Lines Matching refs:session
69 * Each session owns a list of session policies, each of which can
71 * session also has a priority level (such as High, Default, or Low)
73 * a session order value is assigned to the session, which will be used
74 * to sort kernel policies generated by the session. The session client
83 * Whenever a session send the Apply command, its policies are ingested
87 * 1. The session policy is parsed to create kernel policies at the socket
119 * by a session with a priority level better than (numerically less than) the
122 * session orders to be dropped.
295 static void necp_delete_session(struct necp_session *session);
297 static void necp_handle_policy_add(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
298 static void necp_handle_policy_get(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
299 static void necp_handle_policy_delete(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
300 static void necp_handle_policy_apply_all(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
301 static void necp_handle_policy_list_all(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
302 static void necp_handle_policy_delete_all(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
303 static void necp_handle_set_session_priority(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
304 static void necp_handle_lock_session_to_proc(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
305 static void necp_handle_register_service(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
306 static void necp_handle_unregister_service(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset);
308 static struct necp_session_policy *necp_policy_create(struct necp_session *session, necp_policy_order order, u_int8_t *conditions_array, size_t conditions_array_size, u_int8_t *result, size_t result_size);
309 static struct necp_session_policy *necp_policy_find(struct necp_session *session, necp_policy_id policy_id);
310 static bool necp_policy_mark_for_deletion(struct necp_session *session, struct necp_session_policy *policy);
311 static bool necp_policy_mark_all_for_deletion(struct necp_session *session);
312 static bool necp_policy_delete(struct necp_session *session, struct necp_session_policy *policy);
313 static void necp_policy_apply_all(struct necp_session *session);
416 static bool necp_send_ctl_data(struct necp_session *session, u_int8_t *buffer, size_t buffer_size);
550 // Could not allocate session
561 struct necp_session *session = (struct necp_session *)unitinfo;
562 if (session != NULL) {
563 necp_policy_mark_all_for_deletion(session);
564 necp_policy_apply_all(session);
744 necp_send_ctl_data(struct necp_session *session, u_int8_t *buffer, size_t buffer_size)
748 if (necp_kctlref == NULL || session == NULL || buffer == NULL || buffer_size == 0) {
752 error = ctl_enqueuedata(necp_kctlref, session->control_unit, buffer, buffer_size, CTL_DATA_EOR);
758 necp_send_success_response(struct necp_session *session, u_int8_t packet_type, u_int32_t message_id)
772 if (!(success = necp_send_ctl_data(session, (u_int8_t *)response, response_size))) {
781 necp_send_error_response(struct necp_session *session, u_int8_t packet_type, u_int32_t message_id, u_int32_t error)
795 if (!(success = necp_send_ctl_data(session, (u_int8_t *)response, response_size))) {
804 necp_send_policy_id_response(struct necp_session *session, u_int8_t packet_type, u_int32_t message_id, necp_policy_id policy_id)
818 if (!(success = necp_send_ctl_data(session, (u_int8_t *)response, response_size))) {
830 struct necp_session *session = (struct necp_session *)unitinfo;
834 if (session == NULL) {
835 NECPLOG0(LOG_ERR, "Got a NULL session");
853 if (session->proc_locked) {
857 if (uuid_compare(proc_uuid, session->proc_uuid) != 0) {
858 necp_send_error_response(session, header.packet_type, header.message_id, NECP_ERROR_INVALID_PROCESS);
865 necp_handle_policy_add(session, header.message_id, packet, sizeof(header));
869 necp_handle_policy_get(session, header.message_id, packet, sizeof(header));
873 necp_handle_policy_delete(session, header.message_id, packet, sizeof(header));
877 necp_handle_policy_apply_all(session, header.message_id, packet, sizeof(header));
881 necp_handle_policy_list_all(session, header.message_id, packet, sizeof(header));
885 necp_handle_policy_delete_all(session, header.message_id, packet, sizeof(header));
889 necp_handle_set_session_priority(session, header.message_id, packet, sizeof(header));
893 necp_handle_lock_session_to_proc(session, header.message_id, packet, sizeof(header));
897 necp_handle_register_service(session, header.message_id, packet, sizeof(header));
901 necp_handle_unregister_service(session, header.message_id, packet, sizeof(header));
906 necp_send_error_response(session, header.packet_type, header.message_id, NECP_ERROR_UNKNOWN_PACKET_TYPE);
948 NECPLOG(LOG_DEBUG, "Create NECP session, control unit %d", control_unit);
962 necp_delete_session(struct necp_session *session)
964 if (session != NULL) {
967 LIST_FOREACH_SAFE(service, &session->services, session_chain, temp_service) {
975 NECPLOG0(LOG_DEBUG, "Deleted NECP session");
977 FREE(session, M_NECP);
1207 necp_handle_set_session_priority(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1218 NECPLOG(LOG_ERR, "Failed to get session priority: %d", error);
1223 if (session == NULL) {
1224 NECPLOG0(LOG_ERR, "Failed to find session");
1229 // Enforce special session priorities with entitlements
1239 if (session->session_priority != requested_session_priority) {
1240 session->session_priority = requested_session_priority;
1241 session->session_order = necp_allocate_new_session_order(session->session_priority, session->control_unit);
1242 session->dirty = TRUE;
1245 LIST_FOREACH_SAFE(policy, &session->policies, chain, temp_policy) {
1250 necp_send_success_response(session, NECP_PACKET_TYPE_SET_SESSION_PRIORITY, message_id);
1254 necp_send_error_response(session, NECP_PACKET_TYPE_SET_SESSION_PRIORITY, message_id, response_error);
1258 necp_handle_lock_session_to_proc(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1261 proc_getexecutableuuid(current_proc(), session->proc_uuid, sizeof(session->proc_uuid));
1262 session->proc_locked = TRUE;
1263 necp_send_success_response(session, NECP_PACKET_TYPE_LOCK_SESSION_TO_PROC, message_id);
1267 necp_handle_register_service(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1275 if (session == NULL) {
1276 NECPLOG0(LOG_ERR, "Failed to find session");
1306 LIST_INSERT_HEAD(&session->services, new_service, session_chain);
1310 necp_send_success_response(session, NECP_PACKET_TYPE_REGISTER_SERVICE, message_id);
1313 necp_send_error_response(session, NECP_PACKET_TYPE_REGISTER_SERVICE, message_id, response_error);
1317 necp_handle_unregister_service(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1327 if (session == NULL) {
1328 NECPLOG0(LOG_ERR, "Failed to find session");
1341 // Mark remove all matching services for this session
1345 LIST_FOREACH_SAFE(service, &session->services, session_chain, temp_service) {
1356 necp_send_success_response(session, NECP_PACKET_TYPE_REGISTER_SERVICE, message_id);
1359 necp_send_error_response(session, NECP_PACKET_TYPE_REGISTER_SERVICE, message_id, response_error);
1363 necp_handle_policy_add(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1493 if ((policy = necp_policy_create(session, order, conditions_array, conditions_array_size, policy_result, policy_result_size)) == NULL) {
1498 necp_send_policy_id_response(session, NECP_PACKET_TYPE_POLICY_ADD, message_id, policy->id);
1509 necp_send_error_response(session, NECP_PACKET_TYPE_POLICY_ADD, message_id, response_error);
1513 necp_handle_policy_get(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1535 policy = necp_policy_find(session, policy_id);
1547 necp_send_error_response(session, NECP_PACKET_TYPE_POLICY_LIST_ALL, message_id, NECP_ERROR_INTERNAL);
1562 if (!necp_send_ctl_data(session, (u_int8_t *)response, response_size)) {
1570 necp_send_error_response(session, NECP_PACKET_TYPE_POLICY_GET, message_id, response_error);
1574 necp_handle_policy_delete(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1590 policy = necp_policy_find(session, policy_id);
1597 necp_policy_mark_for_deletion(session, policy);
1599 necp_send_success_response(session, NECP_PACKET_TYPE_POLICY_DELETE, message_id);
1603 necp_send_error_response(session, NECP_PACKET_TYPE_POLICY_DELETE, message_id, response_error);
1607 necp_handle_policy_apply_all(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1610 necp_policy_apply_all(session);
1611 necp_send_success_response(session, NECP_PACKET_TYPE_POLICY_APPLY_ALL, message_id);
1615 necp_handle_policy_list_all(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1626 LIST_FOREACH(policy, &session->policies, chain) {
1636 necp_send_error_response(session, NECP_PACKET_TYPE_POLICY_LIST_ALL, message_id, NECP_ERROR_INTERNAL);
1643 LIST_FOREACH(policy, &session->policies, chain) {
1650 if (!necp_send_ctl_data(session, (u_int8_t *)response, response_size)) {
1658 necp_handle_policy_delete_all(struct necp_session *session, u_int32_t message_id, mbuf_t packet, int offset)
1661 necp_policy_mark_all_for_deletion(session);
1662 necp_send_success_response(session, NECP_PACKET_TYPE_POLICY_DELETE_ALL, message_id);
1689 necp_policy_create(struct necp_session *session, necp_policy_order order, u_int8_t *conditions_array, size_t conditions_array_size, u_int8_t *result, size_t result_size)
1694 if (session == NULL || conditions_array == NULL || result == NULL || result_size == 0) {
1714 LIST_INSERT_SORTED_ASCENDING(&session->policies, new_policy, chain, order, tmp_policy);
1716 session->dirty = TRUE;
1726 necp_policy_find(struct necp_session *session, necp_policy_id policy_id)
1733 LIST_FOREACH(policy, &session->policies, chain) {
1772 necp_policy_mark_for_deletion(struct necp_session *session, struct necp_session_policy *policy)
1774 if (session == NULL || policy == NULL) {
1779 session->dirty = TRUE;
1788 necp_policy_mark_all_for_deletion(struct necp_session *session)
1793 LIST_FOREACH_SAFE(policy, &session->policies, chain, temp_policy) {
1794 necp_policy_mark_for_deletion(session, policy);
1801 necp_policy_delete(struct necp_session *session, struct necp_session_policy *policy)
1803 if (session == NULL || policy == NULL) {
1898 necp_policy_apply(struct necp_session *session, struct necp_session_policy *policy)
2289 necp_kernel_policy_id policy_id = necp_kernel_socket_policy_add(policy->id, policy->order, session->session_order, master_condition_mask, master_condition_negated_mask, cond_app_id, cond_real_app_id, cond_account_id, cond_domain, cond_pid, cond_uid, cond_bound_interface, cond_traffic_class, cond_protocol, &cond_local_start, &cond_local_end, cond_local_prefix, &cond_remote_start, &cond_remote_end, cond_remote_prefix, ultimate_result, ultimate_result_parameter);
2301 necp_kernel_policy_id policy_id = necp_kernel_ip_output_policy_add(policy->id, policy->order, NECP_KERNEL_POLICY_SUBORDER_NON_ID_CONDITIONS, session->session_order, master_condition_mask, master_condition_negated_mask, NECP_KERNEL_POLICY_ID_NONE, cond_bound_interface, 0, cond_protocol, &cond_local_start, &cond_local_end, cond_local_prefix, &cond_remote_start, &cond_remote_end, cond_remote_prefix, ultimate_result, ultimate_result_parameter);
2312 necp_kernel_policy_id policy_id = necp_kernel_ip_output_policy_add(policy->id, policy->order, NECP_KERNEL_POLICY_SUBORDER_ID_CONDITION, session->session_order, NECP_KERNEL_CONDITION_POLICY_ID | NECP_KERNEL_CONDITION_ALL_INTERFACES, 0, cond_ip_output_layer_id, NULL, 0, 0, NULL, NULL, 0, NULL, NULL, 0, ultimate_result, ultimate_result_parameter);
2324 necp_kernel_policy_id policy_id = necp_kernel_ip_output_policy_add(policy->id, policy->order, NECP_KERNEL_POLICY_SUBORDER_NON_ID_TUNNEL_CONDITION, session->session_order, NECP_KERNEL_CONDITION_POLICY_ID | NECP_KERNEL_CONDITION_LAST_INTERFACE | NECP_KERNEL_CONDITION_ALL_INTERFACES, 0, policy->kernel_ip_output_policies[NECP_KERNEL_POLICY_SUBORDER_NON_ID_CONDITIONS], NULL, cond_last_interface_index, 0, NULL, NULL, 0, NULL, NULL, 0, secondary_result, secondary_result_parameter);
2335 necp_kernel_policy_id policy_id = necp_kernel_ip_output_policy_add(policy->id, policy->order, NECP_KERNEL_POLICY_SUBORDER_ID_TUNNEL_CONDITION, session->session_order, NECP_KERNEL_CONDITION_POLICY_ID | NECP_KERNEL_CONDITION_LAST_INTERFACE | NECP_KERNEL_CONDITION_ALL_INTERFACES, 0, policy->kernel_ip_output_policies[NECP_KERNEL_POLICY_SUBORDER_ID_CONDITION], NULL, cond_last_interface_index, 0, NULL, NULL, 0, NULL, NULL, 0, secondary_result, secondary_result_parameter);
2354 necp_policy_apply_all(struct necp_session *session)
2362 if (session->dirty) {
2363 LIST_FOREACH_SAFE(policy, &session->policies, chain, temp_policy) {
2369 necp_policy_delete(session, policy);
2371 necp_policy_apply(session, policy);
2375 necp_policy_apply(session, policy);
2384 session->dirty = FALSE;
2396 // Kernel policies are derived from session policies
2615 // A skip cannot override a policy of a different session
2647 // If we've moved on to the next session, or passed the skip window
3391 // A skip cannot override a policy of a different session
3423 // If we've moved on to the next session, or passed the skip window