1/*
2 * Copyright (c) 2000-2021 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28/*
29 * @OSF_COPYRIGHT@
30 */
31/*
32 * Mach Operating System
33 * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
56/*
57 */
58/*
59 * File: mach/vm_prot.h
60 * Author: Avadis Tevanian, Jr., Michael Wayne Young
61 *
62 * Virtual memory protection definitions.
63 *
64 */
65
66#ifndef _MACH_VM_PROT_H_
67#define _MACH_VM_PROT_H_
68
69/*
70 * Types defined:
71 *
72 * vm_prot_t VM protection values.
73 */
74
75typedef int vm_prot_t;
76
77/*
78 * Protection values, defined as bits within the vm_prot_t type
79 */
80
81#define VM_PROT_NONE ((vm_prot_t) 0x00)
82
83#define VM_PROT_READ ((vm_prot_t) 0x01) /* read permission */
84#define VM_PROT_WRITE ((vm_prot_t) 0x02) /* write permission */
85#define VM_PROT_EXECUTE ((vm_prot_t) 0x04) /* execute permission */
86
87/*
88 * The default protection for newly-created virtual memory
89 */
90
91#define VM_PROT_DEFAULT (VM_PROT_READ|VM_PROT_WRITE)
92
93/*
94 * The maximum privileges possible, for parameter checking.
95 */
96
97#define VM_PROT_ALL (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE)
98
99/*
100 * This is an alias to VM_PROT_EXECUTE to identify callers that
101 * want to allocate an hardware assisted Read-only/read-write
102 * trusted path in userland.
103 */
104#define VM_PROT_RORW_TP (VM_PROT_EXECUTE)
105
106/*
107 * An invalid protection value.
108 * Used only by memory_object_lock_request to indicate no change
109 * to page locks. Using -1 here is a bad idea because it
110 * looks like VM_PROT_ALL and then some.
111 */
112
113#define VM_PROT_NO_CHANGE_LEGACY ((vm_prot_t) 0x08)
114#define VM_PROT_NO_CHANGE ((vm_prot_t) 0x01000000)
115
116/*
117 * When a caller finds that he cannot obtain write permission on a
118 * mapped entry, the following flag can be used. The entry will
119 * be made "needs copy" effectively copying the object (using COW),
120 * and write permission will be added to the maximum protections
121 * for the associated entry.
122 */
123
124#define VM_PROT_COPY ((vm_prot_t) 0x10)
125
126
127/*
128 * Another invalid protection value.
129 * Used only by memory_object_data_request upon an object
130 * which has specified a copy_call copy strategy. It is used
131 * when the kernel wants a page belonging to a copy of the
132 * object, and is only asking the object as a result of
133 * following a shadow chain. This solves the race between pages
134 * being pushed up by the memory manager and the kernel
135 * walking down the shadow chain.
136 */
137
138#define VM_PROT_WANTS_COPY ((vm_prot_t) 0x10)
139
140#ifdef PRIVATE
141/*
142 * The caller wants this memory region treated as if it had a valid
143 * code signature.
144 */
145
146#define VM_PROT_TRUSTED ((vm_prot_t) 0x20)
147#endif /* PRIVATE */
148
149/*
150 * Another invalid protection value.
151 * Indicates that the other protection bits are to be applied as a mask
152 * against the actual protection bits of the map entry.
153 */
154#define VM_PROT_IS_MASK ((vm_prot_t) 0x40)
155
156/*
157 * Another invalid protection value to support execute-only protection.
158 * VM_PROT_STRIP_READ is a special marker that tells mprotect to not
159 * set VM_PROT_READ. We have to do it this way because existing code
160 * expects the system to set VM_PROT_READ if VM_PROT_EXECUTE is set.
161 * VM_PROT_EXECUTE_ONLY is just a convenience value to indicate that
162 * the memory should be executable and explicitly not readable. It will
163 * be ignored on platforms that do not support this type of protection.
164 */
165#define VM_PROT_STRIP_READ ((vm_prot_t) 0x80)
166#define VM_PROT_EXECUTE_ONLY (VM_PROT_EXECUTE|VM_PROT_STRIP_READ)
167
168#ifdef PRIVATE
169/*
170 * When using VM_PROT_COPY, fail instead of copying an executable mapping,
171 * since that could cause code-signing violations.
172 */
173#define VM_PROT_COPY_FAIL_IF_EXECUTABLE ((vm_prot_t)0x100)
174#endif /* PRIVATE */
175
176/*
177 * Another invalid protection value to support pager TPRO protection.
178 * VM_PROT_TPRO is a special marker that tells the a pager to
179 * set TPRO flags on a given entry. We do it this way to prevent
180 * bloating the pager structures and it allows dyld to pass through
181 * this flag in lieue of specifying explicit VM flags, allowing us to handle
182 * the final permissions internally.
183 */
184#define VM_PROT_TPRO ((vm_prot_t) 0x200)
185
186#if defined(__x86_64__)
187/*
188 * Another invalid protection value to support specifying different
189 * execute permissions for user- and supervisor- modes. When
190 * MBE is enabled in a VM, VM_PROT_EXECUTE is used to indicate
191 * supervisor-mode execute permission, and VM_PROT_UEXEC specifies
192 * user-mode execute permission. Currently only used by the
193 * x86 Hypervisor kext.
194 */
195#define VM_PROT_UEXEC ((vm_prot_t) 0x8) /* User-mode Execute Permission */
196
197#define VM_PROT_ALLEXEC (VM_PROT_EXECUTE | VM_PROT_UEXEC)
198#else
199#define VM_PROT_ALLEXEC (VM_PROT_EXECUTE)
200#endif /* defined(__x86_64__) */
201
202
203#endif /* _MACH_VM_PROT_H_ */
204