mach_port_t
mach_host_self(void)
{
ipc_port_t sright;
sright = ipc_port_make_send(realhost.host_self);
return ipc_port_copyout_send(sright, current_space());
}
mach_port_name_t
host_self_trap(void)
{
ipc_port_t sright;
sright = ipc_port_copy_send(current_task()->itk_host);
return ipc_port_copyout_send(sright, current_space());
}
mach_port_name_t
host_self_trap(
__unused struct host_self_trap_args *args)
{
ipc_port_t sright;
mach_port_name_t name;
sright = ipc_port_copy_send(current_task()->itk_host);
name = ipc_port_copyout_send(sright, current_space());
return name;
}
mach_port_name_t
task_self_trap(
__unused struct task_self_trap_args *args)
{
task_t task = current_task();
ipc_port_t sright;
mach_port_name_t name;
sright = retrieve_task_self_fast(task);
name = ipc_port_copyout_send(sright, task->itk_space);
return name;
}
kern_return_t
host_create_mach_voucher_trap(struct host_create_mach_voucher_args *args)
{
host_t host = port_name_to_host(args->host);
ipc_voucher_t new_voucher = IV_NULL;
ipc_port_t voucher_port = IPC_PORT_NULL;
mach_port_name_t voucher_name = 0;
kern_return_t kr = 0;
if (host == HOST_NULL)
return MACH_SEND_INVALID_DEST;
if (args->recipes_size < 0)
return KERN_INVALID_ARGUMENT;
else if (args->recipes_size > MACH_VOUCHER_ATTR_MAX_RAW_RECIPE_ARRAY_SIZE)
return MIG_ARRAY_TOO_LARGE;
if (args->recipes_size < MACH_VOUCHER_TRAP_STACK_LIMIT) {
/* keep small recipes on the stack for speed */
uint8_t krecipes[args->recipes_size];
if (copyin(args->recipes, (void *)krecipes, args->recipes_size)) {
kr = KERN_MEMORY_ERROR;
goto done;
}
kr = host_create_mach_voucher(host, krecipes, args->recipes_size, &new_voucher);
} else {
uint8_t *krecipes = kalloc((vm_size_t)args->recipes_size);
if (!krecipes) {
kr = KERN_RESOURCE_SHORTAGE;
goto done;
}
if (copyin(args->recipes, (void *)krecipes, args->recipes_size)) {
kfree(krecipes, (vm_size_t)args->recipes_size);
kr = KERN_MEMORY_ERROR;
goto done;
}
kr = host_create_mach_voucher(host, krecipes, args->recipes_size, &new_voucher);
kfree(krecipes, (vm_size_t)args->recipes_size);
}
if (kr == 0) {
voucher_port = convert_voucher_to_port(new_voucher);
voucher_name = ipc_port_copyout_send(voucher_port, current_space());
kr = copyout(&voucher_name, args->voucher, sizeof(voucher_name));
}
done:
return kr;
}
mach_port_name_t
thread_self_trap(
__unused struct thread_self_trap_args *args)
{
thread_t thread = current_thread();
task_t task = thread->task;
ipc_port_t sright;
mach_port_name_t name;
sright = retrieve_thread_self_fast(thread);
name = ipc_port_copyout_send(sright, task->itk_space);
return name;
}
kern_return_t
task_name_for_pid(
struct task_name_for_pid_args *args)
{
mach_port_name_t target_tport = args->target_tport;
int pid = args->pid;
user_addr_t task_addr = args->t;
proc_t p = PROC_NULL;
task_t t1;
mach_port_name_t tret;
void * sright;
int error = 0, refheld = 0;
kauth_cred_t target_cred;
AUDIT_MACH_SYSCALL_ENTER(AUE_TASKNAMEFORPID);
AUDIT_ARG(pid, pid);
AUDIT_ARG(mach_port1, target_tport);
t1 = port_name_to_task(target_tport);
if (t1 == TASK_NULL) {
(void) copyout((char *)&t1, task_addr, sizeof(mach_port_name_t));
AUDIT_MACH_SYSCALL_EXIT(KERN_FAILURE);
return(KERN_FAILURE);
}
p = proc_find(pid);
if (p != PROC_NULL) {
AUDIT_ARG(process, p);
target_cred = kauth_cred_proc_ref(p);
refheld = 1;
if ((p->p_stat != SZOMB)
&& ((current_proc() == p)
|| kauth_cred_issuser(kauth_cred_get())
|| ((kauth_cred_getuid(target_cred) == kauth_cred_getuid(kauth_cred_get())) &&
((kauth_cred_getruid(target_cred) == kauth_getruid()))))) {
if (p->task != TASK_NULL) {
task_reference(p->task);
#if CONFIG_MACF
error = mac_proc_check_get_task_name(kauth_cred_get(), p);
if (error) {
task_deallocate(p->task);
goto noperm;
}
#endif
sright = (void *)convert_task_name_to_port(p->task);
tret = ipc_port_copyout_send(sright,
get_task_ipcspace(current_task()));
} else
tret = MACH_PORT_NULL;
AUDIT_ARG(mach_port2, tret);
(void) copyout((char *)&tret, task_addr, sizeof(mach_port_name_t));
task_deallocate(t1);
error = KERN_SUCCESS;
goto tnfpout;
}
}
#if CONFIG_MACF
noperm:
#endif
task_deallocate(t1);
tret = MACH_PORT_NULL;
(void) copyout((char *) &tret, task_addr, sizeof(mach_port_name_t));
error = KERN_FAILURE;
tnfpout:
if (refheld != 0)
kauth_cred_unref(&target_cred);
if (p != PROC_NULL)
proc_rele(p);
AUDIT_MACH_SYSCALL_EXIT(error);
return(error);
}
/*
* Routine: task_for_pid
* Purpose:
* Get the task port for another "process", named by its
* process ID on the same host as "target_task".
*
* Only permitted to privileged processes, or processes
* with the same user ID.
*
* Note: if pid == 0, an error is return no matter who is calling.
*
* XXX This should be a BSD system call, not a Mach trap!!!
*/
kern_return_t
task_for_pid(
struct task_for_pid_args *args)
{
mach_port_name_t target_tport = args->target_tport;
int pid = args->pid;
user_addr_t task_addr = args->t;
proc_t p = PROC_NULL;
task_t t1 = TASK_NULL;
mach_port_name_t tret = MACH_PORT_NULL;
ipc_port_t tfpport;
void * sright;
int error = 0;
AUDIT_MACH_SYSCALL_ENTER(AUE_TASKFORPID);
AUDIT_ARG(pid, pid);
AUDIT_ARG(mach_port1, target_tport);
/* Always check if pid == 0 */
if (pid == 0) {
(void ) copyout((char *)&t1, task_addr, sizeof(mach_port_name_t));
AUDIT_MACH_SYSCALL_EXIT(KERN_FAILURE);
return(KERN_FAILURE);
}
t1 = port_name_to_task(target_tport);
if (t1 == TASK_NULL) {
(void) copyout((char *)&t1, task_addr, sizeof(mach_port_name_t));
AUDIT_MACH_SYSCALL_EXIT(KERN_FAILURE);
return(KERN_FAILURE);
}
p = proc_find(pid);
if (p == PROC_NULL) {
error = KERN_FAILURE;
goto tfpout;
}
#if CONFIG_AUDIT
AUDIT_ARG(process, p);
#endif
if (!(task_for_pid_posix_check(p))) {
error = KERN_FAILURE;
goto tfpout;
}
if (p->task != TASK_NULL) {
/* If we aren't root and target's task access port is set... */
if (!kauth_cred_issuser(kauth_cred_get()) &&
p != current_proc() &&
(task_get_task_access_port(p->task, &tfpport) == 0) &&
(tfpport != IPC_PORT_NULL)) {
if (tfpport == IPC_PORT_DEAD) {
error = KERN_PROTECTION_FAILURE;
goto tfpout;
}
/* Call up to the task access server */
error = check_task_access(tfpport, proc_selfpid(), kauth_getgid(), pid);
if (error != MACH_MSG_SUCCESS) {
if (error == MACH_RCV_INTERRUPTED)
error = KERN_ABORTED;
else
error = KERN_FAILURE;
goto tfpout;
}
}
#if CONFIG_MACF
error = mac_proc_check_get_task(kauth_cred_get(), p);
if (error) {
error = KERN_FAILURE;
goto tfpout;
}
#endif
/* Grant task port access */
task_reference(p->task);
extmod_statistics_incr_task_for_pid(p->task);
sright = (void *) convert_task_to_port(p->task);
tret = ipc_port_copyout_send(
sright,
get_task_ipcspace(current_task()));
}
error = KERN_SUCCESS;
tfpout:
task_deallocate(t1);
AUDIT_ARG(mach_port2, tret);
(void) copyout((char *) &tret, task_addr, sizeof(mach_port_name_t));
if (p != PROC_NULL)
proc_rele(p);
AUDIT_MACH_SYSCALL_EXIT(error);
return(error);
}
/*
* Routine: task_for_pid
* Purpose:
* Get the task port for another "process", named by its
* process ID on the same host as "target_task".
*
* Only permitted to privileged processes, or processes
* with the same user ID.
*
* XXX This should be a BSD system call, not a Mach trap!!!
*/
kern_return_t
task_for_pid(
struct task_for_pid_args *args)
{
mach_port_name_t target_tport = args->target_tport;
int pid = args->pid;
user_addr_t task_addr = args->t;
struct uthread *uthread;
proc_t p = PROC_NULL;
task_t t1 = TASK_NULL;
mach_port_name_t tret = MACH_PORT_NULL;
ipc_port_t tfpport;
void * sright;
int error = 0;
AUDIT_MACH_SYSCALL_ENTER(AUE_TASKFORPID);
AUDIT_ARG(pid, pid);
AUDIT_ARG(mach_port1, target_tport);
#if defined(SECURE_KERNEL)
if (0 == pid) {
(void ) copyout((char *)&t1, task_addr, sizeof(mach_port_name_t));
AUDIT_MACH_SYSCALL_EXIT(KERN_FAILURE);
return(KERN_FAILURE);
}
#endif
t1 = port_name_to_task(target_tport);
if (t1 == TASK_NULL) {
(void) copyout((char *)&t1, task_addr, sizeof(mach_port_name_t));
AUDIT_MACH_SYSCALL_EXIT(KERN_FAILURE);
return(KERN_FAILURE);
}
/*
* Delayed binding of thread credential to process credential, if we
* are not running with an explicitly set thread credential.
*/
uthread = get_bsdthread_info(current_thread());
kauth_cred_uthread_update(uthread, current_proc());
p = proc_find(pid);
AUDIT_ARG(process, p);
if (!(task_for_pid_posix_check(p))) {
error = KERN_FAILURE;
goto tfpout;
}
if (p->task != TASK_NULL) {
/* If we aren't root and target's task access port is set... */
if (!kauth_cred_issuser(kauth_cred_get()) &&
p != current_proc() &&
(task_get_task_access_port(p->task, &tfpport) == 0) &&
(tfpport != IPC_PORT_NULL)) {
if (tfpport == IPC_PORT_DEAD) {
error = KERN_PROTECTION_FAILURE;
goto tfpout;
}
/* Call up to the task access server */
error = check_task_access(tfpport, proc_selfpid(), kauth_getgid(), pid);
if (error != MACH_MSG_SUCCESS) {
if (error == MACH_RCV_INTERRUPTED)
error = KERN_ABORTED;
else
error = KERN_FAILURE;
goto tfpout;
}
}
#if CONFIG_MACF
error = mac_proc_check_get_task(kauth_cred_get(), p);
if (error) {
error = KERN_FAILURE;
goto tfpout;
}
#endif
/* Grant task port access */
task_reference(p->task);
sright = (void *) convert_task_to_port(p->task);
tret = ipc_port_copyout_send(
sright,
get_task_ipcspace(current_task()));
}
error = KERN_SUCCESS;
tfpout:
task_deallocate(t1);
AUDIT_ARG(mach_port2, tret);
(void) copyout((char *) &tret, task_addr, sizeof(mach_port_name_t));
if (p != PROC_NULL)
proc_rele(p);
AUDIT_MACH_SYSCALL_EXIT(error);
return(error);
}
