#include <mach/message.h>
#include <mach/mach_traps.h>
#include <mach/mach_host_server.h>
#include <mach/host_priv_server.h>
#include <kern/host.h>
#include <kern/processor.h>
#include <kern/task.h>
#include <kern/thread.h>
#include <kern/ipc_host.h>
#include <kern/ipc_kobject.h>
#include <kern/misc_protos.h>
#include <kern/spl.h>
#include <ipc/ipc_port.h>
#include <ipc/ipc_space.h>
#if CONFIG_MACF
#include <security/mac_mach_internal.h>
#endif
boolean_t
ref_pset_port_locked(
ipc_port_t port, boolean_t matchn, processor_set_t *ppset);
extern lck_grp_t host_notify_lock_grp;
extern lck_attr_t host_notify_lock_attr;
void
ipc_host_init(void)
{
ipc_port_t port;
int i;
lck_mtx_init(&realhost.lock, &host_notify_lock_grp, &host_notify_lock_attr);
port = ipc_kobject_alloc_port((ipc_kobject_t) &realhost, IKOT_HOST_SECURITY,
IPC_KOBJECT_ALLOC_MAKE_SEND);
kernel_set_special_port(&realhost, HOST_SECURITY_PORT, port);
port = ipc_kobject_alloc_port((ipc_kobject_t) &realhost, IKOT_HOST,
IPC_KOBJECT_ALLOC_MAKE_SEND);
kernel_set_special_port(&realhost, HOST_PORT, port);
port = ipc_kobject_alloc_port((ipc_kobject_t) &realhost, IKOT_HOST_PRIV,
IPC_KOBJECT_ALLOC_MAKE_SEND);
kernel_set_special_port(&realhost, HOST_PRIV_PORT, port);
bzero(&realhost.exc_actions[0], sizeof(realhost.exc_actions[0]));
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
realhost.exc_actions[i].port = IP_NULL;
realhost.exc_actions[i].label = NULL;
realhost.exc_actions[i].behavior = 0;
realhost.exc_actions[i].flavor = 0;
realhost.exc_actions[i].privileged = FALSE;
}
ipc_pset_init(&pset0);
ipc_pset_enable(&pset0);
ipc_processor_init(master_processor);
ipc_processor_enable(master_processor);
}
mach_port_name_t
host_self_trap(
__unused struct host_self_trap_args *args)
{
task_t self = current_task();
ipc_port_t sright;
mach_port_name_t name;
itk_lock(self);
sright = ipc_port_copy_send(self->itk_host);
itk_unlock(self);
name = ipc_port_copyout_send(sright, current_space());
return name;
}
void
ipc_processor_init(
processor_t processor)
{
ipc_port_t port;
port = ipc_port_alloc_kernel();
if (port == IP_NULL) {
panic("ipc_processor_init");
}
processor->processor_self = port;
}
void
ipc_processor_enable(
processor_t processor)
{
ipc_port_t myport;
myport = processor->processor_self;
ipc_kobject_set(myport, (ipc_kobject_t) processor, IKOT_PROCESSOR);
}
void
ipc_pset_init(
processor_set_t pset)
{
ipc_port_t port;
port = ipc_port_alloc_kernel();
if (port == IP_NULL) {
panic("ipc_pset_init");
}
pset->pset_self = port;
port = ipc_port_alloc_kernel();
if (port == IP_NULL) {
panic("ipc_pset_init");
}
pset->pset_name_self = port;
}
void
ipc_pset_enable(
processor_set_t pset)
{
ipc_kobject_set(pset->pset_self, (ipc_kobject_t) pset, IKOT_PSET);
ipc_kobject_set(pset->pset_name_self, (ipc_kobject_t) pset, IKOT_PSET_NAME);
}
kern_return_t
processor_set_default(
host_t host,
processor_set_t *pset)
{
if (host == HOST_NULL) {
return KERN_INVALID_ARGUMENT;
}
*pset = &pset0;
return KERN_SUCCESS;
}
host_t
convert_port_to_host(
ipc_port_t port)
{
host_t host = HOST_NULL;
if (IP_VALID(port)) {
if (ip_kotype(port) == IKOT_HOST ||
ip_kotype(port) == IKOT_HOST_PRIV) {
host = (host_t) port->ip_kobject;
require_ip_active(port);
}
}
return host;
}
host_t
convert_port_to_host_priv(
ipc_port_t port)
{
host_t host = HOST_NULL;
if (IP_VALID(port)) {
ip_lock(port);
if (ip_active(port) &&
(ip_kotype(port) == IKOT_HOST_PRIV)) {
host = (host_t) port->ip_kobject;
}
ip_unlock(port);
}
return host;
}
processor_t
convert_port_to_processor(
ipc_port_t port)
{
processor_t processor = PROCESSOR_NULL;
if (IP_VALID(port)) {
ip_lock(port);
if (ip_active(port) &&
(ip_kotype(port) == IKOT_PROCESSOR)) {
processor = (processor_t) port->ip_kobject;
}
ip_unlock(port);
}
return processor;
}
processor_set_t
convert_port_to_pset(
ipc_port_t port)
{
boolean_t r;
processor_set_t pset = PROCESSOR_SET_NULL;
r = FALSE;
while (!r && IP_VALID(port)) {
ip_lock(port);
r = ref_pset_port_locked(port, FALSE, &pset);
}
return pset;
}
processor_set_name_t
convert_port_to_pset_name(
ipc_port_t port)
{
boolean_t r;
processor_set_t pset = PROCESSOR_SET_NULL;
r = FALSE;
while (!r && IP_VALID(port)) {
ip_lock(port);
r = ref_pset_port_locked(port, TRUE, &pset);
}
return pset;
}
boolean_t
ref_pset_port_locked(ipc_port_t port, boolean_t matchn, processor_set_t *ppset)
{
processor_set_t pset;
pset = PROCESSOR_SET_NULL;
if (ip_active(port) &&
((ip_kotype(port) == IKOT_PSET) ||
(matchn && (ip_kotype(port) == IKOT_PSET_NAME)))) {
pset = (processor_set_t) port->ip_kobject;
}
*ppset = pset;
ip_unlock(port);
return TRUE;
}
ipc_port_t
convert_host_to_port(
host_t host)
{
ipc_port_t port;
host_get_host_port(host, &port);
return port;
}
ipc_port_t
convert_processor_to_port(
processor_t processor)
{
ipc_port_t port = processor->processor_self;
if (port != IP_NULL) {
port = ipc_port_make_send(port);
}
return port;
}
ipc_port_t
convert_pset_to_port(
processor_set_t pset)
{
ipc_port_t port = pset->pset_self;
if (port != IP_NULL) {
port = ipc_port_make_send(port);
}
return port;
}
ipc_port_t
convert_pset_name_to_port(
processor_set_name_t pset)
{
ipc_port_t port = pset->pset_name_self;
if (port != IP_NULL) {
port = ipc_port_make_send(port);
}
return port;
}
host_t
convert_port_to_host_security(
ipc_port_t port)
{
host_t host = HOST_NULL;
if (IP_VALID(port)) {
ip_lock(port);
if (ip_active(port) &&
(ip_kotype(port) == IKOT_HOST_SECURITY)) {
host = (host_t) port->ip_kobject;
}
ip_unlock(port);
}
return host;
}
kern_return_t
host_set_exception_ports(
host_priv_t host_priv,
exception_mask_t exception_mask,
ipc_port_t new_port,
exception_behavior_t new_behavior,
thread_state_flavor_t new_flavor)
{
int i;
ipc_port_t old_port[EXC_TYPES_COUNT];
#if CONFIG_MACF
struct label *deferred_labels[EXC_TYPES_COUNT];
struct label *new_label;
#endif
if (host_priv == HOST_PRIV_NULL) {
return KERN_INVALID_ARGUMENT;
}
if (exception_mask & ~EXC_MASK_VALID) {
return KERN_INVALID_ARGUMENT;
}
if (IP_VALID(new_port)) {
switch (new_behavior & ~MACH_EXCEPTION_MASK) {
case EXCEPTION_DEFAULT:
case EXCEPTION_STATE:
case EXCEPTION_STATE_IDENTITY:
break;
default:
return KERN_INVALID_ARGUMENT;
}
}
if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor)) {
return KERN_INVALID_ARGUMENT;
}
#if CONFIG_MACF
if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0) {
return KERN_NO_ACCESS;
}
new_label = mac_exc_create_label_for_current_proc();
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
if (host_priv->exc_actions[i].label == NULL) {
deferred_labels[i] = mac_exc_create_label();
} else {
deferred_labels[i] = NULL;
}
}
#endif
assert(host_priv == &realhost);
host_lock(host_priv);
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
#if CONFIG_MACF
if (host_priv->exc_actions[i].label == NULL) {
mac_exc_associate_action_label(&host_priv->exc_actions[i], deferred_labels[i]);
deferred_labels[i] = NULL; }
#endif
if ((exception_mask & (1 << i))
#if CONFIG_MACF
&& mac_exc_update_action_label(&host_priv->exc_actions[i], new_label) == 0
#endif
) {
old_port[i] = host_priv->exc_actions[i].port;
host_priv->exc_actions[i].port =
ipc_port_copy_send(new_port);
host_priv->exc_actions[i].behavior = new_behavior;
host_priv->exc_actions[i].flavor = new_flavor;
} else {
old_port[i] = IP_NULL;
}
}
host_unlock(host_priv);
#if CONFIG_MACF
mac_exc_free_label(new_label);
#endif
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
if (IP_VALID(old_port[i])) {
ipc_port_release_send(old_port[i]);
}
#if CONFIG_MACF
if (deferred_labels[i] != NULL) {
mac_exc_free_label(deferred_labels[i]);
}
#endif
}
if (IP_VALID(new_port)) {
ipc_port_release_send(new_port);
}
return KERN_SUCCESS;
}
kern_return_t
host_get_exception_ports(
host_priv_t host_priv,
exception_mask_t exception_mask,
exception_mask_array_t masks,
mach_msg_type_number_t * CountCnt,
exception_port_array_t ports,
exception_behavior_array_t behaviors,
thread_state_flavor_array_t flavors )
{
unsigned int i, j, count;
if (host_priv == HOST_PRIV_NULL) {
return KERN_INVALID_ARGUMENT;
}
if (exception_mask & ~EXC_MASK_VALID) {
return KERN_INVALID_ARGUMENT;
}
assert(host_priv == &realhost);
host_lock(host_priv);
count = 0;
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
if (exception_mask & (1 << i)) {
for (j = 0; j < count; j++) {
if (host_priv->exc_actions[i].port == ports[j] &&
host_priv->exc_actions[i].behavior == behaviors[j]
&& host_priv->exc_actions[i].flavor == flavors[j]) {
masks[j] |= (1 << i);
break;
}
}
if (j == count) {
masks[j] = (1 << i);
ports[j] =
ipc_port_copy_send(host_priv->exc_actions[i].port);
behaviors[j] = host_priv->exc_actions[i].behavior;
flavors[j] = host_priv->exc_actions[i].flavor;
count++;
if (count > *CountCnt) {
break;
}
}
}
}
host_unlock(host_priv);
*CountCnt = count;
return KERN_SUCCESS;
}
kern_return_t
host_swap_exception_ports(
host_priv_t host_priv,
exception_mask_t exception_mask,
ipc_port_t new_port,
exception_behavior_t new_behavior,
thread_state_flavor_t new_flavor,
exception_mask_array_t masks,
mach_msg_type_number_t * CountCnt,
exception_port_array_t ports,
exception_behavior_array_t behaviors,
thread_state_flavor_array_t flavors )
{
unsigned int i,
j,
count;
ipc_port_t old_port[EXC_TYPES_COUNT];
#if CONFIG_MACF
struct label *deferred_labels[EXC_TYPES_COUNT];
struct label *new_label;
#endif
if (host_priv == HOST_PRIV_NULL) {
return KERN_INVALID_ARGUMENT;
}
if (exception_mask & ~EXC_MASK_VALID) {
return KERN_INVALID_ARGUMENT;
}
if (IP_VALID(new_port)) {
switch (new_behavior) {
case EXCEPTION_DEFAULT:
case EXCEPTION_STATE:
case EXCEPTION_STATE_IDENTITY:
break;
default:
return KERN_INVALID_ARGUMENT;
}
}
if (new_flavor != 0 && !VALID_THREAD_STATE_FLAVOR(new_flavor)) {
return KERN_INVALID_ARGUMENT;
}
#if CONFIG_MACF
if (mac_task_check_set_host_exception_ports(current_task(), exception_mask) != 0) {
return KERN_NO_ACCESS;
}
new_label = mac_exc_create_label_for_current_proc();
for (i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT; i++) {
if (host_priv->exc_actions[i].label == NULL) {
deferred_labels[i] = mac_exc_create_label();
} else {
deferred_labels[i] = NULL;
}
}
#endif
host_lock(host_priv);
assert(EXC_TYPES_COUNT > FIRST_EXCEPTION);
for (count = 0, i = FIRST_EXCEPTION; i < EXC_TYPES_COUNT && count < *CountCnt; i++) {
#if CONFIG_MACF
if (host_priv->exc_actions[i].label == NULL) {
mac_exc_associate_action_label(&host_priv->exc_actions[i], deferred_labels[i]);
deferred_labels[i] = NULL; }
#endif
if ((exception_mask & (1 << i))
#if CONFIG_MACF
&& mac_exc_update_action_label(&host_priv->exc_actions[i], new_label) == 0
#endif
) {
for (j = 0; j < count; j++) {
if (host_priv->exc_actions[i].port == ports[j] &&
host_priv->exc_actions[i].behavior == behaviors[j]
&& host_priv->exc_actions[i].flavor == flavors[j]) {
masks[j] |= (1 << i);
break;
}
}
if (j == count) {
masks[j] = (1 << i);
ports[j] =
ipc_port_copy_send(host_priv->exc_actions[i].port);
behaviors[j] = host_priv->exc_actions[i].behavior;
flavors[j] = host_priv->exc_actions[i].flavor;
count++;
}
old_port[i] = host_priv->exc_actions[i].port;
host_priv->exc_actions[i].port =
ipc_port_copy_send(new_port);
host_priv->exc_actions[i].behavior = new_behavior;
host_priv->exc_actions[i].flavor = new_flavor;
} else {
old_port[i] = IP_NULL;
}
}
host_unlock(host_priv);
#if CONFIG_MACF
mac_exc_free_label(new_label);
#endif
while (--i >= FIRST_EXCEPTION) {
if (IP_VALID(old_port[i])) {
ipc_port_release_send(old_port[i]);
}
#if CONFIG_MACF
if (deferred_labels[i] != NULL) {
mac_exc_free_label(deferred_labels[i]); }
#endif
}
if (IP_VALID(new_port)) {
ipc_port_release_send(new_port);
}
*CountCnt = count;
return KERN_SUCCESS;
}