1 /*
2 * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @OSF_COPYRIGHT@
30 */
31 /*
32 * Mach Operating System
33 * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or [email protected]
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
56 /*
57 * NOTICE: This file was modified by McAfee Research in 2004 to introduce
58 * support for mandatory and extensible security protections. This notice
59 * is included in support of clause 2.2 (b) of the Apple Public License,
60 * Version 2.0.
61 */
62 /*
63 */
64 /*
65 * File: mach/port.h
66 *
67 * Definition of a Mach port
68 *
69 * Mach ports are the endpoints to Mach-implemented communications
70 * channels (usually uni-directional message queues, but other types
71 * also exist).
72 *
73 * Unique collections of these endpoints are maintained for each
74 * Mach task. Each Mach port in the task's collection is given a
75 * [task-local] name to identify it - and the the various "rights"
76 * held by the task for that specific endpoint.
77 *
78 * This header defines the types used to identify these Mach ports
79 * and the various rights associated with them. For more info see:
80 *
81 * <mach/mach_port.h> - manipulation of port rights in a given space
82 * <mach/message.h> - message queue [and port right passing] mechanism
83 *
84 */
85
86 #ifndef _MACH_PORT_H_
87 #define _MACH_PORT_H_
88
89 #include <sys/cdefs.h>
90 #include <stdint.h>
91 #include <mach/boolean.h>
92 #include <mach/machine/vm_types.h>
93
94 /*
95 * mach_port_name_t - the local identity for a Mach port
96 *
97 * The name is Mach port namespace specific. It is used to
98 * identify the rights held for that port by the task whose
99 * namespace is implied [or specifically provided].
100 *
101 * Use of this type usually implies just a name - no rights.
102 * See mach_port_t for a type that implies a "named right."
103 *
104 */
105
106 typedef natural_t mach_port_name_t;
107 typedef mach_port_name_t *mach_port_name_array_t;
108
109 #ifdef KERNEL
110
111 /*
112 * mach_port_t - a named port right
113 *
114 * In the kernel, "rights" are represented [named] by pointers to
115 * the ipc port object in question. There is no port namespace for the
116 * rights to be collected.
117 *
118 * Actually, there is namespace for the kernel task. But most kernel
119 * code - including, but not limited to, Mach IPC code - lives in the
120 * limbo between the current user-level task and the "next" task. Very
121 * little of the kernel code runs in full kernel task context. So very
122 * little of it gets to use the kernel task's port name space.
123 *
124 * Because of this implementation approach, all in-kernel rights for
125 * a given port coalesce [have the same name/pointer]. The actual
126 * references are counted in the port itself. It is up to the kernel
127 * code in question to "just remember" how many [and what type of]
128 * rights it holds and handle them appropriately.
129 *
130 */
131
132 #ifndef MACH_KERNEL_PRIVATE
133 /*
134 * For kernel code that resides outside of Mach proper, we opaque the
135 * port structure definition.
136 */
137 struct ipc_port;
138
139 #endif /* MACH_KERNEL_PRIVATE */
140
141 typedef struct ipc_port *ipc_port_t;
142
143 #define IPC_PORT_NULL __unsafe_forge_single(ipc_port_t, NULL)
144 #define IPC_PORT_DEAD __unsafe_forge_single(ipc_port_t, ~0UL)
145 #define IPC_PORT_VALID(port) ipc_port_valid(port)
146
147 static inline boolean_t
ipc_port_valid(ipc_port_t port)148 ipc_port_valid(ipc_port_t port)
149 {
150 return port != IPC_PORT_DEAD && port;
151 }
152
153 typedef ipc_port_t mach_port_t;
154
155 /*
156 * Since the 32-bit and 64-bit representations of ~0 are different,
157 * explicitly handle MACH_PORT_DEAD
158 */
159
160 #define CAST_MACH_PORT_TO_NAME(x) ((mach_port_name_t)(uintptr_t)(x))
161 #define CAST_MACH_NAME_TO_PORT(x) ((x) == MACH_PORT_DEAD ? (mach_port_t)IPC_PORT_DEAD : (mach_port_t)(uintptr_t)(x))
162
163 #else /* KERNEL */
164
165 /*
166 * mach_port_t - a named port right
167 *
168 * In user-space, "rights" are represented by the name of the
169 * right in the Mach port namespace. Even so, this type is
170 * presented as a unique one to more clearly denote the presence
171 * of a right coming along with the name.
172 *
173 * Often, various rights for a port held in a single name space
174 * will coalesce and are, therefore, be identified by a single name
175 * [this is the case for send and receive rights]. But not
176 * always [send-once rights currently get a unique name for
177 * each right].
178 *
179 */
180
181 #include <sys/_types.h>
182 #include <sys/_types/_mach_port_t.h>
183
184 #endif /* KERNEL */
185
186 typedef mach_port_t *mach_port_array_t;
187
188 /*
189 * MACH_PORT_NULL is a legal value that can be carried in messages.
190 * It indicates the absence of any port or port rights. (A port
191 * argument keeps the message from being "simple", even if the
192 * value is MACH_PORT_NULL.) The value MACH_PORT_DEAD is also a legal
193 * value that can be carried in messages. It indicates
194 * that a port right was present, but it died.
195 */
196
197 #if defined(XNU_KERNEL_PRIVATE) && defined(__cplusplus)
198 #define MACH_PORT_NULL NULL
199 #else
200 #define MACH_PORT_NULL 0 /* intentional loose typing */
201 #endif
202 #define MACH_PORT_DEAD ((mach_port_name_t) ~0)
203 #if MACH_KERNEL_PRIVATE
204 #define MACH_PORT_SPECIAL_DEFAULT ((mach_port_name_t)1)
205 #endif /* MACH_KERNEL_PRIVATE */
206 #define MACH_PORT_VALID(name) \
207 (((name) != MACH_PORT_NULL) && \
208 ((name) != MACH_PORT_DEAD))
209
210
211 /*
212 * For kernel-selected [assigned] port names, the name is
213 * comprised of two parts: a generation number and an index.
214 * This approach keeps the exact same name from being generated
215 * and reused too quickly [to catch right/reference counting bugs].
216 * The dividing line between the constituent parts is exposed so
217 * that efficient "mach_port_name_t to data structure pointer"
218 * conversion implementation can be made. But it is possible
219 * for user-level code to assign their own names to Mach ports.
220 * These are not required to participate in this algorithm. So
221 * care should be taken before "assuming" this model.
222 *
223 */
224
225 #ifndef NO_PORT_GEN
226
227 #define MACH_PORT_INDEX(name) ((name) >> 8)
228 #define MACH_PORT_GEN(name) (((name) & 0xff) << 24)
229 #define MACH_PORT_MAKE(index, gen) \
230 (((index) << 8) | (gen) >> 24)
231
232 #else /* NO_PORT_GEN */
233
234 #define MACH_PORT_INDEX(name) (name)
235 #define MACH_PORT_GEN(name) (0)
236 #define MACH_PORT_MAKE(index, gen) (index)
237
238 #endif /* NO_PORT_GEN */
239
240
241 /*
242 * These are the different rights a task may have for a port.
243 * The MACH_PORT_RIGHT_* definitions are used as arguments
244 * to mach_port_allocate, mach_port_get_refs, etc, to specify
245 * a particular right to act upon. The mach_port_names and
246 * mach_port_type calls return bitmasks using the MACH_PORT_TYPE_*
247 * definitions. This is because a single name may denote
248 * multiple rights.
249 */
250
251 typedef natural_t mach_port_right_t;
252
253 #define MACH_PORT_RIGHT_SEND ((mach_port_right_t) 0)
254 #define MACH_PORT_RIGHT_RECEIVE ((mach_port_right_t) 1)
255 #define MACH_PORT_RIGHT_SEND_ONCE ((mach_port_right_t) 2)
256 #define MACH_PORT_RIGHT_PORT_SET ((mach_port_right_t) 3)
257 #define MACH_PORT_RIGHT_DEAD_NAME ((mach_port_right_t) 4)
258 #define MACH_PORT_RIGHT_LABELH ((mach_port_right_t) 5) /* obsolete right */
259 #define MACH_PORT_RIGHT_NUMBER ((mach_port_right_t) 6) /* right not implemented */
260
261 #ifdef MACH_KERNEL_PRIVATE
262 #define MACH_PORT_RIGHT_VALID_TRANSLATE(right) \
263 ((right) >= MACH_PORT_RIGHT_SEND && (right) <= MACH_PORT_RIGHT_DEAD_NAME)
264 #endif
265
266 typedef natural_t mach_port_type_t;
267 typedef mach_port_type_t *mach_port_type_array_t;
268
269 #define MACH_PORT_TYPE(right) \
270 ((mach_port_type_t)(((mach_port_type_t) 1) \
271 << ((right) + ((mach_port_right_t) 16))))
272 #define MACH_PORT_TYPE_NONE ((mach_port_type_t) 0L)
273 #define MACH_PORT_TYPE_SEND MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND)
274 #define MACH_PORT_TYPE_RECEIVE MACH_PORT_TYPE(MACH_PORT_RIGHT_RECEIVE)
275 #define MACH_PORT_TYPE_SEND_ONCE MACH_PORT_TYPE(MACH_PORT_RIGHT_SEND_ONCE)
276 #define MACH_PORT_TYPE_PORT_SET MACH_PORT_TYPE(MACH_PORT_RIGHT_PORT_SET)
277 #define MACH_PORT_TYPE_DEAD_NAME MACH_PORT_TYPE(MACH_PORT_RIGHT_DEAD_NAME)
278 #define MACH_PORT_TYPE_LABELH MACH_PORT_TYPE(MACH_PORT_RIGHT_LABELH) /* obsolete */
279
280 #ifdef MACH_KERNEL_PRIVATE
281 /* Holder used to have a receive right - remembered to filter exceptions */
282 #define MACH_PORT_TYPE_EX_RECEIVE MACH_PORT_TYPE_LABELH
283 #endif
284
285 /* Convenient combinations. */
286
287 #define MACH_PORT_TYPE_SEND_RECEIVE \
288 (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_RECEIVE)
289 #define MACH_PORT_TYPE_SEND_RIGHTS \
290 (MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_SEND_ONCE)
291 #define MACH_PORT_TYPE_PORT_RIGHTS \
292 (MACH_PORT_TYPE_SEND_RIGHTS|MACH_PORT_TYPE_RECEIVE)
293 #define MACH_PORT_TYPE_PORT_OR_DEAD \
294 (MACH_PORT_TYPE_PORT_RIGHTS|MACH_PORT_TYPE_DEAD_NAME)
295 #define MACH_PORT_TYPE_ALL_RIGHTS \
296 (MACH_PORT_TYPE_PORT_OR_DEAD|MACH_PORT_TYPE_PORT_SET)
297
298 /* Dummy type bits that mach_port_type/mach_port_names can return. */
299
300 #define MACH_PORT_TYPE_DNREQUEST 0x80000000
301 #define MACH_PORT_TYPE_SPREQUEST 0x40000000
302 #define MACH_PORT_TYPE_SPREQUEST_DELAYED 0x20000000
303
304 /* User-references for capabilities. */
305
306 typedef natural_t mach_port_urefs_t;
307 typedef integer_t mach_port_delta_t; /* change in urefs */
308
309 /* Attributes of ports. (See mach_port_get_receive_status.) */
310
311 typedef natural_t mach_port_seqno_t; /* sequence number */
312 typedef natural_t mach_port_mscount_t; /* make-send count */
313 typedef natural_t mach_port_msgcount_t; /* number of msgs */
314 typedef natural_t mach_port_rights_t; /* number of rights */
315
316 /*
317 * Are there outstanding send rights for a given port?
318 */
319 #define MACH_PORT_SRIGHTS_NONE 0 /* no srights */
320 #define MACH_PORT_SRIGHTS_PRESENT 1 /* srights */
321 typedef unsigned int mach_port_srights_t; /* status of send rights */
322
323 typedef struct mach_port_status {
324 mach_port_rights_t mps_pset; /* count of containing port sets */
325 mach_port_seqno_t mps_seqno; /* sequence number */
326 mach_port_mscount_t mps_mscount; /* make-send count */
327 mach_port_msgcount_t mps_qlimit; /* queue limit */
328 mach_port_msgcount_t mps_msgcount; /* number in the queue */
329 mach_port_rights_t mps_sorights; /* how many send-once rights */
330 boolean_t mps_srights; /* do send rights exist? */
331 boolean_t mps_pdrequest; /* port-deleted requested? */
332 boolean_t mps_nsrequest; /* no-senders requested? */
333 natural_t mps_flags; /* port flags */
334 } mach_port_status_t;
335
336 /* System-wide values for setting queue limits on a port */
337 #define MACH_PORT_QLIMIT_ZERO (0)
338 #define MACH_PORT_QLIMIT_BASIC (5)
339 #define MACH_PORT_QLIMIT_SMALL (16)
340 #define MACH_PORT_QLIMIT_LARGE (1024)
341 #define MACH_PORT_QLIMIT_KERNEL (65534)
342 #define MACH_PORT_QLIMIT_MIN MACH_PORT_QLIMIT_ZERO
343 #define MACH_PORT_QLIMIT_DEFAULT MACH_PORT_QLIMIT_BASIC
344 #define MACH_PORT_QLIMIT_MAX MACH_PORT_QLIMIT_LARGE
345
346 typedef struct mach_port_limits {
347 mach_port_msgcount_t mpl_qlimit; /* number of msgs */
348 } mach_port_limits_t;
349
350 /* Possible values for mps_flags (part of mach_port_status_t) */
351 #define MACH_PORT_STATUS_FLAG_TEMPOWNER 0x01
352 #define MACH_PORT_STATUS_FLAG_GUARDED 0x02
353 #define MACH_PORT_STATUS_FLAG_STRICT_GUARD 0x04
354 #define MACH_PORT_STATUS_FLAG_IMP_DONATION 0x08
355 #define MACH_PORT_STATUS_FLAG_REVIVE 0x10
356 #define MACH_PORT_STATUS_FLAG_TASKPTR 0x20
357 #define MACH_PORT_STATUS_FLAG_GUARD_IMMOVABLE_RECEIVE 0x40
358 #define MACH_PORT_STATUS_FLAG_NO_GRANT 0x80
359
360 typedef struct mach_port_info_ext {
361 mach_port_status_t mpie_status;
362 mach_port_msgcount_t mpie_boost_cnt;
363 uint32_t reserved[6];
364 } mach_port_info_ext_t;
365
366 typedef struct mach_port_guard_info {
367 uint64_t mpgi_guard; /* guard value */
368 } mach_port_guard_info_t;
369
370 typedef integer_t *mach_port_info_t; /* varying array of natural_t */
371
372 /* Flavors for mach_port_get/set/assert_attributes() */
373 typedef int mach_port_flavor_t;
374 #define MACH_PORT_LIMITS_INFO 1 /* uses mach_port_limits_t */
375 #define MACH_PORT_RECEIVE_STATUS 2 /* uses mach_port_status_t */
376 #define MACH_PORT_DNREQUESTS_SIZE 3 /* info is int */
377 #define MACH_PORT_TEMPOWNER 4 /* indicates receive right will be reassigned to another task */
378 #define MACH_PORT_IMPORTANCE_RECEIVER 5 /* indicates recieve right accepts priority donation */
379 #define MACH_PORT_DENAP_RECEIVER 6 /* indicates receive right accepts de-nap donation */
380 #define MACH_PORT_INFO_EXT 7 /* uses mach_port_info_ext_t */
381 #define MACH_PORT_GUARD_INFO 8 /* asserts if the strict guard value is correct */
382 #define MACH_PORT_SERVICE_THROTTLED 9 /* info is an integer that indicates if service port is throttled or not */
383
384 #define MACH_PORT_LIMITS_INFO_COUNT ((natural_t) \
385 (sizeof(mach_port_limits_t)/sizeof(natural_t)))
386 #define MACH_PORT_RECEIVE_STATUS_COUNT ((natural_t) \
387 (sizeof(mach_port_status_t)/sizeof(natural_t)))
388 #define MACH_PORT_DNREQUESTS_SIZE_COUNT 1
389 #define MACH_PORT_INFO_EXT_COUNT ((natural_t) \
390 (sizeof(mach_port_info_ext_t)/sizeof(natural_t)))
391 #define MACH_PORT_GUARD_INFO_COUNT ((natural_t) \
392 (sizeof(mach_port_guard_info_t)/sizeof(natural_t)))
393 #define MACH_PORT_SERVICE_THROTTLED_COUNT 1
394
395 /*
396 * Structure used to pass information about port allocation requests.
397 * Must be padded to 64-bits total length.
398 */
399 typedef struct mach_port_qos {
400 unsigned int name:1; /* name given */
401 unsigned int prealloc:1; /* prealloced message */
402 boolean_t pad1:30;
403 natural_t len;
404 } mach_port_qos_t;
405
406 /*
407 * Structure used to pass information about the service port
408 */
409 #define MACH_SERVICE_PORT_INFO_STRING_NAME_MAX_BUF_LEN 255 /* Maximum length of the port string name buffer */
410
411 typedef struct mach_service_port_info {
412 char mspi_string_name[MACH_SERVICE_PORT_INFO_STRING_NAME_MAX_BUF_LEN]; /* Service port's string name */
413 uint8_t mspi_domain_type; /* Service port domain */
414 } mach_service_port_info_data_t;
415
416 #define MACH_SERVICE_PORT_INFO_COUNT ((char) \
417 (sizeof(mach_service_port_info_data_t)/sizeof(char)))
418
419 typedef struct mach_service_port_info * mach_service_port_info_t;
420
421 /*
422 * Flags for mach_port_options (used for
423 * invocation of mach_port_construct).
424 * Indicates attributes to be set for the newly
425 * allocated port.
426 */
427 #define MPO_CONTEXT_AS_GUARD 0x01 /* Add guard to the port */
428 #define MPO_QLIMIT 0x02 /* Set qlimit for the port msg queue */
429 #define MPO_TEMPOWNER 0x04 /* Set the tempowner bit of the port */
430 #define MPO_IMPORTANCE_RECEIVER 0x08 /* Mark the port as importance receiver */
431 #define MPO_INSERT_SEND_RIGHT 0x10 /* Insert a send right for the port */
432 #define MPO_STRICT 0x20 /* Apply strict guarding for port */
433 #define MPO_DENAP_RECEIVER 0x40 /* Mark the port as App de-nap receiver */
434 #define MPO_IMMOVABLE_RECEIVE 0x80 /* Mark the port as immovable; protected by the guard context */
435 #define MPO_FILTER_MSG 0x100 /* Allow message filtering */
436 #define MPO_TG_BLOCK_TRACKING 0x200 /* Track blocking relationship for thread group during sync IPC */
437 #define MPO_SERVICE_PORT 0x400 /* Create a service port with the given name; should be used only by launchd */
438 #define MPO_CONNECTION_PORT 0x800 /* Derive new peer connection port from a given service port */
439 #define MPO_REPLY_PORT 0x1000 /* Designate port as a reply port. */
440 #define MPO_ENFORCE_REPLY_PORT_SEMANTICS 0x2000 /* When talking to this port, local port of mach msg needs to follow reply port semantics.*/
441 #define MPO_PROVISIONAL_REPLY_PORT 0x4000 /* Designate port as a provisional reply port. */
442 #define MPO_PROVISIONAL_ID_PROT_OPTOUT 0x8000 /* Opted out of EXCEPTION_IDENTITY_PROTECTED violation for now */
443
444
445 /*
446 * Structure to define optional attributes for a newly
447 * constructed port.
448 */
449 typedef struct mach_port_options {
450 uint32_t flags; /* Flags defining attributes for port */
451 mach_port_limits_t mpl; /* Message queue limit for port */
452 union {
453 uint64_t reserved[2]; /* Reserved */
454 mach_port_name_t work_interval_port; /* Work interval port */
455 #if KERNEL
456 uint32_t service_port_info32; /* Service port (MPO_SERVICE_PORT) */
457 uint64_t service_port_info64; /* Service port (MPO_SERVICE_PORT) */
458 #else
459 mach_service_port_info_t service_port_info; /* Service port (MPO_SERVICE_PORT) */
460 #endif
461 mach_port_name_t service_port_name; /* Service port (MPO_CONNECTION_PORT) */
462 };
463 }mach_port_options_t;
464
465 typedef mach_port_options_t *mach_port_options_ptr_t;
466
467 /* Mach Port Guarding definitions */
468
469 /*
470 * EXC_GUARD represents a guard violation for both
471 * mach ports and file descriptors. GUARD_TYPE_ is used
472 * to differentiate among them.
473 */
474 #define GUARD_TYPE_MACH_PORT 0x1
475
476 /* Reasons for exception for a guarded mach port */
477 enum mach_port_guard_exception_codes {
478 kGUARD_EXC_DESTROY = 1,
479 kGUARD_EXC_MOD_REFS = 2,
480 kGUARD_EXC_INVALID_OPTIONS = 3,
481 kGUARD_EXC_SET_CONTEXT = 4,
482 kGUARD_EXC_THREAD_SET_STATE = 5,
483 kGUARD_EXC_EXCEPTION_BEHAVIOR_ENFORCE= 6,
484 kGUARD_EXC_UNGUARDED = 1u << 3,
485 kGUARD_EXC_INCORRECT_GUARD = 1u << 4,
486 kGUARD_EXC_IMMOVABLE = 1u << 5,
487 kGUARD_EXC_STRICT_REPLY = 1u << 6,
488 kGUARD_EXC_MSG_FILTERED = 1u << 7,
489 /* start of [optionally] non-fatal guards */
490 kGUARD_EXC_INVALID_RIGHT = 1u << 8,
491 kGUARD_EXC_INVALID_NAME = 1u << 9,
492 kGUARD_EXC_INVALID_VALUE = 1u << 10,
493 kGUARD_EXC_INVALID_ARGUMENT = 1u << 11,
494 kGUARD_EXC_RIGHT_EXISTS = 1u << 12,
495 kGUARD_EXC_KERN_NO_SPACE = 1u << 13,
496 kGUARD_EXC_KERN_FAILURE = 1u << 14,
497 kGUARD_EXC_KERN_RESOURCE = 1u << 15,
498 kGUARD_EXC_SEND_INVALID_REPLY = 1u << 16,
499 kGUARD_EXC_SEND_INVALID_VOUCHER = 1u << 17,
500 kGUARD_EXC_SEND_INVALID_RIGHT = 1u << 18,
501 kGUARD_EXC_RCV_INVALID_NAME = 1u << 19,
502 /* start of always non-fatal guards */
503 kGUARD_EXC_RCV_GUARDED_DESC = 1u << 20, /* for development only */
504 kGUARD_EXC_MOD_REFS_NON_FATAL = 1u << 21,
505 kGUARD_EXC_IMMOVABLE_NON_FATAL = 1u << 22,
506 kGUARD_EXC_REQUIRE_REPLY_PORT_SEMANTICS = 1u << 23,
507 };
508
509 #define MAX_FATAL_kGUARD_EXC_CODE (1u << 7)
510
511 /*
512 * Mach port guard flags.
513 */
514 #define MPG_FLAGS_NONE (0x00ull)
515
516 #define MAX_OPTIONAL_kGUARD_EXC_CODE (1u << 19)
517
518 /*
519 * These flags are used as bits in the subcode of kGUARD_EXC_STRICT_REPLY exceptions.
520 */
521 #define MPG_FLAGS_STRICT_REPLY_INVALID_REPLY_DISP (0x01ull << 56)
522 #define MPG_FLAGS_STRICT_REPLY_INVALID_REPLY_PORT (0x02ull << 56)
523 #define MPG_FLAGS_STRICT_REPLY_INVALID_VOUCHER (0x04ull << 56)
524 #define MPG_FLAGS_STRICT_REPLY_NO_BANK_ATTR (0x08ull << 56)
525 #define MPG_FLAGS_STRICT_REPLY_MISMATCHED_PERSONA (0x10ull << 56)
526 #define MPG_FLAGS_STRICT_REPLY_MASK (0xffull << 56)
527
528 /*
529 * These flags are used as bits in the subcode of kGUARD_EXC_MOD_REFS exceptions.
530 */
531 #define MPG_FLAGS_MOD_REFS_PINNED_DEALLOC (0x01ull << 56)
532 #define MPG_FLAGS_MOD_REFS_PINNED_DESTROY (0x02ull << 56)
533 #define MPG_FLAGS_MOD_REFS_PINNED_COPYIN (0x04ull << 56)
534
535 /*
536 * These flags are used as bits in the subcode of kGUARD_EXC_IMMOVABLE exceptions.
537 */
538 #define MPG_FLAGS_IMMOVABLE_PINNED (0x01ull << 56)
539
540 /*
541 * Flags for mach_port_guard_with_flags. These flags extend
542 * the attributes associated with a guarded port.
543 */
544 #define MPG_STRICT 0x01 /* Apply strict guarding for a port */
545 #define MPG_IMMOVABLE_RECEIVE 0x02 /* Receive right cannot be moved out of the space */
546
547 #if !__DARWIN_UNIX03 && !defined(_NO_PORT_T_FROM_MACH)
548 /*
549 * Mach 3.0 renamed everything to have mach_ in front of it.
550 * These types and macros are provided for backward compatibility
551 * but are deprecated.
552 */
553 typedef mach_port_t port_t;
554 typedef mach_port_name_t port_name_t;
555 typedef mach_port_name_t *port_name_array_t;
556
557 #define PORT_NULL ((port_t) 0)
558 #define PORT_DEAD ((port_t) ~0)
559 #define PORT_VALID(name) \
560 ((port_t)(name) != PORT_NULL && (port_t)(name) != PORT_DEAD)
561
562 #endif /* !__DARWIN_UNIX03 && !_NO_PORT_T_FROM_MACH */
563
564 #endif /* _MACH_PORT_H_ */
565