1/* 2 * Copyright (c) 2007 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28/*- 29 * Copyright (c) 2005 SPARTA, Inc. 30 * All rights reserved. 31 * 32 * Redistribution and use in source and binary forms, with or without 33 * modification, are permitted provided that the following conditions 34 * are met: 35 * 1. Redistributions of source code must retain the above copyright 36 * notice, this list of conditions and the following disclaimer. 37 * 2. Redistributions in binary form must reproduce the above copyright 38 * notice, this list of conditions and the following disclaimer in the 39 * documentation and/or other materials provided with the distribution. 40 * 41 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 */ 53 54#ifndef _SECURITY_MAC_MACH_INTERNAL_H_ 55#define _SECURITY_MAC_MACH_INTERNAL_H_ 56 57#ifndef PRIVATE 58#warning "MAC policy is not KPI, see Technical Q&A QA1574, this header will be removed in next version" 59#endif 60 61int mac_task_check_service(task_t self, task_t obj, const char *perm); 62void mac_task_label_update_internal(struct label *pl, struct task *t); 63int mac_port_label_compute(struct label *subj, struct label *obj, 64 const char *serv, struct label *out); 65int mac_port_check_method(task_t task, struct label *sub, struct label *obj, int msgid); 66 67/* mac_do_machexc() flags */ 68#define MAC_DOEXCF_TRACED 0x01 /* Only do mach exeception if 69 being ptrace()'ed */ 70struct uthread; 71int mac_do_machexc(int64_t code, int64_t subcode, uint32_t flags __unused); 72int mac_schedule_userret(void); 73struct label *mac_thread_get_threadlabel(struct thread *thread); 74struct label *mac_thread_get_uthreadlabel(struct uthread *uthread); 75 76#if CONFIG_MACF 77void mac_policy_init(void); 78void mac_policy_initmach(void); 79 80/* tasks */ 81void mac_task_label_init(struct label *); 82void mac_task_label_copy(struct label *src, struct label *dest); 83void mac_task_label_destroy(struct label *); 84void mac_task_label_associate(struct task *, struct task *, struct label *, 85 struct label *, struct label *); 86void mac_task_label_associate_kernel(struct task *, struct label *, struct label *); 87void mac_task_label_modify( struct task *pt, void *arg, 88 void (*f)(struct label *l, void *arg)); 89struct label *mac_task_get_label(struct task *task); 90 91/* ports */ 92void mac_port_label_init(struct label *l); 93void mac_port_label_destroy(struct label *l); 94void mac_port_label_associate(struct label *it, struct label *st, struct label *plabel); 95void mac_port_label_associate_kernel(struct label *plabel, int isreply); 96void mac_port_label_update_kobject(struct label *plabel, int kotype); 97void mac_port_label_copy(struct label *src, struct label *dest); 98void mac_port_label_update_cred(struct label *src, struct label *dest); 99int mac_port_check_label_update(struct label *task, struct label *oldl, struct label *newl); 100 101int mac_port_check_send(struct label *task, struct label *port); 102int mac_port_check_receive(struct label *task, struct label *sender); 103int mac_port_check_make_send(struct label *task, struct label *port); 104int mac_port_check_make_send_once(struct label *task, struct label *port); 105int mac_port_check_move_receive(struct label *task, struct label *port); 106int mac_port_check_copy_send(struct label *task, struct label *port); 107int mac_port_check_move_send(struct label *task, struct label *port); 108int mac_port_check_move_send_once(struct label *task, struct label *port); 109 110int mac_port_check_hold_send(struct label *task, struct label *port); 111int mac_port_check_hold_send_once(struct label *task, struct label *port); 112int mac_port_check_hold_receive(struct label *task, struct label *port); 113 114int mac_task_label_externalize(struct label *, char *e, char *out, size_t olen, int flags); 115int mac_task_label_internalize(struct label *label, char *string); 116int mac_port_label_externalize(struct label *, char *e, char *out, size_t olen, int flags); 117int mac_port_label_internalize(struct label *label, char *string); 118 119void mac_task_label_update(struct label *cred, struct label *task); 120int mac_port_check_service(struct label *subj, struct label *obj, 121 const char *serv, const char *perm); 122 123/* threads */ 124void act_set_astmacf(struct thread *); 125void mac_thread_userret(struct thread *); 126#endif /* MAC */ 127 128#endif /* !_SECURITY_MAC_MACH_INTERNAL_H_ */ 129