/*
* This routine exists to support the load_dylinker().
*
* This routine has its own, separate, understanding of the FAT file format,
* which is terrifically unfortunate.
*/
static
load_return_t
get_macho_vnode(
char *path,
integer_t archbits,
struct mach_header *mach_header,
off_t *file_offset,
off_t *macho_size,
struct macho_data *data,
uint8_t **vpp
)
{
/*uint8_t* data_f = get_file_data(path, macho_size);
*vpp = data_f;
*file_offset = 0;
*mach_header = *(struct mach_header*)(data_f);
data->__header.mach_header = *mach_header;
return LOAD_SUCCESS;*/
uint8_t *vp;
boolean_t is_fat;
struct fat_arch fat_arch;
int error = LOAD_SUCCESS;
int resid;
union macho_vnode_header *header = &data->__header;
off_t fsize = (off_t)0;
/*
* Capture the kernel credential for use in the actual read of the
* file, since the user doing the execution may have execute rights
* but not read rights, but to exec something, we have to either map
* or read it into the new process address space, which requires
* read rights. This is to deal with lack of common credential
* serialization code which would treat NOCRED as "serialize 'root'".
*/
int file_size;
vp = get_file_data(path, &file_size);
header = (union macho_vnode_header*)vp;
if (header->mach_header.magic == MH_MAGIC ||
header->mach_header.magic == MH_MAGIC_64) {
is_fat = FALSE;
} else if (header->fat_header.magic == FAT_MAGIC ||
header->fat_header.magic == FAT_CIGAM) {
is_fat = TRUE;
} else {
error = LOAD_BADMACHO;
printf("get_macho_vnode 1: %s:", load_to_string(error));
goto bad2;
}
printf("Is fat: %d\n", is_fat);
if (is_fat) {
/* Look up our architecture in the fat file. */
error = fatfile_getarch_with_bits(vp, archbits,
(vm_offset_t)(&header->fat_header), &fat_arch);
if (error != LOAD_SUCCESS) {
printf("get_macho_vnode 2: %s\n", load_to_string(error));
goto bad2;
}
printf("get_macho_vnode 2: fat_arch.offset = %d\n", fat_arch.offset);
header = (vp + fat_arch.offset);
/* Is this really a Mach-O? */
if (header->mach_header.magic != MH_MAGIC &&
header->mach_header.magic != MH_MAGIC_64) {
error = LOAD_BADMACHO;
printf("get_macho_vnode 3: %s\n", load_to_string(error));
goto bad2;
}
*file_offset = fat_arch.offset;
*macho_size = fat_arch.size;
} else {
/*
* Force get_macho_vnode() to fail if the architecture bits
* do not match the expected architecture bits. This in
* turn causes load_dylinker() to fail for the same reason,
* so it ensures the dynamic linker and the binary are in
* lock-step. This is potentially bad, if we ever add to
* the CPU_ARCH_* bits any bits that are desirable but not
* required, since the dynamic linker might work, but we will
* refuse to load it because of this check.
*/
if ((cpu_type_t)(header->mach_header.cputype & CPU_ARCH_MASK) != archbits) {
error = LOAD_BADARCH;
goto bad2;
}
*file_offset = 0;
*macho_size = fsize;
}
*mach_header = header->mach_header;
*vpp = vp;
printf("get_macho_vnode 4: %s\n", load_to_string(error));
return (error);
bad2:
bad1:
return(error);
}
/*
* This routine exists to support the load_dylinker().
*
* This routine has its own, separate, understanding of the FAT file format,
* which is terrifically unfortunate.
*/
static
load_return_t
get_macho_vnode(
char *path,
integer_t archbits,
struct mach_header *mach_header,
off_t *file_offset,
off_t *macho_size,
struct vnode **vpp
)
{
struct vnode *vp;
vfs_context_t ctx = vfs_context_current();
proc_t p = vfs_context_proc(ctx);
kauth_cred_t kerncred;
struct nameidata nid, *ndp;
boolean_t is_fat;
struct fat_arch fat_arch;
int error = LOAD_SUCCESS;
int resid;
union {
struct mach_header mach_header;
struct fat_header fat_header;
char pad[512];
} header;
off_t fsize = (off_t)0;
int err2;
/*
* Capture the kernel credential for use in the actual read of the
* file, since the user doing the execution may have execute rights
* but not read rights, but to exec something, we have to either map
* or read it into the new process address space, which requires
* read rights. This is to deal with lack of common credential
* serialization code which would treat NOCRED as "serialize 'root'".
*/
kerncred = vfs_context_ucred(vfs_context_kernel());
ndp = &nid;
/* init the namei data to point the file user's program name */
NDINIT(ndp, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE32, CAST_USER_ADDR_T(path), ctx);
if ((error = namei(ndp)) != 0) {
if (error == ENOENT) {
error = LOAD_ENOENT;
} else {
error = LOAD_FAILURE;
}
return(error);
}
nameidone(ndp);
vp = ndp->ni_vp;
/* check for regular file */
if (vp->v_type != VREG) {
error = LOAD_PROTECT;
goto bad1;
}
/* get size */
if ((error = vnode_size(vp, &fsize, ctx)) != 0) {
error = LOAD_FAILURE;
goto bad1;
}
/* Check mount point */
if (vp->v_mount->mnt_flag & MNT_NOEXEC) {
error = LOAD_PROTECT;
goto bad1;
}
/* check access */
if ((error = vnode_authorize(vp, NULL, KAUTH_VNODE_EXECUTE, ctx)) != 0) {
error = LOAD_PROTECT;
goto bad1;
}
/* try to open it */
if ((error = VNOP_OPEN(vp, FREAD, ctx)) != 0) {
error = LOAD_PROTECT;
goto bad1;
}
if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)&header, sizeof(header), 0,
UIO_SYSSPACE32, IO_NODELOCKED, kerncred, &resid, p)) != 0) {
error = LOAD_IOERROR;
goto bad2;
}
if (header.mach_header.magic == MH_MAGIC ||
header.mach_header.magic == MH_MAGIC_64)
is_fat = FALSE;
else if (header.fat_header.magic == FAT_MAGIC ||
header.fat_header.magic == FAT_CIGAM)
is_fat = TRUE;
else {
error = LOAD_BADMACHO;
goto bad2;
}
if (is_fat) {
/* Look up our architecture in the fat file. */
error = fatfile_getarch_with_bits(vp, archbits, (vm_offset_t)(&header.fat_header), &fat_arch);
if (error != LOAD_SUCCESS)
goto bad2;
/* Read the Mach-O header out of it */
error = vn_rdwr(UIO_READ, vp, (caddr_t)&header.mach_header,
sizeof(header.mach_header), fat_arch.offset,
UIO_SYSSPACE32, IO_NODELOCKED, kerncred, &resid, p);
if (error) {
error = LOAD_IOERROR;
goto bad2;
}
/* Is this really a Mach-O? */
if (header.mach_header.magic != MH_MAGIC &&
header.mach_header.magic != MH_MAGIC_64) {
error = LOAD_BADMACHO;
goto bad2;
}
*file_offset = fat_arch.offset;
*macho_size = fat_arch.size;
} else {
/*
* Force get_macho_vnode() to fail if the architecture bits
* do not match the expected architecture bits. This in
* turn causes load_dylinker() to fail for the same reason,
* so it ensures the dynamic linker and the binary are in
* lock-step. This is potentially bad, if we ever add to
* the CPU_ARCH_* bits any bits that are desirable but not
* required, since the dynamic linker might work, but we will
* refuse to load it because of this check.
*/
if ((cpu_type_t)(header.mach_header.cputype & CPU_ARCH_MASK) != archbits)
return(LOAD_BADARCH);
*file_offset = 0;
*macho_size = fsize;
}
*mach_header = header.mach_header;
*vpp = vp;
ubc_setsize(vp, fsize);
return (error);
bad2:
err2 = VNOP_CLOSE(vp, FREAD, ctx);
vnode_put(vp);
return (error);
bad1:
vnode_put(vp);
return(error);
}
