1/* 2 * Copyright (c) 2004-2010 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28/* 29 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce 30 * support for mandatory and extensible security protections. This notice 31 * is included in support of clause 2.2 (b) of the Apple Public License, 32 * Version 2.0. 33 */ 34 35#ifndef _SYS_KAUTH_H 36#define _SYS_KAUTH_H 37 38#include <sys/appleapiopts.h> 39#include <sys/cdefs.h> 40#include <mach/boolean.h> 41#include <sys/_types.h> /* __offsetof() */ 42#include <sys/syslimits.h> /* NGROUPS_MAX */ 43 44#ifdef __APPLE_API_EVOLVING 45 46/* 47 * Identities. 48 */ 49 50#define KAUTH_UID_NONE (~(uid_t)0 - 100) /* not a valid UID */ 51#define KAUTH_GID_NONE (~(gid_t)0 - 100) /* not a valid GID */ 52 53#include <sys/_types/_guid_t.h> 54 55/* NT Security Identifier, structure as defined by Microsoft */ 56#pragma pack(1) /* push packing of 1 byte */ 57typedef struct { 58 u_int8_t sid_kind; 59 u_int8_t sid_authcount; 60 u_int8_t sid_authority[6]; 61#define KAUTH_NTSID_MAX_AUTHORITIES 16 62 u_int32_t sid_authorities[KAUTH_NTSID_MAX_AUTHORITIES]; 63} ntsid_t; 64#pragma pack() /* pop packing to previous packing level */ 65#define _NTSID_T 66 67/* valid byte count inside a SID structure */ 68#define KAUTH_NTSID_HDRSIZE (8) 69#define KAUTH_NTSID_SIZE(_s) (KAUTH_NTSID_HDRSIZE + ((_s)->sid_authcount * sizeof(u_int32_t))) 70 71/* 72 * External lookup message payload; this structure is shared between the 73 * kernel group membership resolver, and the user space group membership 74 * resolver daemon, and is use to communicate resolution requests from the 75 * kernel to user space, and the result of that request from user space to 76 * the kernel. 77 */ 78struct kauth_identity_extlookup { 79 u_int32_t el_seqno; /* request sequence number */ 80 u_int32_t el_result; /* lookup result */ 81#define KAUTH_EXTLOOKUP_SUCCESS 0 /* results here are good */ 82#define KAUTH_EXTLOOKUP_BADRQ 1 /* request badly formatted */ 83#define KAUTH_EXTLOOKUP_FAILURE 2 /* transient failure during lookup */ 84#define KAUTH_EXTLOOKUP_FATAL 3 /* permanent failure during lookup */ 85#define KAUTH_EXTLOOKUP_INPROG 100 /* request in progress */ 86 u_int32_t el_flags; 87#define KAUTH_EXTLOOKUP_VALID_UID (1<<0) 88#define KAUTH_EXTLOOKUP_VALID_UGUID (1<<1) 89#define KAUTH_EXTLOOKUP_VALID_USID (1<<2) 90#define KAUTH_EXTLOOKUP_VALID_GID (1<<3) 91#define KAUTH_EXTLOOKUP_VALID_GGUID (1<<4) 92#define KAUTH_EXTLOOKUP_VALID_GSID (1<<5) 93#define KAUTH_EXTLOOKUP_WANT_UID (1<<6) 94#define KAUTH_EXTLOOKUP_WANT_UGUID (1<<7) 95#define KAUTH_EXTLOOKUP_WANT_USID (1<<8) 96#define KAUTH_EXTLOOKUP_WANT_GID (1<<9) 97#define KAUTH_EXTLOOKUP_WANT_GGUID (1<<10) 98#define KAUTH_EXTLOOKUP_WANT_GSID (1<<11) 99#define KAUTH_EXTLOOKUP_WANT_MEMBERSHIP (1<<12) 100#define KAUTH_EXTLOOKUP_VALID_MEMBERSHIP (1<<13) 101#define KAUTH_EXTLOOKUP_ISMEMBER (1<<14) 102#define KAUTH_EXTLOOKUP_VALID_PWNAM (1<<15) 103#define KAUTH_EXTLOOKUP_WANT_PWNAM (1<<16) 104#define KAUTH_EXTLOOKUP_VALID_GRNAM (1<<17) 105#define KAUTH_EXTLOOKUP_WANT_GRNAM (1<<18) 106#define KAUTH_EXTLOOKUP_VALID_SUPGRPS (1<<19) 107#define KAUTH_EXTLOOKUP_WANT_SUPGRPS (1<<20) 108 109 __darwin_pid_t el_info_pid; /* request on behalf of PID */ 110 u_int64_t el_extend; /* extension field */ 111 u_int32_t el_info_reserved_1; /* reserved (APPLE) */ 112 113 uid_t el_uid; /* user ID */ 114 guid_t el_uguid; /* user GUID */ 115 u_int32_t el_uguid_valid; /* TTL on translation result (seconds) */ 116 ntsid_t el_usid; /* user NT SID */ 117 u_int32_t el_usid_valid; /* TTL on translation result (seconds) */ 118 gid_t el_gid; /* group ID */ 119 guid_t el_gguid; /* group GUID */ 120 u_int32_t el_gguid_valid; /* TTL on translation result (seconds) */ 121 ntsid_t el_gsid; /* group SID */ 122 u_int32_t el_gsid_valid; /* TTL on translation result (seconds) */ 123 u_int32_t el_member_valid; /* TTL on group lookup result */ 124 u_int32_t el_sup_grp_cnt; /* count of supplemental groups up to NGROUPS */ 125 gid_t el_sup_groups[NGROUPS_MAX]; /* supplemental group list */ 126}; 127 128struct kauth_cache_sizes { 129 u_int32_t kcs_group_size; 130 u_int32_t kcs_id_size; 131}; 132 133#define KAUTH_EXTLOOKUP_REGISTER (0) 134#define KAUTH_EXTLOOKUP_RESULT (1<<0) 135#define KAUTH_EXTLOOKUP_WORKER (1<<1) 136#define KAUTH_EXTLOOKUP_DEREGISTER (1<<2) 137#define KAUTH_GET_CACHE_SIZES (1<<3) 138#define KAUTH_SET_CACHE_SIZES (1<<4) 139#define KAUTH_CLEAR_CACHES (1<<5) 140 141 142#ifdef KERNEL 143/* 144 * Credentials. 145 */ 146 147#if 0 148/* 149 * Supplemental credential data. 150 * 151 * This interface allows us to associate arbitrary data with a credential. 152 * As with the credential, the data is considered immutable. 153 */ 154struct kauth_cred_supplement { 155 TAILQ_ENTRY(kauth_cred_supplement) kcs_link; 156 157 int kcs_ref; /* reference count */ 158 int kcs_id; /* vended identifier */ 159 size_t kcs_size; /* size of data field */ 160 char kcs_data[0]; 161}; 162 163typedef struct kauth_cred_supplement *kauth_cred_supplement_t; 164 165struct kauth_cred { 166 TAILQ_ENTRY(kauth_cred) kc_link; 167 168 int kc_ref; /* reference count */ 169 uid_t kc_uid; /* effective user id */ 170 uid_t kc_ruid; /* real user id */ 171 uid_t kc_svuid; /* saved user id */ 172 gid_t kc_gid; /* effective group id */ 173 gid_t kc_rgid; /* real group id */ 174 gid_t kc_svgid; /* saved group id */ 175 176 int kc_flags; 177#define KAUTH_CRED_GRPOVERRIDE (1<<0) /* private group list is authoritative */ 178 179 int kc_npvtgroups; /* private group list, advisory or authoritative */ 180 gid_t kc_pvtgroups[NGROUPS]; /* based on KAUTH_CRED_GRPOVERRIDE flag */ 181 182 int kc_nsuppgroups; /* supplementary group list */ 183 gid_t *kc_suppgroups; 184 185 int kc_nwhtgroups; /* whiteout group list */ 186 gid_t *kc_whtgroups; 187 188 struct au_session cr_audit; /* user auditing data */ 189 190 int kc_nsupplement; /* entry count in supplemental data pointer array */ 191 kauth_cred_supplement_t *kc_supplement; 192}; 193#else 194 195/* XXX just for now */ 196#include <sys/ucred.h> 197// typedef struct ucred *kauth_cred_t; 198#endif 199 200/* Kernel SPI for now */ 201__BEGIN_DECLS 202/* 203 * Routines specific to credentials with POSIX credential labels attached 204 * 205 * XXX Should be in policy_posix.h, with struct posix_cred 206 */ 207extern kauth_cred_t posix_cred_create(posix_cred_t pcred); 208extern posix_cred_t posix_cred_get(kauth_cred_t cred); 209extern void posix_cred_label(kauth_cred_t cred, posix_cred_t pcred); 210extern int posix_cred_access(kauth_cred_t cred, id_t object_uid, id_t object_gid, mode_t object_mode, mode_t mode_req); 211 212extern uid_t kauth_getuid(void); 213extern uid_t kauth_getruid(void); 214extern gid_t kauth_getgid(void); 215extern kauth_cred_t kauth_cred_get(void); 216extern kauth_cred_t kauth_cred_get_with_ref(void); 217extern kauth_cred_t kauth_cred_proc_ref(proc_t procp); 218extern kauth_cred_t kauth_cred_create(kauth_cred_t cred); 219extern void kauth_cred_ref(kauth_cred_t _cred); 220#ifndef __LP64__ 221/* Use kauth_cred_unref(), not kauth_cred_rele() */ 222extern void kauth_cred_rele(kauth_cred_t _cred) __deprecated; 223#endif 224extern void kauth_cred_unref(kauth_cred_t *_cred); 225 226#if CONFIG_MACF 227struct label; 228extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, struct label *label); 229extern int kauth_proc_label_update(struct proc *p, struct label *label); 230#else 231/* this is a temp hack to cover us when MAC is not built in a kernel configuration. 232 * Since we cannot build our export list based on the kernel configuration we need 233 * to define a stub. 234 */ 235extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, void *label); 236extern int kauth_proc_label_update(struct proc *p, void *label); 237#endif 238 239extern kauth_cred_t kauth_cred_find(kauth_cred_t cred); 240extern uid_t kauth_cred_getuid(kauth_cred_t _cred); 241extern uid_t kauth_cred_getruid(kauth_cred_t _cred); 242extern uid_t kauth_cred_getsvuid(kauth_cred_t _cred); 243extern gid_t kauth_cred_getgid(kauth_cred_t _cred); 244extern gid_t kauth_cred_getrgid(kauth_cred_t _cred); 245extern gid_t kauth_cred_getsvgid(kauth_cred_t _cred); 246extern int kauth_cred_pwnam2guid(char *pwnam, guid_t *guidp); 247extern int kauth_cred_grnam2guid(char *grnam, guid_t *guidp); 248extern int kauth_cred_guid2pwnam(guid_t *guidp, char *pwnam); 249extern int kauth_cred_guid2grnam(guid_t *guidp, char *grnam); 250extern int kauth_cred_guid2uid(guid_t *_guid, uid_t *_uidp); 251extern int kauth_cred_guid2gid(guid_t *_guid, gid_t *_gidp); 252extern int kauth_cred_ntsid2uid(ntsid_t *_sid, uid_t *_uidp); 253extern int kauth_cred_ntsid2gid(ntsid_t *_sid, gid_t *_gidp); 254extern int kauth_cred_ntsid2guid(ntsid_t *_sid, guid_t *_guidp); 255extern int kauth_cred_uid2guid(uid_t _uid, guid_t *_guidp); 256extern int kauth_cred_getguid(kauth_cred_t _cred, guid_t *_guidp); 257extern int kauth_cred_gid2guid(gid_t _gid, guid_t *_guidp); 258extern int kauth_cred_uid2ntsid(uid_t _uid, ntsid_t *_sidp); 259extern int kauth_cred_getntsid(kauth_cred_t _cred, ntsid_t *_sidp); 260extern int kauth_cred_gid2ntsid(gid_t _gid, ntsid_t *_sidp); 261extern int kauth_cred_guid2ntsid(guid_t *_guid, ntsid_t *_sidp); 262extern int kauth_cred_ismember_gid(kauth_cred_t _cred, gid_t _gid, int *_resultp); 263extern int kauth_cred_ismember_guid(kauth_cred_t _cred, guid_t *_guidp, int *_resultp); 264 265extern int groupmember(gid_t gid, kauth_cred_t cred); 266 267/* currently only exported in unsupported for use by seatbelt */ 268extern int kauth_cred_issuser(kauth_cred_t _cred); 269 270 271/* GUID, NTSID helpers */ 272extern guid_t kauth_null_guid; 273extern int kauth_guid_equal(guid_t *_guid1, guid_t *_guid2); 274#ifdef XNU_KERNEL_PRIVATE 275extern int kauth_ntsid_equal(ntsid_t *_sid1, ntsid_t *_sid2); 276#endif /* XNU_KERNEL_PRIVATE */ 277 278#ifdef XNU_KERNEL_PRIVATE 279extern int kauth_wellknown_guid(guid_t *_guid); 280#define KAUTH_WKG_NOT 0 /* not a well-known GUID */ 281#define KAUTH_WKG_OWNER 1 282#define KAUTH_WKG_GROUP 2 283#define KAUTH_WKG_NOBODY 3 284#define KAUTH_WKG_EVERYBODY 4 285 286extern kauth_cred_t kauth_cred_dup(kauth_cred_t cred); 287extern gid_t kauth_getrgid(void); 288extern kauth_cred_t kauth_cred_alloc(void); 289extern int cantrace(proc_t cur_procp, kauth_cred_t creds, proc_t traced_procp, int *errp); 290extern kauth_cred_t kauth_cred_copy_real(kauth_cred_t cred); 291extern kauth_cred_t kauth_cred_setresuid(kauth_cred_t cred, uid_t ruid, uid_t euid, uid_t svuid, uid_t gmuid); 292extern kauth_cred_t kauth_cred_setresgid(kauth_cred_t cred, gid_t rgid, gid_t egid, gid_t svgid); 293extern kauth_cred_t kauth_cred_setuidgid(kauth_cred_t cred, uid_t uid, gid_t gid); 294extern kauth_cred_t kauth_cred_setsvuidgid(kauth_cred_t cred, uid_t uid, gid_t gid); 295extern kauth_cred_t kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, int groupcount, uid_t gmuid); 296struct uthread; 297extern void kauth_cred_uthread_update(struct uthread *, proc_t); 298#ifdef CONFIG_MACF 299extern void kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, off_t offset, struct vnode *scriptvp, struct label *scriptlabel, struct label *execlabel, unsigned int *csflags, void *psattr, int *disjoint, int *update_return); 300#endif 301extern int kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, int *_groupcount); 302extern int kauth_cred_assume(uid_t _uid); 303extern int kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp); 304struct auditinfo_addr; 305extern kauth_cred_t kauth_cred_setauditinfo(kauth_cred_t, au_session_t *); 306extern int kauth_cred_supplementary_register(const char *name, int *ident); 307extern int kauth_cred_supplementary_add(kauth_cred_t cred, int ident, const void *data, size_t datasize); 308extern int kauth_cred_supplementary_remove(kauth_cred_t cred, int ident); 309 310#endif /* XNU_KERNEL_PRIVATE */ 311__END_DECLS 312 313#endif /* KERNEL */ 314 315/* 316 * Generic Access Control Lists. 317 */ 318#if defined(KERNEL) || defined (_SYS_ACL_H) 319 320typedef u_int32_t kauth_ace_rights_t; 321 322/* Access Control List Entry (ACE) */ 323struct kauth_ace { 324 guid_t ace_applicable; 325 u_int32_t ace_flags; 326#define KAUTH_ACE_KINDMASK 0xf 327#define KAUTH_ACE_PERMIT 1 328#define KAUTH_ACE_DENY 2 329#define KAUTH_ACE_AUDIT 3 /* not implemented */ 330#define KAUTH_ACE_ALARM 4 /* not implemented */ 331#define KAUTH_ACE_INHERITED (1<<4) 332#define KAUTH_ACE_FILE_INHERIT (1<<5) 333#define KAUTH_ACE_DIRECTORY_INHERIT (1<<6) 334#define KAUTH_ACE_LIMIT_INHERIT (1<<7) 335#define KAUTH_ACE_ONLY_INHERIT (1<<8) 336#define KAUTH_ACE_SUCCESS (1<<9) /* not implemented (AUDIT/ALARM) */ 337#define KAUTH_ACE_FAILURE (1<<10) /* not implemented (AUDIT/ALARM) */ 338/* All flag bits controlling ACE inheritance */ 339#define KAUTH_ACE_INHERIT_CONTROL_FLAGS \ 340 (KAUTH_ACE_FILE_INHERIT | \ 341 KAUTH_ACE_DIRECTORY_INHERIT | \ 342 KAUTH_ACE_LIMIT_INHERIT | \ 343 KAUTH_ACE_ONLY_INHERIT) 344 kauth_ace_rights_t ace_rights; /* scope specific */ 345 /* These rights are never tested, but may be present in an ACL */ 346#define KAUTH_ACE_GENERIC_ALL (1<<21) 347#define KAUTH_ACE_GENERIC_EXECUTE (1<<22) 348#define KAUTH_ACE_GENERIC_WRITE (1<<23) 349#define KAUTH_ACE_GENERIC_READ (1<<24) 350 351}; 352 353#ifndef _KAUTH_ACE 354#define _KAUTH_ACE 355typedef struct kauth_ace *kauth_ace_t; 356#endif 357 358 359/* Access Control List */ 360struct kauth_acl { 361 u_int32_t acl_entrycount; 362 u_int32_t acl_flags; 363 364 struct kauth_ace acl_ace[1]; 365}; 366 367/* 368 * XXX this value needs to be raised - 3893388 369 */ 370#define KAUTH_ACL_MAX_ENTRIES 128 371 372/* 373 * The low 16 bits of the flags field are reserved for filesystem 374 * internal use and must be preserved by all APIs. This includes 375 * round-tripping flags through user-space interfaces. 376 */ 377#define KAUTH_ACL_FLAGS_PRIVATE (0xffff) 378 379/* 380 * The high 16 bits of the flags are used to store attributes and 381 * to request specific handling of the ACL. 382 */ 383 384/* inheritance will be deferred until the first rename operation */ 385#define KAUTH_ACL_DEFER_INHERIT (1<<16) 386/* this ACL must not be overwritten as part of an inheritance operation */ 387#define KAUTH_ACL_NO_INHERIT (1<<17) 388 389/* acl_entrycount that tells us the ACL is not valid */ 390#define KAUTH_FILESEC_NOACL ((u_int32_t)(-1)) 391 392/* 393 * If the acl_entrycount field is KAUTH_FILESEC_NOACL, then the size is the 394 * same as a kauth_acl structure; the intent is to put an actual entrycount of 395 * KAUTH_FILESEC_NOACL on disk to distinguish a kauth_filesec_t with an empty 396 * entry (Windows treats this as "deny all") from one that merely indicates a 397 * file group and/or owner guid values. 398 */ 399#define KAUTH_ACL_SIZE(c) (__offsetof(struct kauth_acl, acl_ace) + ((u_int32_t)(c) != KAUTH_FILESEC_NOACL ? ((c) * sizeof(struct kauth_ace)) : 0)) 400#define KAUTH_ACL_COPYSIZE(p) KAUTH_ACL_SIZE((p)->acl_entrycount) 401 402 403#ifndef _KAUTH_ACL 404#define _KAUTH_ACL 405typedef struct kauth_acl *kauth_acl_t; 406#endif 407 408#ifdef KERNEL 409__BEGIN_DECLS 410kauth_acl_t kauth_acl_alloc(int size); 411void kauth_acl_free(kauth_acl_t fsp); 412__END_DECLS 413#endif 414 415 416/* 417 * Extended File Security. 418 */ 419 420/* File Security information */ 421struct kauth_filesec { 422 u_int32_t fsec_magic; 423#define KAUTH_FILESEC_MAGIC 0x012cc16d 424 guid_t fsec_owner; 425 guid_t fsec_group; 426 427 struct kauth_acl fsec_acl; 428}; 429 430/* backwards compatibility */ 431#define fsec_entrycount fsec_acl.acl_entrycount 432#define fsec_flags fsec_acl.acl_flags 433#define fsec_ace fsec_acl.acl_ace 434#define KAUTH_FILESEC_FLAGS_PRIVATE KAUTH_ACL_FLAGS_PRIVATE 435#define KAUTH_FILESEC_DEFER_INHERIT KAUTH_ACL_DEFER_INHERIT 436#define KAUTH_FILESEC_NO_INHERIT KAUTH_ACL_NO_INHERIT 437#define KAUTH_FILESEC_NONE ((kauth_filesec_t)0) 438#define KAUTH_FILESEC_WANTED ((kauth_filesec_t)1) 439 440#ifndef _KAUTH_FILESEC 441#define _KAUTH_FILESEC 442typedef struct kauth_filesec *kauth_filesec_t; 443#endif 444 445#define KAUTH_FILESEC_SIZE(c) (__offsetof(struct kauth_filesec, fsec_acl) + __offsetof(struct kauth_acl, acl_ace) + (c) * sizeof(struct kauth_ace)) 446#define KAUTH_FILESEC_COPYSIZE(p) KAUTH_FILESEC_SIZE(((p)->fsec_entrycount == KAUTH_FILESEC_NOACL) ? 0 : (p)->fsec_entrycount) 447#define KAUTH_FILESEC_COUNT(s) (((s) - KAUTH_FILESEC_SIZE(0)) / sizeof(struct kauth_ace)) 448#define KAUTH_FILESEC_VALID(s) ((s) >= KAUTH_FILESEC_SIZE(0) && (((s) - KAUTH_FILESEC_SIZE(0)) % sizeof(struct kauth_ace)) == 0) 449 450#define KAUTH_FILESEC_XATTR "com.apple.system.Security" 451 452/* Allowable first arguments to kauth_filesec_acl_setendian() */ 453#define KAUTH_ENDIAN_HOST 0x00000001 /* set host endianness */ 454#define KAUTH_ENDIAN_DISK 0x00000002 /* set disk endianness */ 455 456#endif /* KERNEL || <sys/acl.h> */ 457 458 459#ifdef KERNEL 460 461 462/* 463 * Scope management. 464 */ 465struct kauth_scope; 466typedef struct kauth_scope *kauth_scope_t; 467struct kauth_listener; 468typedef struct kauth_listener *kauth_listener_t; 469#ifndef _KAUTH_ACTION_T 470typedef int kauth_action_t; 471# define _KAUTH_ACTION_T 472#endif 473 474typedef int (* kauth_scope_callback_t)(kauth_cred_t _credential, 475 void *_idata, 476 kauth_action_t _action, 477 uintptr_t _arg0, 478 uintptr_t _arg1, 479 uintptr_t _arg2, 480 uintptr_t _arg3); 481 482#define KAUTH_RESULT_ALLOW (1) 483#define KAUTH_RESULT_DENY (2) 484#define KAUTH_RESULT_DEFER (3) 485 486struct kauth_acl_eval { 487 kauth_ace_t ae_acl; 488 int ae_count; 489 kauth_ace_rights_t ae_requested; 490 kauth_ace_rights_t ae_residual; 491 int ae_result; 492 boolean_t ae_found_deny; 493 int ae_options; 494#define KAUTH_AEVAL_IS_OWNER (1<<0) /* authorizing operation for owner */ 495#define KAUTH_AEVAL_IN_GROUP (1<<1) /* authorizing operation for groupmember */ 496#define KAUTH_AEVAL_IN_GROUP_UNKNOWN (1<<2) /* authorizing operation for unknown group membership */ 497 /* expansions for 'generic' rights bits */ 498 kauth_ace_rights_t ae_exp_gall; 499 kauth_ace_rights_t ae_exp_gread; 500 kauth_ace_rights_t ae_exp_gwrite; 501 kauth_ace_rights_t ae_exp_gexec; 502}; 503 504typedef struct kauth_acl_eval *kauth_acl_eval_t; 505 506__BEGIN_DECLS 507kauth_filesec_t kauth_filesec_alloc(int size); 508void kauth_filesec_free(kauth_filesec_t fsp); 509extern kauth_scope_t kauth_register_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata); 510extern void kauth_deregister_scope(kauth_scope_t _scope); 511extern kauth_listener_t kauth_listen_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata); 512extern void kauth_unlisten_scope(kauth_listener_t _scope); 513extern int kauth_authorize_action(kauth_scope_t _scope, kauth_cred_t _credential, kauth_action_t _action, 514 uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3); 515 516/* default scope handlers */ 517extern int kauth_authorize_allow(kauth_cred_t _credential, void *_idata, kauth_action_t _action, 518 uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3); 519 520 521#ifdef XNU_KERNEL_PRIVATE 522void kauth_filesec_acl_setendian(int, kauth_filesec_t, kauth_acl_t); 523int kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp); 524extern int kauth_acl_evaluate(kauth_cred_t _credential, kauth_acl_eval_t _eval); 525extern int kauth_acl_inherit(vnode_t _dvp, kauth_acl_t _initial, kauth_acl_t *_product, int _isdir, vfs_context_t _ctx); 526 527#endif /* XNU_KERNEL_PRIVATE */ 528 529 530__END_DECLS 531 532/* 533 * Generic scope. 534 */ 535#define KAUTH_SCOPE_GENERIC "com.apple.kauth.generic" 536 537/* Actions */ 538#define KAUTH_GENERIC_ISSUSER 1 539 540#ifdef XNU_KERNEL_PRIVATE 541__BEGIN_DECLS 542extern int kauth_authorize_generic(kauth_cred_t credential, kauth_action_t action); 543__END_DECLS 544#endif /* XNU_KERNEL_PRIVATE */ 545 546/* 547 * Process/task scope. 548 */ 549#define KAUTH_SCOPE_PROCESS "com.apple.kauth.process" 550 551/* Actions */ 552#define KAUTH_PROCESS_CANSIGNAL 1 553#define KAUTH_PROCESS_CANTRACE 2 554 555__BEGIN_DECLS 556extern int kauth_authorize_process(kauth_cred_t _credential, kauth_action_t _action, 557 struct proc *_process, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3); 558__END_DECLS 559 560/* 561 * Vnode operation scope. 562 * 563 * Prototype for vnode_authorize is in vnode.h 564 */ 565#define KAUTH_SCOPE_VNODE "com.apple.kauth.vnode" 566 567/* 568 * File system operation scope. 569 * 570 */ 571#define KAUTH_SCOPE_FILEOP "com.apple.kauth.fileop" 572 573/* Actions */ 574#define KAUTH_FILEOP_OPEN 1 575#define KAUTH_FILEOP_CLOSE 2 576#define KAUTH_FILEOP_RENAME 3 577#define KAUTH_FILEOP_EXCHANGE 4 578#define KAUTH_FILEOP_LINK 5 579#define KAUTH_FILEOP_EXEC 6 580#define KAUTH_FILEOP_DELETE 7 581 582/* 583 * arguments passed to KAUTH_FILEOP_OPEN listeners 584 * arg0 is pointer to vnode (vnode *) for given user path. 585 * arg1 is pointer to path (char *) passed in to open. 586 * arguments passed to KAUTH_FILEOP_CLOSE listeners 587 * arg0 is pointer to vnode (vnode *) for file to be closed. 588 * arg1 is pointer to path (char *) of file to be closed. 589 * arg2 is close flags. 590 * arguments passed to KAUTH_FILEOP_RENAME listeners 591 * arg0 is pointer to "from" path (char *). 592 * arg1 is pointer to "to" path (char *). 593 * arguments passed to KAUTH_FILEOP_EXCHANGE listeners 594 * arg0 is pointer to file 1 path (char *). 595 * arg1 is pointer to file 2 path (char *). 596 * arguments passed to KAUTH_FILEOP_LINK listeners 597 * arg0 is pointer to path to file we are linking to (char *). 598 * arg1 is pointer to path to the new link file (char *). 599 * arguments passed to KAUTH_FILEOP_EXEC listeners 600 * arg0 is pointer to vnode (vnode *) for executable. 601 * arg1 is pointer to path (char *) to executable. 602 * arguments passed to KAUTH_FILEOP_DELETE listeners 603 * arg0 is pointer to vnode (vnode *) of file/dir that was deleted. 604 * arg1 is pointer to path (char *) of file/dir that was deleted. 605 */ 606 607/* Flag values returned to close listeners. */ 608#define KAUTH_FILEOP_CLOSE_MODIFIED (1<<1) 609 610__BEGIN_DECLS 611#ifdef XNU_KERNEL_PRIVATE 612extern int kauth_authorize_fileop_has_listeners(void); 613#endif /* XNU_KERNEL_PRIVATE */ 614extern int kauth_authorize_fileop(kauth_cred_t _credential, kauth_action_t _action, 615 uintptr_t _arg0, uintptr_t _arg1); 616__END_DECLS 617 618#endif /* KERNEL */ 619 620/* Actions, also rights bits in an ACE */ 621 622#if defined(KERNEL) || defined (_SYS_ACL_H) 623#define KAUTH_VNODE_READ_DATA (1<<1) 624#define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA 625#define KAUTH_VNODE_WRITE_DATA (1<<2) 626#define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA 627#define KAUTH_VNODE_EXECUTE (1<<3) 628#define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE 629#define KAUTH_VNODE_DELETE (1<<4) 630#define KAUTH_VNODE_APPEND_DATA (1<<5) 631#define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA 632#define KAUTH_VNODE_DELETE_CHILD (1<<6) 633#define KAUTH_VNODE_READ_ATTRIBUTES (1<<7) 634#define KAUTH_VNODE_WRITE_ATTRIBUTES (1<<8) 635#define KAUTH_VNODE_READ_EXTATTRIBUTES (1<<9) 636#define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1<<10) 637#define KAUTH_VNODE_READ_SECURITY (1<<11) 638#define KAUTH_VNODE_WRITE_SECURITY (1<<12) 639#define KAUTH_VNODE_TAKE_OWNERSHIP (1<<13) 640 641/* backwards compatibility only */ 642#define KAUTH_VNODE_CHANGE_OWNER KAUTH_VNODE_TAKE_OWNERSHIP 643 644/* For Windows interoperability only */ 645#define KAUTH_VNODE_SYNCHRONIZE (1<<20) 646 647/* (1<<21) - (1<<24) are reserved for generic rights bits */ 648 649/* Actions not expressed as rights bits */ 650/* 651 * Authorizes the vnode as the target of a hard link. 652 */ 653#define KAUTH_VNODE_LINKTARGET (1<<25) 654 655/* 656 * Indicates that other steps have been taken to authorise the action, 657 * but authorisation should be denied for immutable objects. 658 */ 659#define KAUTH_VNODE_CHECKIMMUTABLE (1<<26) 660 661/* Action modifiers */ 662/* 663 * The KAUTH_VNODE_ACCESS bit is passed to the callback if the authorisation 664 * request in progress is advisory, rather than authoritative. Listeners 665 * performing consequential work (i.e. not strictly checking authorisation) 666 * may test this flag to avoid performing unnecessary work. 667 * 668 * This bit will never be present in an ACE. 669 */ 670#define KAUTH_VNODE_ACCESS (1<<31) 671 672/* 673 * The KAUTH_VNODE_NOIMMUTABLE bit is passed to the callback along with the 674 * KAUTH_VNODE_WRITE_SECURITY bit (and no others) to indicate that the 675 * caller wishes to change one or more of the immutable flags, and the 676 * state of these flags should not be considered when authorizing the request. 677 * The system immutable flags are only ignored when the system securelevel 678 * is low enough to allow their removal. 679 */ 680#define KAUTH_VNODE_NOIMMUTABLE (1<<30) 681 682 683/* 684 * fake right that is composed by the following... 685 * vnode must have search for owner, group and world allowed 686 * plus there must be no deny modes present for SEARCH... this fake 687 * right is used by the fast lookup path to avoid checking 688 * for an exact match on the last credential to lookup 689 * the component being acted on 690 */ 691#define KAUTH_VNODE_SEARCHBYANYONE (1<<29) 692 693 694/* 695 * when passed as an 'action' to "vnode_uncache_authorized_actions" 696 * it indicates that all of the cached authorizations for that 697 * vnode should be invalidated 698 */ 699#define KAUTH_INVALIDATE_CACHED_RIGHTS ((kauth_action_t)~0) 700 701 702 703/* The expansions of the GENERIC bits at evaluation time */ 704#define KAUTH_VNODE_GENERIC_READ_BITS (KAUTH_VNODE_READ_DATA | \ 705 KAUTH_VNODE_READ_ATTRIBUTES | \ 706 KAUTH_VNODE_READ_EXTATTRIBUTES | \ 707 KAUTH_VNODE_READ_SECURITY) 708 709#define KAUTH_VNODE_GENERIC_WRITE_BITS (KAUTH_VNODE_WRITE_DATA | \ 710 KAUTH_VNODE_APPEND_DATA | \ 711 KAUTH_VNODE_DELETE | \ 712 KAUTH_VNODE_DELETE_CHILD | \ 713 KAUTH_VNODE_WRITE_ATTRIBUTES | \ 714 KAUTH_VNODE_WRITE_EXTATTRIBUTES | \ 715 KAUTH_VNODE_WRITE_SECURITY) 716 717#define KAUTH_VNODE_GENERIC_EXECUTE_BITS (KAUTH_VNODE_EXECUTE) 718 719#define KAUTH_VNODE_GENERIC_ALL_BITS (KAUTH_VNODE_GENERIC_READ_BITS | \ 720 KAUTH_VNODE_GENERIC_WRITE_BITS | \ 721 KAUTH_VNODE_GENERIC_EXECUTE_BITS) 722 723/* 724 * Some sets of bits, defined here for convenience. 725 */ 726#define KAUTH_VNODE_WRITE_RIGHTS (KAUTH_VNODE_ADD_FILE | \ 727 KAUTH_VNODE_ADD_SUBDIRECTORY | \ 728 KAUTH_VNODE_DELETE_CHILD | \ 729 KAUTH_VNODE_WRITE_DATA | \ 730 KAUTH_VNODE_APPEND_DATA | \ 731 KAUTH_VNODE_DELETE | \ 732 KAUTH_VNODE_WRITE_ATTRIBUTES | \ 733 KAUTH_VNODE_WRITE_EXTATTRIBUTES | \ 734 KAUTH_VNODE_WRITE_SECURITY | \ 735 KAUTH_VNODE_TAKE_OWNERSHIP | \ 736 KAUTH_VNODE_LINKTARGET | \ 737 KAUTH_VNODE_CHECKIMMUTABLE) 738 739 740#endif /* KERNEL || <sys/acl.h> */ 741 742#ifdef KERNEL 743#include <sys/lock.h> /* lck_grp_t */ 744 745/* 746 * Debugging 747 * 748 * XXX this wouldn't be necessary if we had a *real* debug-logging system. 749 */ 750#if 0 751# ifndef _FN_KPRINTF 752# define _FN_KPRINTF 753void kprintf(const char *fmt, ...); 754# endif /* !_FN_KPRINTF */ 755# define KAUTH_DEBUG_ENABLE 756# define K_UUID_FMT "%08x:%08x:%08x:%08x" 757# define K_UUID_ARG(_u) *(int *)&_u.g_guid[0],*(int *)&_u.g_guid[4],*(int *)&_u.g_guid[8],*(int *)&_u.g_guid[12] 758# define KAUTH_DEBUG(fmt, args...) do { kprintf("%s:%d: " fmt "\n", __PRETTY_FUNCTION__, __LINE__ , ##args); } while (0) 759# define KAUTH_DEBUG_CTX(_c) KAUTH_DEBUG("p = %p c = %p", _c->vc_proc, _c->vc_ucred) 760# define VFS_DEBUG(_ctx, _vp, fmt, args...) \ 761 do { \ 762 kprintf("%p '%s' %s:%d " fmt "\n", \ 763 _ctx, \ 764 (_vp != NULL && _vp->v_name != NULL) ? _vp->v_name : "????", \ 765 __PRETTY_FUNCTION__, __LINE__ , \ 766 ##args); \ 767 } while(0) 768#else /* !0 */ 769# define KAUTH_DEBUG(fmt, args...) do { } while (0) 770# define VFS_DEBUG(ctx, vp, fmt, args...) do { } while(0) 771#endif /* !0 */ 772 773/* 774 * Initialisation. 775 */ 776extern lck_grp_t *kauth_lck_grp; 777#ifdef XNU_KERNEL_PRIVATE 778__BEGIN_DECLS 779extern void kauth_init(void); 780extern void kauth_cred_init(void); 781#if CONFIG_EXT_RESOLVER 782extern void kauth_identity_init(void); 783extern void kauth_groups_init(void); 784extern void kauth_resolver_init(void); 785#endif 786__END_DECLS 787#endif /* XNU_KERNEL_PRIVATE */ 788 789#endif /* KERNEL */ 790 791#endif /* __APPLE_API_EVOLVING */ 792#endif /* _SYS_KAUTH_H */ 793