Lines Matching defs:imgp
236 static int exec_activate_image(struct image_params *imgp);
237 static int exec_copyout_strings(struct image_params *imgp, user_addr_t *stackp);
239 static int execargs_alloc(struct image_params *imgp);
240 static int execargs_free(struct image_params *imgp);
241 static int exec_check_permissions(struct image_params *imgp);
242 static int exec_extract_strings(struct image_params *imgp);
243 static int exec_add_apple_strings(struct image_params *imgp);
244 static int exec_handle_sugid(struct image_params *imgp);
252 static errno_t exec_handle_port_actions(struct image_params *imgp, short psa_flags, boolean_t * portwatch_present, ipc_port_t * portwatch_ports);
270 * (imgp->ip_strendp) updated location of next add, if any
271 * (imgp->ip_strspace) updated byte count of space remaining
272 * (imgp->ip_argspace) updated byte count of space in NCARGS
275 exec_add_user_string(struct image_params *imgp, user_addr_t str, int seg, boolean_t is_ncargs)
284 space = imgp->ip_argspace; /* by definition smaller than ip_strspace */
286 space = imgp->ip_strspace;
295 error = copystr(kstr, imgp->ip_strendp, space, &len);
297 error = copyinstr(str, imgp->ip_strendp, space, &len);
300 imgp->ip_strendp += len;
301 imgp->ip_strspace -= len;
303 imgp->ip_argspace -= len;
331 * (imgp->ip_strings) saved path
332 * (imgp->ip_strspace) space remaining in ip_strings
333 * (imgp->ip_strendp) start of remaining copy area
334 * (imgp->ip_argspace) space remaining of NCARGS
335 * (imgp->ip_applec) Initial applev[0]
345 exec_save_path(struct image_params *imgp, user_addr_t path, int seg)
351 len = MIN(MAXPATHLEN, imgp->ip_strspace);
356 error = copyinstr(path, imgp->ip_strings, len, &len);
360 error = copystr(kpath, imgp->ip_strings, len, &len);
368 imgp->ip_strendp += len;
369 imgp->ip_strspace -= len;
386 * (imgp->ip_strings) saved path
387 * (imgp->ip_strspace) space remaining in ip_strings
388 * (imgp->ip_strendp) start of remaining copy area
389 * (imgp->ip_argspace) space remaining of NCARGS
393 exec_reset_save_path(struct image_params *imgp)
395 imgp->ip_strendp = imgp->ip_strings;
396 imgp->ip_argspace = NCARGS;
397 imgp->ip_strspace = ( NCARGS + PAGE_SIZE );
424 exec_shell_imgact(struct image_params *imgp)
426 char *vdata = imgp->ip_vdata;
445 (imgp->ip_flags & IMGPF_INTERPRET) != 0) {
449 imgp->ip_flags |= IMGPF_INTERPRET;
450 imgp->ip_interp_sugid_fd = -1;
451 imgp->ip_interp_buffer[0] = '\0';
455 * imgp->ip_vattr is known to be valid.
458 imgp->ip_origvattr->va_mode &= ~(VSUID | VSGID);
512 interp = imgp->ip_interp_buffer;
517 exec_reset_save_path(imgp);
518 exec_save_path(imgp, CAST_USER_ADDR_T(imgp->ip_interp_buffer),
522 interp = imgp->ip_interp_buffer;
532 if (imgp->ip_origvattr->va_mode & (VSUID | VSGID)) {
533 p = vfs_context_proc(imgp->ip_vfs_context);
534 error = falloc(p, &fp, &fd, imgp->ip_vfs_context);
540 fp->f_fglob->fg_data = (caddr_t)imgp->ip_vp;
546 vnode_ref(imgp->ip_vp);
548 imgp->ip_interp_sugid_fd = fd;
583 exec_fat_imgact(struct image_params *imgp)
585 proc_t p = vfs_context_proc(imgp->ip_vfs_context);
587 struct fat_header *fat_header = (struct fat_header *)imgp->ip_vdata;
604 int vfexec = (imgp->ip_flags & IMGPF_VFORK_EXEC);
605 int spawn = (imgp->ip_flags & IMGPF_SPAWN);
607 archs = (struct fat_arch *)(imgp->ip_vdata + sizeof(struct fat_header));
615 printf("Attempt to execute malformed binary %s\n", imgp->ip_strings);
639 psa = (struct _posix_spawnattr *) imgp->ip_px_sa;
682 lret = fatfile_getarch_affinity(imgp->ip_vp,
693 error = vn_rdwr(UIO_READ, imgp->ip_vp, imgp->ip_vdata,
709 imgp->ip_arch_offset = (user_size_t)fat_arch.offset;
710 imgp->ip_arch_size = (user_size_t)fat_arch.size;
741 exec_mach_imgact(struct image_params *imgp)
743 struct mach_header *mach_header = (struct mach_header *)imgp->ip_vdata;
744 proc_t p = vfs_context_proc(imgp->ip_vfs_context);
755 int spawn = (imgp->ip_flags & IMGPF_SPAWN);
756 int vfexec = (imgp->ip_flags & IMGPF_VFORK_EXEC);
783 if (!imgp->ip_origcputype) {
784 imgp->ip_origcputype = mach_header->cputype;
785 imgp->ip_origcpusubtype = mach_header->cpusubtype;
793 imgp->ip_flags |= IMGPF_IS_64BIT;
796 psa = (struct _posix_spawnattr *) imgp->ip_px_sa;
812 if (pref == imgp->ip_origcputype) {
821 if (!grade_binary(imgp->ip_origcputype, imgp->ip_origcpusubtype & ~CPU_SUBTYPE_MASK)) {
827 error = exec_extract_strings(imgp);
831 error = exec_add_apple_strings(imgp);
835 AUDIT_ARG(argv, imgp->ip_startargv, imgp->ip_argc,
836 imgp->ip_endargv - imgp->ip_startargv);
837 AUDIT_ARG(envv, imgp->ip_endargv, imgp->ip_envc,
838 imgp->ip_endenvv - imgp->ip_endargv);
849 imgp->ip_new_thread = fork_create_child(task, COALITION_NULL, p, FALSE, (imgp->ip_flags & IMGPF_IS_64BIT));
850 if (imgp->ip_new_thread == NULL) {
857 thread = imgp->ip_new_thread;
870 if (imgp->ip_flags & IMGPF_IS_64BIT) {
893 lret = load_machfile(imgp, mach_header, thread, map, &load_result);
901 p->p_cputype = imgp->ip_origcputype;
902 p->p_cpusubtype = imgp->ip_origcpusubtype;
912 imgp->ip_csflags |= load_result.csflags &
917 imgp->ip_csflags &= ~CS_VALID;
921 imgp->ip_csflags |= CS_HARD;
923 imgp->ip_csflags |= CS_KILL;
925 imgp->ip_csflags |= CS_ENFORCEMENT;
927 imgp->ip_csflags |= CS_INSTALLER;
946 error = exec_handle_sugid(imgp);
954 if (imgp->ip_new_thread == NULL)
981 error = exec_copyout_strings(imgp, &ap);
993 int new_ptr_size = (imgp->ip_flags & IMGPF_IS_64BIT) ? 8 : 4;
1009 exec_prefault_data(p, imgp, &load_result);
1049 if (0 != imgp->ip_p_comm[0]) {
1050 bcopy((caddr_t)imgp->ip_p_comm, (caddr_t)p->p_comm,
1053 if (imgp->ip_ndp->ni_cnd.cn_namelen > MAXCOMLEN)
1054 imgp->ip_ndp->ni_cnd.cn_namelen = MAXCOMLEN;
1055 bcopy((caddr_t)imgp->ip_ndp->ni_cnd.cn_nameptr, (caddr_t)p->p_comm,
1056 (unsigned)imgp->ip_ndp->ni_cnd.cn_namelen);
1057 p->p_comm[imgp->ip_ndp->ni_cnd.cn_namelen] = '\0';
1139 if (imgp->ip_px_sa != NULL) {
1140 psa = (struct _posix_spawnattr *) imgp->ip_px_sa;
1227 * the image associated with the imgp structure. We start with
1249 exec_activate_image(struct image_params *imgp)
1257 proc_t p = vfs_context_proc(imgp->ip_vfs_context);
1259 error = execargs_alloc(imgp);
1263 error = exec_save_path(imgp, imgp->ip_user_fname, imgp->ip_seg);
1268 /* Use imgp->ip_strings, which contains the copyin-ed exec path */
1269 DTRACE_PROC1(exec, uintptr_t, imgp->ip_strings);
1278 UIO_SYSSPACE, CAST_USER_ADDR_T(imgp->ip_strings), imgp->ip_vfs_context);
1284 imgp->ip_ndp = ndp; /* successful namei(); call nameidone() later */
1285 imgp->ip_vp = ndp->ni_vp; /* if set, need to vnode_put() at some point */
1304 error = exec_check_permissions(imgp);
1311 *imgp->ip_origvattr = *imgp->ip_vattr;
1314 error = vn_rdwr(UIO_READ, imgp->ip_vp, imgp->ip_vdata, PAGE_SIZE, 0,
1316 vfs_context_ucred(imgp->ip_vfs_context),
1317 &resid, vfs_context_proc(imgp->ip_vfs_context));
1330 error = (*execsw[i].ex_imgact)(imgp);
1344 if (imgp->ip_scriptlabelp)
1345 mac_vnode_label_free(imgp->ip_scriptlabelp);
1346 imgp->ip_scriptlabelp = mac_vnode_label_alloc();
1347 if (imgp->ip_scriptlabelp == NULL) {
1351 mac_vnode_label_copy(imgp->ip_vp->v_label,
1352 imgp->ip_scriptlabelp);
1357 if (imgp->ip_scriptvp)
1358 vnode_put(imgp->ip_scriptvp);
1359 if (vnode_getwithref(imgp->ip_vp) == 0)
1360 imgp->ip_scriptvp = imgp->ip_vp;
1365 vnode_put(imgp->ip_vp);
1366 imgp->ip_vp = NULL; /* already put */
1367 imgp->ip_ndp = NULL; /* already nameidone */
1369 /* Use imgp->ip_strings, which exec_shell_imgact reset to the interpreter */
1371 UIO_SYSSPACE, CAST_USER_ADDR_T(imgp->ip_strings), imgp->ip_vfs_context);
1386 kauth_authorize_fileop(vfs_context_ucred(imgp->ip_vfs_context),
1395 if (imgp->ip_strings)
1396 execargs_free(imgp);
1397 if (imgp->ip_ndp)
1398 nameidone(imgp->ip_ndp);
1494 exec_handle_port_actions(struct image_params *imgp, short psa_flags, boolean_t * portwatch_present, ipc_port_t * portwatch_ports)
1496 _posix_spawn_port_actions_t pacts = imgp->ip_px_spa;
1497 proc_t p = vfs_context_proc(imgp->ip_vfs_context);
1587 exec_handle_file_actions(struct image_params *imgp, short psa_flags)
1591 proc_t p = vfs_context_proc(imgp->ip_vfs_context);
1592 _posix_spawn_file_actions_t px_sfap = imgp->ip_px_sfa;
1632 imgp->ip_vfs_context);
1634 error = open1(imgp->ip_vfs_context,
1915 struct image_params *imgp;
1939 MALLOC(bufp, char *, (sizeof(*imgp) + sizeof(*vap) + sizeof(*origvap)), M_TEMP, M_WAITOK | M_ZERO);
1940 imgp = (struct image_params *) bufp;
1945 vap = (struct vnode_attr *) (bufp + sizeof(*imgp));
1946 origvap = (struct vnode_attr *) (bufp + sizeof(*imgp) + sizeof(*vap));
1949 imgp->ip_user_fname = uap->path;
1950 imgp->ip_user_argv = uap->argv;
1951 imgp->ip_user_envv = uap->envp;
1952 imgp->ip_vattr = vap;
1953 imgp->ip_origvattr = origvap;
1954 imgp->ip_vfs_context = &context;
1955 imgp->ip_flags = (is_64 ? IMGPF_WAS_64BIT : IMGPF_NONE);
1956 imgp->ip_p_comm = alt_p_comm; /* for PowerPC */
1957 imgp->ip_seg = (is_64 ? UIO_USERSPACE64 : UIO_USERSPACE32);
1958 imgp->ip_mac_return = 0;
1996 imgp->ip_px_sa = &px_sa;
2011 imgp->ip_px_sfa = px_sfap;
2037 imgp->ip_px_spa = px_spap;
2051 if ((error = spawn_copyin_macpolicyinfo(&px_args, (_posix_spawn_mac_policy_extensions_t *)&imgp->ip_px_smpx)) != 0)
2077 if (imgp->ip_px_sa == NULL || !(px_sa.psa_flags & POSIX_SPAWN_SETEXEC)){
2085 if (imgp->ip_px_sa) {
2103 error = fork1(p, &imgp->ip_new_thread, PROC_CREATE_SPAWN, coal);
2114 imgp->ip_flags |= IMGPF_SPAWN; /* spawn w/o exec */
2126 p = (proc_t)get_bsdthreadtask_info(imgp->ip_new_thread);
2146 context.vc_thread = imgp->ip_new_thread;
2156 if (imgp->ip_px_sfa != NULL) {
2161 if ((error = exec_handle_file_actions(imgp,
2162 imgp->ip_px_sa != NULL ? px_sa.psa_flags : 0)) != 0)
2167 if (imgp->ip_px_spa != NULL) {
2172 if (imgp->ip_px_sa != NULL && px_sa.psa_apptype == POSIX_SPAWN_PROC_TYPE_DAEMON_ADAPTIVE)
2187 if ((error = exec_handle_port_actions(imgp,
2188 imgp->ip_px_sa != NULL ? px_sa.psa_flags : 0, &portwatch_present, portwatch_ports)) != 0)
2199 if (imgp->ip_px_sa != NULL) {
2255 imgp->ip_flags |= IMGPF_ALLOW_DATA_EXEC;
2264 imgp->ip_flags |= IMGPF_DISABLE_ASLR;
2279 error = mac_execve_enter(uap->mac_p, imgp);
2288 error = exec_activate_image(imgp);
2307 if (!error && imgp->ip_px_sa != NULL) {
2317 child_thread = imgp->ip_new_thread;
2378 if (imgp->ip_px_sa != NULL) {
2395 exec_resettextvp(p, imgp);
2399 if (imgp->ip_px_sa != NULL && (px_sa.psa_jetsam_flags & POSIX_SPAWN_JETSAM_SET)) {
2449 if (error == 0 && imgp->ip_px_sa != NULL) {
2450 struct _posix_spawnattr *psa = (struct _posix_spawnattr *) imgp->ip_px_sa;
2458 thread_t main_thread = (imgp->ip_new_thread != NULL) ? imgp->ip_new_thread : current_thread();
2486 error = check_for_signature(p, imgp);
2492 if (imgp != NULL && spawn_no_exec && (p->p_lflag & P_LTRACED)) {
2493 psignal_vfork(p, p->task, imgp->ip_new_thread, SIGTRAP);
2498 if (imgp != NULL) {
2499 if (imgp->ip_vp)
2500 vnode_put(imgp->ip_vp);
2501 if (imgp->ip_scriptvp)
2502 vnode_put(imgp->ip_scriptvp);
2503 if (imgp->ip_strings)
2504 execargs_free(imgp);
2505 if (imgp->ip_px_sfa != NULL)
2506 FREE(imgp->ip_px_sfa, M_TEMP);
2507 if (imgp->ip_px_spa != NULL)
2508 FREE(imgp->ip_px_spa, M_TEMP);
2511 if (imgp->ip_px_smpx != NULL)
2512 spawn_free_macpolicyinfo(imgp->ip_px_smpx);
2513 if (imgp->ip_execlabelp)
2514 mac_cred_label_free(imgp->ip_execlabelp);
2515 if (imgp->ip_scriptlabelp)
2516 mac_vnode_label_free(imgp->ip_scriptlabelp);
2548 dtrace_thread_didexec(imgp->ip_new_thread);
2563 if (imgp != NULL && spawn_no_exec) {
2586 task_deallocate(get_threadtask(imgp->ip_new_thread));
2587 thread_deallocate(imgp->ip_new_thread);
2604 (void)thread_resume(imgp->ip_new_thread);
2684 struct image_params *imgp;
2699 MALLOC(bufp, char *, (sizeof(*imgp) + sizeof(*vap) + sizeof(*origvap)), M_TEMP, M_WAITOK | M_ZERO);
2700 imgp = (struct image_params *) bufp;
2705 vap = (struct vnode_attr *) (bufp + sizeof(*imgp));
2706 origvap = (struct vnode_attr *) (bufp + sizeof(*imgp) + sizeof(*vap));
2709 imgp->ip_user_fname = uap->fname;
2710 imgp->ip_user_argv = uap->argp;
2711 imgp->ip_user_envv = uap->envp;
2712 imgp->ip_vattr = vap;
2713 imgp->ip_origvattr = origvap;
2714 imgp->ip_vfs_context = &context;
2715 imgp->ip_flags = (is_64 ? IMGPF_WAS_64BIT : IMGPF_NONE) | ((p->p_flag & P_DISABLE_ASLR) ? IMGPF_DISABLE_ASLR : IMGPF_NONE);
2716 imgp->ip_p_comm = alt_p_comm; /* for PowerPC */
2717 imgp->ip_seg = (is_64 ? UIO_USERSPACE64 : UIO_USERSPACE32);
2718 imgp->ip_mac_return = 0;
2722 imgp->ip_flags |= IMGPF_VFORK_EXEC;
2727 error = mac_execve_enter(uap->mac_p, imgp);
2735 error = exec_activate_image(imgp);
2744 exec_resettextvp(p, imgp);
2745 error = check_for_signature(p, imgp);
2747 if (imgp->ip_vp != NULLVP)
2748 vnode_put(imgp->ip_vp);
2749 if (imgp->ip_scriptvp != NULLVP)
2750 vnode_put(imgp->ip_scriptvp);
2751 if (imgp->ip_strings)
2752 execargs_free(imgp);
2754 if (imgp->ip_execlabelp)
2755 mac_cred_label_free(imgp->ip_execlabelp);
2756 if (imgp->ip_scriptlabelp)
2757 mac_vnode_label_free(imgp->ip_scriptlabelp);
2763 thread_t main_thread = (imgp->ip_new_thread != NULL) ? imgp->ip_new_thread : current_thread();
2780 if (imgp->ip_flags & IMGPF_VFORK_EXEC) {
2782 (void)thread_resume(imgp->ip_new_thread);
2937 exec_copyout_strings(struct image_params *imgp, user_addr_t *stackp)
2939 proc_t p = vfs_context_proc(imgp->ip_vfs_context);
2940 int ptr_size = (imgp->ip_flags & IMGPF_IS_64BIT) ? 8 : 4;
2961 .start_string = imgp->ip_startargv,
2962 .count = imgp->ip_argc,
2969 .start_string = imgp->ip_endargv,
2970 .count = imgp->ip_envc,
2977 .start_string = imgp->ip_strings,
2985 .start_string = imgp->ip_endenvv,
2986 .count = imgp->ip_applec - 1, /* exec_path handled above */
3000 if (imgp->ip_strspace % ptr_size != 0) {
3006 string_size = imgp->ip_strendp - imgp->ip_strings;
3014 ptr_area_size = (imgp->ip_argc + imgp->ip_envc + imgp->ip_applec + 3) *
3023 ptr_buffer_start = ptr_buffer = (void *)imgp->ip_strendp;
3036 p->p_argc = imgp->ip_argc;
3046 error = copyout(imgp->ip_strings, string_area,
3068 user_addr_t cur_address = string_area + (cur_string - imgp->ip_strings);
3101 error = copyoutptr((user_addr_t)imgp->ip_argc, argc_area, ptr_size);
3128 * (imgp->ip_argc) Count of arguments, updated
3129 * (imgp->ip_envc) Count of environment strings, updated
3130 * (imgp->ip_argspace) Count of remaining of NCARGS
3131 * (imgp->ip_interp_buffer) Interpreter and args (mutated in place)
3138 exec_extract_strings(struct image_params *imgp)
3141 int ptr_size = (imgp->ip_flags & IMGPF_WAS_64BIT) ? 8 : 4;
3142 int new_ptr_size = (imgp->ip_flags & IMGPF_IS_64BIT) ? 8 : 4;
3143 user_addr_t argv = imgp->ip_user_argv;
3144 user_addr_t envv = imgp->ip_user_envv;
3151 while (imgp->ip_strspace % new_ptr_size != 0) {
3152 *imgp->ip_strendp++ = '\0';
3153 imgp->ip_strspace--;
3154 /* imgp->ip_argspace--; not counted towards exec args total */
3160 imgp->ip_startargv = imgp->ip_strendp;
3161 imgp->ip_argc = 0;
3163 if((imgp->ip_flags & IMGPF_INTERPRET) != 0) {
3168 argstart = imgp->ip_interp_buffer;
3177 error = exec_add_user_string(imgp, CAST_USER_ADDR_T(argstart), UIO_SYSSPACE, TRUE);
3182 error = exec_add_user_string(imgp, CAST_USER_ADDR_T(argstart), UIO_SYSSPACE, TRUE);
3197 if (imgp->ip_argspace < new_ptr_size) {
3201 imgp->ip_argspace -= new_ptr_size; /* to hold argv[] entry */
3202 imgp->ip_argc++;
3220 if (imgp->ip_interp_sugid_fd != -1) {
3222 snprintf(temp, sizeof(temp), "/dev/fd/%d", imgp->ip_interp_sugid_fd);
3223 error = exec_add_user_string(imgp, CAST_USER_ADDR_T(temp), UIO_SYSSPACE, TRUE);
3225 error = exec_add_user_string(imgp, imgp->ip_user_fname, imgp->ip_seg, TRUE);
3230 if (imgp->ip_argspace < new_ptr_size) {
3234 imgp->ip_argspace -= new_ptr_size; /* to hold argv[] entry */
3235 imgp->ip_argc++;
3254 error = exec_add_user_string(imgp, arg, imgp->ip_seg, TRUE);
3257 if (imgp->ip_argspace < new_ptr_size) {
3261 imgp->ip_argspace -= new_ptr_size; /* to hold argv[] entry */
3262 imgp->ip_argc++;
3266 if (imgp->ip_argspace < new_ptr_size) {
3270 imgp->ip_argspace -= new_ptr_size;
3273 imgp->ip_endargv = imgp->ip_strendp;
3274 imgp->ip_envc = 0;
3291 error = exec_add_user_string(imgp, env, imgp->ip_seg, TRUE);
3294 if (imgp->ip_argspace < new_ptr_size) {
3298 imgp->ip_argspace -= new_ptr_size; /* to hold envv[] entry */
3299 imgp->ip_envc++;
3303 if (imgp->ip_argspace < new_ptr_size) {
3307 imgp->ip_argspace -= new_ptr_size;
3310 while (imgp->ip_strspace % new_ptr_size != 0) {
3311 if (imgp->ip_argspace < 1) {
3315 *imgp->ip_strendp++ = '\0';
3316 imgp->ip_strspace--;
3317 imgp->ip_argspace--;
3321 imgp->ip_endenvv = imgp->ip_strendp;
3400 exec_add_apple_strings(struct image_params *imgp)
3412 if( imgp->ip_flags & IMGPF_IS_64BIT) {
3420 imgp->ip_applec = 1;
3423 error = exec_add_user_string(imgp, CAST_USER_ADDR_T(pfz_string),UIO_SYSSPACE,FALSE);
3426 imgp->ip_applec++;
3429 if (imgp->ip_px_sa) {
3430 int proc_flags = (((struct _posix_spawnattr *) imgp->ip_px_sa)->psa_flags);
3436 error = exec_add_user_string(imgp, CAST_USER_ADDR_T(uiapp_string),UIO_SYSSPACE,FALSE);
3439 imgp->ip_applec++;
3458 error = exec_add_user_string(imgp, CAST_USER_ADDR_T(guard_vec), UIO_SYSSPACE, FALSE);
3461 imgp->ip_applec++;
3474 error = exec_add_user_string(imgp, CAST_USER_ADDR_T(entropy_vec), UIO_SYSSPACE, FALSE);
3477 imgp->ip_applec++;
3480 while (imgp->ip_strspace % new_ptr_size != 0) {
3481 *imgp->ip_strendp++ = '\0';
3482 imgp->ip_strspace--;
3508 exec_check_permissions(struct image_params *imgp)
3510 struct vnode *vp = imgp->ip_vp;
3511 struct vnode_attr *vap = imgp->ip_vattr;
3512 proc_t p = vfs_context_proc(imgp->ip_vfs_context);
3528 if ((error = vnode_getattr(vp, vap, imgp->ip_vfs_context)) != 0)
3543 imgp->ip_arch_offset = (user_size_t)0;
3544 imgp->ip_arch_size = vap->va_data_size;
3555 imgp->ip_flags &= ~(IMGPF_ALLOW_DATA_EXEC | IMGPF_DISABLE_ASLR);
3558 error = mac_vnode_check_exec(imgp->ip_vfs_context, vp, imgp);
3568 if ((error = vnode_authorize(vp, NULL, action, imgp->ip_vfs_context)) != 0)
3616 exec_handle_sugid(struct image_params *imgp)
3618 kauth_cred_t cred = vfs_context_ucred(imgp->ip_vfs_context);
3619 proc_t p = vfs_context_proc(imgp->ip_vfs_context);
3638 imgp->ip_vfs_context,
3639 imgp->ip_vp,
3640 imgp->ip_arch_offset,
3641 imgp->ip_scriptvp,
3642 imgp->ip_scriptlabelp,
3643 imgp->ip_execlabelp,
3645 imgp->ip_px_smpx);
3664 if (((imgp->ip_origvattr->va_mode & VSUID) != 0 &&
3665 kauth_cred_getuid(cred) != imgp->ip_origvattr->va_uid) ||
3666 ((imgp->ip_origvattr->va_mode & VSGID) != 0 &&
3667 ((kauth_cred_ismember_gid(cred, imgp->ip_origvattr->va_gid, &leave_sugid_clear) || !leave_sugid_clear) ||
3668 (kauth_cred_getgid(cred) != imgp->ip_origvattr->va_gid)))) {
3691 if (imgp->ip_origvattr->va_mode & VSUID) {
3692 p->p_ucred = kauth_cred_setresuid(p->p_ucred, KAUTH_UID_NONE, imgp->ip_origvattr->va_uid, imgp->ip_origvattr->va_uid, KAUTH_UID_NONE);
3696 if (imgp->ip_origvattr->va_mode & VSGID) {
3697 p->p_ucred = kauth_cred_setresgid(p->p_ucred, KAUTH_GID_NONE, imgp->ip_origvattr->va_gid, imgp->ip_origvattr->va_gid);
3711 imgp->ip_vfs_context,
3712 imgp->ip_vp,
3713 imgp->ip_arch_offset,
3714 imgp->ip_scriptvp,
3715 imgp->ip_scriptlabelp,
3716 imgp->ip_execlabelp,
3717 &imgp->ip_csflags,
3718 imgp->ip_px_smpx,
3735 imgp->ip_mac_return = label_update_return;
3738 mac_reset_ipc = mac_proc_check_inherit_ipc_ports(p, p->p_textvp, p->p_textoff, imgp->ip_vp, imgp->ip_arch_offset, imgp->ip_scriptvp);
3759 ipc_thread_reset((imgp->ip_new_thread != NULL) ?
3760 imgp->ip_new_thread : current_thread());
3802 &fp, &indx, imgp->ip_vfs_context)) != 0)
3813 imgp->ip_vfs_context);
4196 execargs_alloc(struct image_params *imgp)
4220 imgp->ip_strings = (char *)(execargs_cache[i]);
4231 kret = execargs_purgeable_allocate(&imgp->ip_strings);
4234 kret = execargs_purgeable_reference(imgp->ip_strings);
4242 imgp->ip_vdata = imgp->ip_strings + ( NCARGS + PAGE_SIZE );
4243 imgp->ip_strendp = imgp->ip_strings;
4244 imgp->ip_argspace = NCARGS;
4245 imgp->ip_strspace = ( NCARGS + PAGE_SIZE );
4264 execargs_free(struct image_params *imgp)
4270 kret = execargs_purgeable_volatilize(imgp->ip_strings);
4278 execargs_cache[i] = (vm_offset_t) imgp->ip_strings;
4279 imgp->ip_strings = NULL;
4284 assert(imgp->ip_strings == NULL);
4298 exec_resettextvp(proc_t p, struct image_params *imgp)
4305 vp = imgp->ip_vp;
4306 offset = imgp->ip_arch_offset;
4388 check_for_signature(proc_t p, struct image_params *imgp)
4396 int spawn = (imgp->ip_flags & IMGPF_SPAWN);
4397 int vfexec = (imgp->ip_flags & IMGPF_VFORK_EXEC);
4405 p->p_csflags = imgp->ip_csflags;
4418 if (imgp->ip_mac_return != 0) {
4419 error = imgp->ip_mac_return;
4479 psignal_vfork(p, p->task, imgp->ip_new_thread, SIGKILL);
4498 static void exec_prefault_data(proc_t p __unused, struct image_params *imgp, load_result_t *load_result)
4513 if (imgp->ip_flags & IMGPF_IS_64BIT) {
4559 if (imgp->ip_flags & IMGPF_IS_64BIT) {