| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2015 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | #ifndef _SYS_PERSONA_H_ |
| 29 | #define _SYS_PERSONA_H_ |
| 30 | |
| 31 | #ifdef PRIVATE |
| 32 | #include <sys/param.h> |
| 33 | |
| 34 | #ifdef KERNEL |
| 35 | __enum_decl(persona_type_t, int, { |
| 36 | #else /* !KERNEL */ |
| 37 | enum { |
| 38 | #endif /* KERNEL */ |
| 39 | PERSONA_INVALID = 0, |
| 40 | PERSONA_GUEST = 1, |
| 41 | PERSONA_MANAGED = 2, |
| 42 | PERSONA_PRIV = 3, |
| 43 | PERSONA_SYSTEM = 4, |
| 44 | PERSONA_DEFAULT = 5, |
| 45 | PERSONA_SYSTEM_PROXY = 6, |
| 46 | PERSONA_SYS_EXT = 7, |
| 47 | PERSONA_ENTERPRISE = 8, |
| 48 | |
| 49 | PERSONA_TYPE_MAX = PERSONA_ENTERPRISE, |
| 50 | #ifdef KERNEL |
| 51 | }); |
| 52 | #else /* !KERNEL */ |
| 53 | }; |
| 54 | #endif /* KERNEL */ |
| 55 | |
| 56 | #define PERSONA_ID_NONE ((uid_t)-1) |
| 57 | |
| 58 | struct kpersona_info { |
| 59 | /* v1 fields */ |
| 60 | uint32_t persona_info_version; |
| 61 | |
| 62 | uid_t persona_id; |
| 63 | int persona_type; |
| 64 | gid_t persona_gid; /* unused */ |
| 65 | uint32_t persona_ngroups; /* unused */ |
| 66 | gid_t persona_groups[NGROUPS]; /* unused */ |
| 67 | uid_t persona_gmuid; /* unused */ |
| 68 | char persona_name[MAXLOGNAME + 1]; |
| 69 | |
| 70 | /* v2 fields */ |
| 71 | uid_t persona_uid; |
| 72 | } __attribute__((packed)); |
| 73 | |
| 74 | #define PERSONA_INFO_V1 1 |
| 75 | #define PERSONA_INFO_V2 2 |
| 76 | |
| 77 | // Userspace and the kernel must see the same struct layout. Assert that in |
| 78 | // either case sizeof() is equal to the same pre-determined value. |
| 79 | _Static_assert(sizeof(struct kpersona_info) == 348, "sizeof(kpersona_info) == 348"); |
| 80 | |
| 81 | #define PERSONA_OP_ALLOC 1 |
| 82 | #define PERSONA_OP_PALLOC 2 |
| 83 | #define PERSONA_OP_DEALLOC 3 |
| 84 | #define PERSONA_OP_GET 4 |
| 85 | #define PERSONA_OP_INFO 5 |
| 86 | #define PERSONA_OP_PIDINFO 6 |
| 87 | #define PERSONA_OP_FIND 7 |
| 88 | #define PERSONA_OP_GETPATH 8 |
| 89 | #define PERSONA_OP_FIND_BY_TYPE 9 |
| 90 | |
| 91 | #define PERSONA_MGMT_ENTITLEMENT "com.apple.private.persona-mgmt" |
| 92 | |
| 93 | #ifndef KERNEL |
| 94 | /* |
| 95 | * user space persona interface |
| 96 | */ |
| 97 | |
| 98 | /* |
| 99 | * kpersona_alloc: Allocate a new in-kernel persona |
| 100 | * |
| 101 | * Parameters: |
| 102 | * info: Pointer to persona info structure describing the |
| 103 | * attributes of the persona to create / allocate. |
| 104 | * |
| 105 | * id: output: set to the ID of the created persona |
| 106 | * |
| 107 | * Note: |
| 108 | * The 'persona_id' field of the 'info' parameter is ignored. |
| 109 | * |
| 110 | * Return: |
| 111 | * != 0: ERROR |
| 112 | * == 0: Success |
| 113 | */ |
| 114 | int kpersona_alloc(struct kpersona_info *info, uid_t *id); |
| 115 | |
| 116 | /* |
| 117 | * kpersona_palloc: Allocate a new in-kernel persona with a directory |
| 118 | * pathname |
| 119 | * |
| 120 | * Parameters: |
| 121 | * info: Pointer to persona info structure describing the |
| 122 | * attributes of the persona to create / allocate. |
| 123 | * |
| 124 | * path: Pointer to directory name that stores persona specific |
| 125 | * data. Assumes path buffer length = MAXPATHLEN and is a |
| 126 | * null-terminated string. |
| 127 | * |
| 128 | * id: output: set to the ID of the created persona |
| 129 | * |
| 130 | * Note: |
| 131 | * The 'persona_id' field of the 'info' parameter is ignored. |
| 132 | * |
| 133 | * Return: |
| 134 | * != 0: ERROR |
| 135 | * == 0: Success |
| 136 | */ |
| 137 | int kpersona_palloc(struct kpersona_info *info, uid_t *id, char path[MAXPATHLEN]); |
| 138 | |
| 139 | /* |
| 140 | * kpersona_dealloc: delete / destroy an in-kernel persona |
| 141 | * |
| 142 | * Parameters: |
| 143 | * id: the ID of the persona to destroy |
| 144 | * |
| 145 | * Return: |
| 146 | * < 0: ERROR |
| 147 | * 0: Success |
| 148 | */ |
| 149 | int kpersona_dealloc(uid_t id); |
| 150 | |
| 151 | /* |
| 152 | * kpersona_get: retrieve the persona with which the current thread is running |
| 153 | * |
| 154 | * To find the proc's persona id use kpersona_pidinfo |
| 155 | * |
| 156 | * Parameters: |
| 157 | * id: output: will be filled with the persona id from the voucher adopted |
| 158 | * on the current thread. If that voucher contains no persona information |
| 159 | * or there is no such voucher, then it defaults to the proc's persona id. |
| 160 | * |
| 161 | * Return: |
| 162 | * < 0: Thread is not running under any persona |
| 163 | * 0: Success (uuid is filled with running persona UUID) |
| 164 | */ |
| 165 | int kpersona_get(uid_t *id); |
| 166 | |
| 167 | /* |
| 168 | * kpersona_get_path: retrieve the given persona's path |
| 169 | * |
| 170 | * Parameters: |
| 171 | * id: ID of the persona |
| 172 | * |
| 173 | * path: output: filled in with path on success. |
| 174 | * Assumes path buffer length = MAXPATHLEN |
| 175 | * |
| 176 | * Return: |
| 177 | * < 0: Error |
| 178 | * 0: Success |
| 179 | */ |
| 180 | int kpersona_getpath(uid_t id, char path[MAXPATHLEN]); |
| 181 | |
| 182 | /* |
| 183 | * kpersona_info: gather info about the given persona |
| 184 | * |
| 185 | * Parameters: |
| 186 | * id: ID of the persona to investigate |
| 187 | * If set to 0, it uses persona id from the voucher adopted on the current |
| 188 | * thread. If that voucher contains no persona information or there is no |
| 189 | * such voucher, then it defaults to the proc's persona id. |
| 190 | * |
| 191 | * info: output: filled in with persona attributes on success. |
| 192 | * |
| 193 | * Return: |
| 194 | * < 0: ERROR |
| 195 | * 0: Success |
| 196 | */ |
| 197 | int kpersona_info(uid_t id, struct kpersona_info *info); |
| 198 | |
| 199 | /* |
| 200 | * kpersona_pidinfo: gather persona info about the given PID |
| 201 | * |
| 202 | * Parameters: |
| 203 | * pid: PID of the process whose persona info we're to return |
| 204 | * |
| 205 | * info: output: filled in with persona attributes on success. |
| 206 | * |
| 207 | * Return: |
| 208 | * < 0: ERROR |
| 209 | * 0: Success |
| 210 | */ |
| 211 | int kpersona_pidinfo(pid_t pid, struct kpersona_info *info); |
| 212 | |
| 213 | /* |
| 214 | * kpersona_find: lookup the kernel's UUID of a persona |
| 215 | * |
| 216 | * Parameters: |
| 217 | * name: Local login name of the persona. |
| 218 | * Set this to NULL to find personas by 'uid'. |
| 219 | * |
| 220 | * uid: UID of the persona. |
| 221 | * Set this to -1 to find personas by 'name' |
| 222 | * |
| 223 | * id: output: the ID(s) matching the input parameters |
| 224 | * This can be NULL |
| 225 | * |
| 226 | * idlen: input - size of 'id' buffer (in number of IDs) |
| 227 | * output - the total required size of the 'id' buffer |
| 228 | * (in number of IDs) - may be larger than input size |
| 229 | * Note: |
| 230 | * At least one of 'name' or 'uid' must be set. |
| 231 | * |
| 232 | * Return: |
| 233 | * < 0: ERROR |
| 234 | * >= 0: Output value of idlen - may be larger than input size |
| 235 | */ |
| 236 | int kpersona_find(const char *name, uid_t uid, uid_t *id, size_t *idlen); |
| 237 | |
| 238 | /* |
| 239 | * kpersona_find_by_type: lookup the persona ids by type |
| 240 | * |
| 241 | * Parameters: |
| 242 | * persona_type: Type of persona id (see enum) |
| 243 | * |
| 244 | * id: output: the ID(s) matching the input parameters |
| 245 | * This can be NULL |
| 246 | * |
| 247 | * idlen: input - size of 'id' buffer (in number of IDs) |
| 248 | * output - the total required size of the 'id' buffer |
| 249 | * (in number of IDs) - may be larger than input size |
| 250 | * Return: |
| 251 | * < 0: ERROR |
| 252 | * >= 0: Output value of idlen - may be larger than input size |
| 253 | */ |
| 254 | int kpersona_find_by_type(int persona_type, uid_t *id, size_t *idlen); |
| 255 | #endif /* !KERNEL */ |
| 256 | |
| 257 | #ifdef KERNEL_PRIVATE |
| 258 | /* XNU + kext private interface */ |
| 259 | #include <sys/cdefs.h> |
| 260 | #include <sys/kauth.h> |
| 261 | #include <libkern/libkern.h> |
| 262 | #include <os/refcnt.h> |
| 263 | |
| 264 | #ifdef PERSONA_DEBUG |
| 265 | #include <os/log.h> |
| 266 | #define persona_dbg(fmt, ...) \ |
| 267 | os_log(OS_LOG_DEFAULT, "[%4d] %s: " fmt "\n", \ |
| 268 | current_proc() ? proc_getpid(current_proc()) : -1, \ |
| 269 | __func__, ## __VA_ARGS__) |
| 270 | #else |
| 271 | #define persona_dbg(fmt, ...) do { } while (0) |
| 272 | #endif |
| 273 | |
| 274 | /* |
| 275 | * Persona |
| 276 | */ |
| 277 | #ifdef XNU_KERNEL_PRIVATE |
| 278 | /* only XNU proper needs to see the persona structure */ |
| 279 | struct persona { |
| 280 | os_refcnt_t pna_refcount; |
| 281 | int32_t pna_valid; |
| 282 | |
| 283 | uid_t pna_id; |
| 284 | persona_type_t pna_type; |
| 285 | char pna_login[MAXLOGNAME + 1]; |
| 286 | char *pna_path; |
| 287 | uid_t pna_uid; |
| 288 | |
| 289 | LIST_ENTRY(persona) pna_list; |
| 290 | |
| 291 | /* this could go away if we used a coalition */ |
| 292 | LIST_HEAD(, proc) pna_members; |
| 293 | |
| 294 | lck_mtx_t pna_lock; |
| 295 | |
| 296 | /* |
| 297 | * We can add things here such as PID maps, UID maps, etc. |
| 298 | */ |
| 299 | #ifdef PERSONA_DEBUG |
| 300 | char pna_desc[128]; |
| 301 | #endif |
| 302 | }; |
| 303 | |
| 304 | #define persona_lock(persona) lck_mtx_lock(&(persona)->pna_lock) |
| 305 | #define persona_unlock(persona) lck_mtx_unlock(&(persona)->pna_lock) |
| 306 | #define persona_try_lock(persona) lck_mtx_try_lock(&(persona)->pna_lock) |
| 307 | |
| 308 | #define persona_lock_assert_held(persona) \ |
| 309 | LCK_MTX_ASSERT(&(persona)->pna_lock, LCK_MTX_ASSERT_OWNED) |
| 310 | |
| 311 | #ifdef PERSONA_DEBUG |
| 312 | static inline const char * |
| 313 | persona_desc(struct persona *persona, int locked) |
| 314 | { |
| 315 | if (!persona) { |
| 316 | return "<none>"; |
| 317 | } |
| 318 | |
| 319 | if (persona->pna_desc[0] != 0) { |
| 320 | return persona->pna_desc; |
| 321 | } |
| 322 | |
| 323 | if (!locked) { |
| 324 | persona_lock(persona); |
| 325 | } |
| 326 | if (persona->pna_desc[0] != 0) { |
| 327 | goto out_unlock; |
| 328 | } |
| 329 | |
| 330 | char *p = &persona->pna_desc[0]; |
| 331 | char *end = p + sizeof(persona->pna_desc) - 1; |
| 332 | |
| 333 | *end = 0; |
| 334 | p += scnprintf(p, end - p, "%s/%d", |
| 335 | persona->pna_login, |
| 336 | persona->pna_id); |
| 337 | |
| 338 | if (p <= end) { |
| 339 | *p = 0; |
| 340 | } |
| 341 | out_unlock: |
| 342 | if (!locked) { |
| 343 | persona_unlock(persona); |
| 344 | } |
| 345 | |
| 346 | return persona->pna_desc; |
| 347 | } |
| 348 | #else /* !PERSONA_DEBUG */ |
| 349 | static inline const char * |
| 350 | persona_desc(struct persona *persona, int locked) |
| 351 | { |
| 352 | (void)persona; |
| 353 | (void)locked; |
| 354 | return "<persona>"; |
| 355 | } |
| 356 | #endif |
| 357 | |
| 358 | #else /* !XNU_KERNEL_PRIVATE */ |
| 359 | /* kexts should only see an opaque persona structure */ |
| 360 | struct persona; |
| 361 | #endif |
| 362 | |
| 363 | __BEGIN_DECLS |
| 364 | |
| 365 | #ifndef _KAUTH_CRED_T |
| 366 | #define _KAUTH_CRED_T |
| 367 | typedef struct ucred *kauth_cred_t; |
| 368 | #endif /* !_KAUTH_CRED_T */ |
| 369 | |
| 370 | /* returns the persona ID for the given pesona structure */ |
| 371 | uid_t persona_get_id(struct persona *persona); |
| 372 | |
| 373 | /* returns the persona UID for the given pesona structure */ |
| 374 | uid_t persona_get_uid(struct persona *persona); |
| 375 | |
| 376 | /* returns the type of the persona (see enum above: PERSONA_GUEST, etc.) */ |
| 377 | int persona_get_type(struct persona *persona); |
| 378 | |
| 379 | /* returns a reference that must be released with persona_put() */ |
| 380 | struct persona *persona_lookup(uid_t id); |
| 381 | |
| 382 | /* |
| 383 | * Search for personas based on name or uid |
| 384 | * |
| 385 | * Parameters: |
| 386 | * name: Local login name of the persona. |
| 387 | * Set this to NULL to find personas by 'uid'. |
| 388 | * |
| 389 | * uid: UID of the persona. |
| 390 | * Set this to -1 to find personas by 'name' |
| 391 | * |
| 392 | * persona: output - array of persona pointers. Each non-NULL value |
| 393 | * must* be released with persona_put. This can be NULL. |
| 394 | * |
| 395 | * plen: input - size of 'persona' buffer (in number of pointers) |
| 396 | * output - the total required size of the 'persona' buffer (could be larger than input value) |
| 397 | * |
| 398 | * Return: |
| 399 | * 0: Success |
| 400 | * != 0: failure (BSD errno value ESRCH or EINVAL) |
| 401 | */ |
| 402 | int persona_find(const char *login, uid_t uid, |
| 403 | struct persona **persona, size_t *plen); |
| 404 | |
| 405 | /* returns a reference that must be released with persona_put() */ |
| 406 | struct persona *persona_proc_get(pid_t pid); |
| 407 | |
| 408 | /* returns the persona id tied to the current thread (also uses adopted voucher) */ |
| 409 | uid_t current_persona_get_id(void); |
| 410 | |
| 411 | /* returns a reference to the persona tied to the current thread (also uses adopted voucher) */ |
| 412 | struct persona *current_persona_get(void); |
| 413 | |
| 414 | /* get a reference to a persona structure */ |
| 415 | struct persona *persona_get(struct persona *persona); |
| 416 | |
| 417 | /* returns a reference to proc's persona that must be released with persona_put() */ |
| 418 | struct persona *proc_persona_get(proc_t p); |
| 419 | |
| 420 | /* release a reference to a persona structure */ |
| 421 | void persona_put(struct persona *persona); |
| 422 | |
| 423 | /* |
| 424 | * Search for personas of a given type, 'persona_type'. |
| 425 | * |
| 426 | * Parameters: |
| 427 | * persona_type: Type of persona (see enum) |
| 428 | * |
| 429 | * persona: output - array of persona pointers. Each non-NULL value |
| 430 | * must* be released with persona_put. This can be NULL. |
| 431 | * |
| 432 | * plen: input - size of 'persona' buffer (in number of pointers) |
| 433 | * output - the total required size of the 'persona' buffer (could be larger than input value) |
| 434 | * |
| 435 | * Return: |
| 436 | * 0: Success |
| 437 | * != 0: failure (BSD errno value ESRCH or EINVAL) |
| 438 | */ |
| 439 | int persona_find_by_type(persona_type_t persona_type, struct persona **persona, |
| 440 | size_t *plen); |
| 441 | |
| 442 | boolean_t persona_is_adoption_allowed(struct persona *persona); |
| 443 | |
| 444 | #ifdef XNU_KERNEL_PRIVATE |
| 445 | |
| 446 | #if CONFIG_PERSONAS |
| 447 | #include <sys/proc_internal.h> |
| 448 | |
| 449 | /* |
| 450 | * In-kernel persona API |
| 451 | */ |
| 452 | extern const uint32_t g_max_personas; |
| 453 | |
| 454 | struct persona *persona_alloc(uid_t id, const char *login, |
| 455 | persona_type_t type, char *path, uid_t uid, int *error); |
| 456 | |
| 457 | int persona_init_begin(struct persona *persona); |
| 458 | void persona_init_end(struct persona *persona, int error); |
| 459 | |
| 460 | struct persona *persona_lookup_and_invalidate(uid_t id); |
| 461 | |
| 462 | static inline int |
| 463 | proc_has_persona(proc_t p) |
| 464 | { |
| 465 | if (p && p->p_persona) { |
| 466 | return 1; |
| 467 | } |
| 468 | return 0; |
| 469 | } |
| 470 | |
| 471 | static inline uid_t |
| 472 | persona_id_from_proc(proc_t p) |
| 473 | { |
| 474 | if (p && p->p_persona) { |
| 475 | return p->p_persona->pna_id; |
| 476 | } |
| 477 | return PERSONA_ID_NONE; |
| 478 | } |
| 479 | |
| 480 | /* consumes persona */ |
| 481 | int persona_proc_adopt(proc_t p, struct persona *persona, kauth_cred_derive_t fn); |
| 482 | |
| 483 | int persona_proc_drop(proc_t p); |
| 484 | |
| 485 | /* returns a reference that must be released with persona_put() */ |
| 486 | struct persona *persona_proc_get(pid_t pid); |
| 487 | |
| 488 | int persona_find_all(const char *login, uid_t uid, persona_type_t persona_type, |
| 489 | struct persona **persona, size_t *plen); |
| 490 | |
| 491 | #else /* !CONFIG_PERSONAS */ |
| 492 | |
| 493 | static inline int |
| 494 | proc_has_persona(__unused proc_t p) |
| 495 | { |
| 496 | return 0; |
| 497 | } |
| 498 | |
| 499 | static inline uid_t |
| 500 | persona_id_from_proc(__unused proc_t p) |
| 501 | { |
| 502 | return PERSONA_ID_NONE; |
| 503 | } |
| 504 | |
| 505 | #endif /* CONFIG_PERSONAS */ |
| 506 | #endif /* XNU_KERNEL_PRIVATE */ |
| 507 | __END_DECLS |
| 508 | |
| 509 | #endif /* KERNEL_PRIVATE */ |
| 510 | |
| 511 | #endif /* PRIVATE */ |
| 512 | #endif /* _SYS_PERSONA_H_ */ |
| 513 |
Generated while processing xnu/bsd/kern/kern_exec.c
Generated on 2024-Jun-06 from project xnu revision 10063.121.3
Powered by 
Code Browser 2.1
Generator usage only permitted with license.