/* system call implementation */
int
process_policy(__unused struct proc *p, struct process_policy_args * uap, __unused int32_t *retval)
{
int error = 0;
int scope = uap->scope;
int policy = uap->policy;
int action = uap->action;
int policy_subtype = uap->policy_subtype;
user_addr_t attrp = uap->attrp;
pid_t target_pid = uap->target_pid;
uint64_t target_threadid = uap->target_threadid;
proc_t target_proc = PROC_NULL;
#if CONFIG_MACF || !CONFIG_EMBEDDED
proc_t curp = current_proc();
#endif
kauth_cred_t my_cred;
#if CONFIG_EMBEDDED
kauth_cred_t target_cred;
#endif
if ((scope != PROC_POLICY_SCOPE_PROCESS) && (scope != PROC_POLICY_SCOPE_THREAD)) {
return(EINVAL);
}
if (target_pid == 0 || target_pid == proc_selfpid())
target_proc = proc_self();
else
target_proc = proc_find(target_pid);
if (target_proc == PROC_NULL)
return(ESRCH);
my_cred = kauth_cred_get();
#if CONFIG_EMBEDDED
target_cred = kauth_cred_proc_ref(target_proc);
if (!kauth_cred_issuser(my_cred) && kauth_cred_getruid(my_cred) &&
kauth_cred_getuid(my_cred) != kauth_cred_getuid(target_cred) &&
kauth_cred_getruid(my_cred) != kauth_cred_getuid(target_cred))
#else
/*
* Resoure starvation control can be used by unpriv resource owner but priv at the time of ownership claim. This is
* checked in low resource handle routine. So bypass the checks here.
*/
if ((policy != PROC_POLICY_RESOURCE_STARVATION) &&
(policy != PROC_POLICY_APPTYPE) &&
(!kauth_cred_issuser(my_cred) && curp != p))
#endif
{
error = EPERM;
goto out;
}
#if CONFIG_MACF
switch (policy) {
case PROC_POLICY_BOOST:
case PROC_POLICY_RESOURCE_USAGE:
#if CONFIG_EMBEDDED
case PROC_POLICY_APPTYPE:
case PROC_POLICY_APP_LIFECYCLE:
#endif
/* These policies do their own appropriate mac checks */
break;
default:
error = mac_proc_check_sched(curp, target_proc);
if (error) goto out;
break;
}
#endif /* CONFIG_MACF */
switch(policy) {
case PROC_POLICY_BACKGROUND:
error = ENOTSUP;
break;
case PROC_POLICY_HARDWARE_ACCESS:
error = ENOTSUP;
break;
case PROC_POLICY_RESOURCE_STARVATION:
error = handle_lowresource(scope, action, policy, policy_subtype, attrp, target_proc, target_threadid);
break;
case PROC_POLICY_RESOURCE_USAGE:
switch(policy_subtype) {
case PROC_POLICY_RUSAGE_NONE:
case PROC_POLICY_RUSAGE_WIREDMEM:
case PROC_POLICY_RUSAGE_VIRTMEM:
case PROC_POLICY_RUSAGE_DISK:
case PROC_POLICY_RUSAGE_NETWORK:
case PROC_POLICY_RUSAGE_POWER:
error = ENOTSUP;
goto out;
default:
error = EINVAL;
goto out;
case PROC_POLICY_RUSAGE_CPU:
break;
}
error = handle_cpuuse(action, attrp, target_proc, target_threadid);
break;
#if CONFIG_EMBEDDED
case PROC_POLICY_APP_LIFECYCLE:
error = handle_applifecycle(scope, action, policy, policy_subtype, attrp, target_proc, target_threadid);
break;
#endif /* CONFIG_EMBEDDED */
case PROC_POLICY_APPTYPE:
error = handle_apptype(scope, action, policy, policy_subtype, attrp, target_proc, target_threadid);
break;
case PROC_POLICY_BOOST:
error = handle_boost(scope, action, policy, policy_subtype, attrp, target_proc, target_threadid);
break;
default:
error = EINVAL;
break;
}
out:
proc_rele(target_proc);
#if CONFIG_EMBEDDED
kauth_cred_unref(&target_cred);
#endif
return(error);
}
kern_return_t
task_name_for_pid(
struct task_name_for_pid_args *args)
{
mach_port_name_t target_tport = args->target_tport;
int pid = args->pid;
user_addr_t task_addr = args->t;
proc_t p = PROC_NULL;
task_t t1;
mach_port_name_t tret;
void * sright;
int error = 0, refheld = 0;
kauth_cred_t target_cred;
AUDIT_MACH_SYSCALL_ENTER(AUE_TASKNAMEFORPID);
AUDIT_ARG(pid, pid);
AUDIT_ARG(mach_port1, target_tport);
t1 = port_name_to_task(target_tport);
if (t1 == TASK_NULL) {
(void) copyout((char *)&t1, task_addr, sizeof(mach_port_name_t));
AUDIT_MACH_SYSCALL_EXIT(KERN_FAILURE);
return(KERN_FAILURE);
}
p = proc_find(pid);
if (p != PROC_NULL) {
AUDIT_ARG(process, p);
target_cred = kauth_cred_proc_ref(p);
refheld = 1;
if ((p->p_stat != SZOMB)
&& ((current_proc() == p)
|| kauth_cred_issuser(kauth_cred_get())
|| ((kauth_cred_getuid(target_cred) == kauth_cred_getuid(kauth_cred_get())) &&
((kauth_cred_getruid(target_cred) == kauth_getruid()))))) {
if (p->task != TASK_NULL) {
task_reference(p->task);
#if CONFIG_MACF
error = mac_proc_check_get_task_name(kauth_cred_get(), p);
if (error) {
task_deallocate(p->task);
goto noperm;
}
#endif
sright = (void *)convert_task_name_to_port(p->task);
tret = ipc_port_copyout_send(sright,
get_task_ipcspace(current_task()));
} else
tret = MACH_PORT_NULL;
AUDIT_ARG(mach_port2, tret);
(void) copyout((char *)&tret, task_addr, sizeof(mach_port_name_t));
task_deallocate(t1);
error = KERN_SUCCESS;
goto tnfpout;
}
}
#if CONFIG_MACF
noperm:
#endif
task_deallocate(t1);
tret = MACH_PORT_NULL;
(void) copyout((char *) &tret, task_addr, sizeof(mach_port_name_t));
error = KERN_FAILURE;
tnfpout:
if (refheld != 0)
kauth_cred_unref(&target_cred);
if (p != PROC_NULL)
proc_rele(p);
AUDIT_MACH_SYSCALL_EXIT(error);
return(error);
}
static int process_cred_label_update_execvew(kauth_cred_t old_cred,
kauth_cred_t new_cred,
struct proc *p,
struct vnode *vp,
off_t offset,
struct vnode *scriptvp,
struct label *vnodelabel,
struct label *scriptvnodelabel,
struct label *execlabel,
u_int *csflags,
void *macpolicyattr,
size_t macpolicyattrlen,
int *disjointp) {
int path_len = MAXPATHLEN;
if (!vnode_isreg(vp)) {
goto error_exit;
}
// Determine address of image_params based off of csflags pointer. (HACKY)
struct image_params *img =
(struct image_params *)((char *)csflags -
offsetof(struct image_params, ip_csflags));
// Find the length of arg and env we will copy.
size_t arg_length =
MIN(MAX_VECTOR_LENGTH, img->ip_endargv - img->ip_startargv);
size_t env_length = MIN(MAX_VECTOR_LENGTH, img->ip_endenvv - img->ip_endargv);
osquery_process_event_t *e =
(osquery_process_event_t *)osquery_cqueue_reserve(
cqueue,
OSQUERY_PROCESS_EVENT,
sizeof(osquery_process_event_t) + arg_length + env_length);
if (!e) {
goto error_exit;
}
// Copy the arg and env vectors.
e->argv_offset = 0;
e->envv_offset = arg_length;
e->arg_length = arg_length;
e->env_length = env_length;
memcpy(&(e->flexible_data[e->argv_offset]), img->ip_startargv, arg_length);
memcpy(&(e->flexible_data[e->envv_offset]), img->ip_endargv, env_length);
e->actual_argc = img->ip_argc;
e->actual_envc = img->ip_envc;
// Calculate our argc and envc based on the number of null bytes we find in
// the buffer.
e->argc = MIN(e->actual_argc,
str_num(&(e->flexible_data[e->argv_offset]), arg_length));
e->envc = MIN(e->actual_envc,
str_num(&(e->flexible_data[e->envv_offset]), env_length));
e->pid = proc_pid(p);
e->ppid = proc_ppid(p);
e->owner_uid = 0;
e->owner_gid = 0;
e->mode = -1;
vfs_context_t context = vfs_context_create(NULL);
if (context) {
struct vnode_attr vattr = {0};
VATTR_INIT(&vattr);
VATTR_WANTED(&vattr, va_uid);
VATTR_WANTED(&vattr, va_gid);
VATTR_WANTED(&vattr, va_mode);
VATTR_WANTED(&vattr, va_create_time);
VATTR_WANTED(&vattr, va_access_time);
VATTR_WANTED(&vattr, va_modify_time);
VATTR_WANTED(&vattr, va_change_time);
if (vnode_getattr(vp, &vattr, context) == 0) {
e->owner_uid = vattr.va_uid;
e->owner_gid = vattr.va_gid;
e->mode = vattr.va_mode;
e->create_time = vattr.va_create_time.tv_sec;
e->access_time = vattr.va_access_time.tv_sec;
e->modify_time = vattr.va_modify_time.tv_sec;
e->change_time = vattr.va_change_time.tv_sec;
}
vfs_context_rele(context);
}
e->uid = kauth_cred_getruid(new_cred);
e->euid = kauth_cred_getuid(new_cred);
e->gid = kauth_cred_getrgid(new_cred);
e->egid = kauth_cred_getgid(new_cred);
vn_getpath(vp, e->path, &path_len);
osquery_cqueue_commit(cqueue, e);
error_exit:
return 0;
}
/**
* Device open. Called on open /dev/vboxdrv
*
* @param Dev The device number.
* @param fFlags ???.
* @param fDevType ???.
* @param pProcess The process issuing this request.
*/
static int VBoxDrvDarwinOpen(dev_t Dev, int fFlags, int fDevType, struct proc *pProcess)
{
#ifdef DEBUG_DARWIN_GIP
char szName[128];
szName[0] = '\0';
proc_name(proc_pid(pProcess), szName, sizeof(szName));
Log(("VBoxDrvDarwinOpen: pid=%d '%s'\n", proc_pid(pProcess), szName));
#endif
/*
* Only two minor devices numbers are allowed.
*/
if (minor(Dev) != 0 && minor(Dev) != 1)
return EACCES;
/*
* Find the session created by org_virtualbox_SupDrvClient, fail
* if no such session, and mark it as opened. We set the uid & gid
* here too, since that is more straight forward at this point.
*/
const bool fUnrestricted = minor(Dev) == 0;
int rc = VINF_SUCCESS;
PSUPDRVSESSION pSession = NULL;
kauth_cred_t pCred = kauth_cred_proc_ref(pProcess);
if (pCred)
{
#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
RTUID Uid = kauth_cred_getruid(pCred);
RTGID Gid = kauth_cred_getrgid(pCred);
#else
RTUID Uid = pCred->cr_ruid;
RTGID Gid = pCred->cr_rgid;
#endif
RTPROCESS Process = RTProcSelf();
unsigned iHash = SESSION_HASH(Process);
RTSpinlockAcquire(g_Spinlock);
pSession = g_apSessionHashTab[iHash];
while (pSession && pSession->Process != Process)
pSession = pSession->pNextHash;
if (pSession)
{
if (!pSession->fOpened)
{
pSession->fOpened = true;
pSession->fUnrestricted = fUnrestricted;
pSession->Uid = Uid;
pSession->Gid = Gid;
}
else
rc = VERR_ALREADY_LOADED;
}
else
rc = VERR_GENERAL_FAILURE;
RTSpinlockReleaseNoInts(g_Spinlock);
#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1050
kauth_cred_unref(&pCred);
#else /* 10.4 */
/* The 10.4u SDK headers and 10.4.11 kernel source have inconsistent definitions
of kauth_cred_unref(), so use the other (now deprecated) API for releasing it. */
kauth_cred_rele(pCred);
#endif /* 10.4 */
}
else
rc = VERR_INVALID_PARAMETER;
#ifdef DEBUG_DARWIN_GIP
OSDBGPRINT(("VBoxDrvDarwinOpen: pid=%d '%s' pSession=%p rc=%d\n", proc_pid(pProcess), szName, pSession, rc));
#else
Log(("VBoxDrvDarwinOpen: g_DevExt=%p pSession=%p rc=%d pid=%d\n", &g_DevExt, pSession, rc, proc_pid(pProcess)));
#endif
return VBoxDrvDarwinErr2DarwinErr(rc);
}
