| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2021 Apple Computer, Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | /* |
| 29 | * @OSF_COPYRIGHT@ |
| 30 | */ |
| 31 | |
| 32 | #ifndef _SYS_KERN_DEBUG_H_ |
| 33 | #define _SYS_KERN_DEBUG_H_ |
| 34 | |
| 35 | #include <mach/mach_types.h> |
| 36 | |
| 37 | #include <sys/types.h> |
| 38 | |
| 39 | __BEGIN_DECLS |
| 40 | |
| 41 | /* |
| 42 | * A selector is just made of an index into syscall_rejection_masks, |
| 43 | * with the exception of the highest bit, which indicates whether the |
| 44 | * mask is to be added as an "allow" mask or a "deny" mask. |
| 45 | */ |
| 46 | typedef uint8_t syscall_rejection_selector_t; |
| 47 | |
| 48 | __END_DECLS |
| 49 | |
| 50 | #define SYSCALL_REJECTION_IS_ALLOW_MASK (1 << 6) |
| 51 | #define SYSCALL_REJECTION_NON_MASK_BITS 1 |
| 52 | |
| 53 | #define SYSCALL_REJECTION_SELECTOR_BITS 7 |
| 54 | #define SYSCALL_REJECTION_SELECTOR_MASK ((1 << SYSCALL_REJECTION_SELECTOR_BITS) - 1) |
| 55 | #define SYSCALL_REJECTION_SELECTOR_MASK_COUNT (1 << (SYSCALL_REJECTION_SELECTOR_BITS-SYSCALL_REJECTION_NON_MASK_BITS)) |
| 56 | |
| 57 | #define SYSCALL_REJECTION_INDEX_MASK (SYSCALL_REJECTION_SELECTOR_MASK & ~(syscall_rejection_selector_t)(SYSCALL_REJECTION_IS_ALLOW_MASK)) |
| 58 | |
| 59 | #define SYSCALL_REJECTION_ALLOW(sc) ((sc) | SYSCALL_REJECTION_IS_ALLOW_MASK) |
| 60 | #define SYSCALL_REJECTION_DENY(sc) (sc) |
| 61 | |
| 62 | #define SYSCALL_REJECTION_NULL 0 |
| 63 | #define SYSCALL_REJECTION_ALL 1 |
| 64 | |
| 65 | //// Flags for debug_syscall_reject_config |
| 66 | |
| 67 | /* |
| 68 | * default (no special behavior) |
| 69 | */ |
| 70 | #define SYSCALL_REJECTION_FLAGS_DEFAULT 0 |
| 71 | |
| 72 | /* |
| 73 | * force fatal: Hitting a denied syscall in this thread will always go |
| 74 | * the fatal path, no matter what the global mode is set to. |
| 75 | */ |
| 76 | #define SYSCALL_REJECTION_FLAGS_FORCE_FATAL 1 |
| 77 | |
| 78 | /* |
| 79 | * once: Hitting a denied syscall or mach trap will be remembered for |
| 80 | * the rest of the lifetime of this thread, and iff the once flag is |
| 81 | * currently set, such a remembered system call/mach trap will never hit |
| 82 | * again. (Note: This means that by removing the ONCE flag, all system |
| 83 | * calls/mach traps will hit again). |
| 84 | */ |
| 85 | #define SYSCALL_REJECTION_FLAGS_ONCE 2 |
| 86 | |
| 87 | #ifndef KERNEL |
| 88 | |
| 89 | __BEGIN_DECLS |
| 90 | |
| 91 | /* Request that the syscall rejection mask of the current thread be changed to the |
| 92 | * one specified by the list of selectors provided, e.g. |
| 93 | * syscall_rejection_selector_t selectors[] = |
| 94 | * [ SYSCALL_REJECTION_DENY(SYSCALL_REJECTION_ALL), |
| 95 | * SYSCALL_REJECTION_ALLOW(MY_SELECTOR) ]; |
| 96 | * ret = debug_syscall_reject_config(selectors, countof(selectors), SYSCALL_REJECTION_FLAGS_DEFAULT); |
| 97 | */ |
| 98 | |
| 99 | int debug_syscall_reject_config(const syscall_rejection_selector_t *selectors, size_t len, uint64_t flags); |
| 100 | |
| 101 | /* Compatibility with old interface. */ |
| 102 | int debug_syscall_reject(const syscall_rejection_selector_t *selectors, size_t len); |
| 103 | |
| 104 | __END_DECLS |
| 105 | |
| 106 | #else /* KERNEL */ |
| 107 | |
| 108 | #include <stdbool.h> |
| 109 | |
| 110 | #include <kern/bits.h> |
| 111 | |
| 112 | #include <sys/sysproto.h> |
| 113 | |
| 114 | __BEGIN_DECLS |
| 115 | |
| 116 | typedef bitmap_t *syscall_rejection_mask_t; |
| 117 | |
| 118 | int sys_debug_syscall_reject_config(struct proc *p, struct debug_syscall_reject_config_args *args, int *ret); |
| 119 | |
| 120 | int debug_syscall_reject(struct proc *p, struct debug_syscall_reject_args *args, int *ret); |
| 121 | |
| 122 | bool debug_syscall_rejection_handle(int syscall_mach_trap_number); |
| 123 | |
| 124 | void reset_debug_syscall_rejection_mode(void); |
| 125 | |
| 126 | void rejected_syscall_guard_ast(thread_t thread, mach_exception_data_type_t code, mach_exception_data_type_t subcode); |
| 127 | |
| 128 | extern int debug_syscall_rejection_mode; |
| 129 | |
| 130 | __END_DECLS |
| 131 | |
| 132 | #endif /* KERNEL */ |
| 133 | |
| 134 | #endif /* _SYS_KERN_DEBUG_H_ */ |
| 135 |
Generated while processing xnu/bsd/dev/arm/systemcalls.c
Generated on 2024-Jun-06 from project xnu revision 10063.121.3
Powered by 
Code Browser 2.1
Generator usage only permitted with license.