (MPO_SERVICE_PORT) */ |
457 | uint64_t service_port_info64; /* Service port (MPO_SERVICE_PORT) */ |
458 | #else |
459 | mach_service_port_info_t service_port_info; /* Service port (MPO_SERVICE_PORT) */ |
460 | #endif |
461 | mach_port_name_t service_port_name; /* Service port (MPO_CONNECTION_PORT) */ |
462 | }; |
463 | }mach_port_options_t; |
464 | |
465 | typedef mach_port_options_t *mach_port_options_ptr_t; |
466 | |
467 | /* Mach Port Guarding definitions */ |
468 | |
469 | /* |
470 | * EXC_GUARD represents a guard violation for both |
471 | * mach ports and file descriptors. GUARD_TYPE_ is used |
472 | * to differentiate among them. |
473 | */ |
474 | #define GUARD_TYPE_MACH_PORT 0x1 |
475 | |
476 | /* Reasons for exception for a guarded mach port */ |
477 | enum mach_port_guard_exception_codes { |
478 | kGUARD_EXC_DESTROY = 1, |
479 | kGUARD_EXC_MOD_REFS = 2, |
480 | kGUARD_EXC_INVALID_OPTIONS = 3, |
481 | kGUARD_EXC_SET_CONTEXT = 4, |
482 | kGUARD_EXC_THREAD_SET_STATE = 5, |
483 | kGUARD_EXC_EXCEPTION_BEHAVIOR_ENFORCE= 6, |
484 | kGUARD_EXC_UNGUARDED = 1u << 3, |
485 | kGUARD_EXC_INCORRECT_GUARD = 1u << 4, |
486 | kGUARD_EXC_IMMOVABLE = 1u << 5, |
487 | kGUARD_EXC_STRICT_REPLY = 1u << 6, |
488 | kGUARD_EXC_MSG_FILTERED = 1u << 7, |
489 | /* start of [optionally] non-fatal guards */ |
490 | kGUARD_EXC_INVALID_RIGHT = 1u << 8, |
491 | kGUARD_EXC_INVALID_NAME = 1u << 9, |
492 | kGUARD_EXC_INVALID_VALUE = 1u << 10, |
493 | kGUARD_EXC_INVALID_ARGUMENT = 1u << 11, |
494 | kGUARD_EXC_RIGHT_EXISTS = 1u << 12, |
495 | kGUARD_EXC_KERN_NO_SPACE = 1u << 13, |
496 | kGUARD_EXC_KERN_FAILURE = 1u << 14, |
497 | kGUARD_EXC_KERN_RESOURCE = 1u << 15, |
498 | kGUARD_EXC_SEND_INVALID_REPLY = 1u << 16, |
499 | kGUARD_EXC_SEND_INVALID_VOUCHER = 1u << 17, |
500 | kGUARD_EXC_SEND_INVALID_RIGHT = 1u << 18, |
501 | kGUARD_EXC_RCV_INVALID_NAME = 1u << 19, |
502 | /* start of always non-fatal guards */ |
503 | kGUARD_EXC_RCV_GUARDED_DESC = 1u << 20, /* for development only */ |
504 | kGUARD_EXC_MOD_REFS_NON_FATAL = 1u << 21, |
505 | kGUARD_EXC_IMMOVABLE_NON_FATAL = 1u << 22, |
506 | kGUARD_EXC_REQUIRE_REPLY_PORT_SEMANTICS = 1u << 23, |
507 | }; |
508 | |
509 | #define MAX_FATAL_kGUARD_EXC_CODE (1u << 7) |
510 | |
511 | /* |
512 | * Mach port guard flags. |
513 | */ |
514 | #define MPG_FLAGS_NONE (0x00ull) |
515 | |
516 | #define MAX_OPTIONAL_kGUARD_EXC_CODE (1u << 19) |
517 | |
518 | /* |
519 | * These flags are used as bits in the subcode of kGUARD_EXC_STRICT_REPLY exceptions. |
520 | */ |
521 | #define MPG_FLAGS_STRICT_REPLY_INVALID_REPLY_DISP (0x01ull << 56) |
522 | #define MPG_FLAGS_STRICT_REPLY_INVALID_REPLY_PORT (0x02ull << 56) |
523 | #define MPG_FLAGS_STRICT_REPLY_INVALID_VOUCHER (0x04ull << 56) |
524 | #define MPG_FLAGS_STRICT_REPLY_NO_BANK_ATTR (0x08ull << 56) |
525 | #define MPG_FLAGS_STRICT_REPLY_MISMATCHED_PERSONA (0x10ull << 56) |
526 | #define MPG_FLAGS_STRICT_REPLY_MASK (0xffull << 56) |
527 | |
528 | /* |
529 | * These flags are used as bits in the subcode of kGUARD_EXC_MOD_REFS exceptions. |
530 | */ |
531 | #define MPG_FLAGS_MOD_REFS_PINNED_DEALLOC (0x01ull << 56) |
532 | #define MPG_FLAGS_MOD_REFS_PINNED_DESTROY (0x02ull << 56) |
533 | #define MPG_FLAGS_MOD_REFS_PINNED_COPYIN (0x04ull << 56) |
534 | |
535 | /* |
536 | * These flags are used as bits in the subcode of kGUARD_EXC_IMMOVABLE exceptions. |
537 | */ |
538 | #define MPG_FLAGS_IMMOVABLE_PINNED (0x01ull << 56) |
539 | |
540 | /* |
541 | * Flags for mach_port_guard_with_flags. These flags extend |
542 | * the attributes associated with a guarded port. |
543 | */ |
544 | #define MPG_STRICT 0x01 /* Apply strict guarding for a port */ |
545 | #define MPG_IMMOVABLE_RECEIVE 0x02 /* Receive right cannot be moved out of the space */ |
546 | |
547 | #if !__DARWIN_UNIX03 && !defined(_NO_PORT_T_FROM_MACH) |
548 | /* |
549 | * Mach 3.0 renamed everything to have mach_ in front of it. |
550 | * These types and macros are provided for backward compatibility |
551 | * but are deprecated. |
552 | */ |
553 | typedef mach_port_t port_t; |
554 | typedef mach_port_name_t port_name_t; |
555 | typedef mach_port_name_t *port_name_array_t; |
556 | |
557 | #define PORT_NULL ((port_t) 0) |
558 | #define PORT_DEAD ((port_t) ~0) |
559 | #define PORT_VALID(name) \ |
560 | ((port_t)(name) != PORT_NULL && (port_t)(name) != PORT_DEAD) |
561 | |
562 | #endif /* !__DARWIN_UNIX03 && !_NO_PORT_T_FROM_MACH */ |
563 | |
564 | #endif /* _MACH_PORT_H_ */ |
565 | |