1 /*
2 * Copyright (c) 2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 #include <stdbool.h>
24
25 #include <sys/errno.h>
26
27 #include <sys/kern_debug.h>
28
29 /* Syscall entry points */
30 int __debug_syscall_reject(uint64_t packed_selectors);
31
32 static bool supported = true;
33
34 int
debug_syscall_reject(const syscall_rejection_selector_t * selectors,size_t len)35 debug_syscall_reject(const syscall_rejection_selector_t *selectors, size_t len)
36 {
37 _Static_assert(sizeof(syscall_rejection_selector_t) == 1, "selector size is not 1 byte");
38
39 if (!supported) {
40 /* Gracefully ignored if unsupported (e.g. if compiled out of RELEASE). */
41 return 0;
42 }
43
44 if (len > 8) {
45 /* selectors are packed one per byte into an uint64_t */
46 errno = E2BIG;
47 return -1;
48 }
49
50 /*
51 * The masks to apply are passed to the kernel as packed selectors,
52 * which are just however many of the selector data type fit into one
53 * (or more) fields of the natural word size (i.e. a register). This
54 * avoids copying from user space.
55 *
56 * More specifically, at the time of this writing, a selector is 1
57 * byte wide, and there is only one uint64_t argument
58 * (args->packed_selectors), so up to 8 selectors can be specified,
59 * which are then stuffed into the 64 bits of the argument. If less
60 * than 8 masks are requested to be applied, the remaining selectors
61 * will just be left as 0, which naturally resolves as the "empty" or
62 * "NULL" mask that changes nothing.
63 *
64 * This libsyscall wrapper provides a more convenient interface where
65 * an array (up to 8 elements long) and its length are passed in,
66 * which the wrapper then packs into packed_selectors of the actual
67 * system call.
68 */
69
70
71 uint64_t packed_selectors = 0;
72 int shift = 0;
73
74 for (int i = 0; i < len; i++, shift += 8) {
75 packed_selectors |= ((uint64_t)(selectors[i]) & 0xff) << shift;
76 }
77
78 int ret = __debug_syscall_reject(packed_selectors);
79
80 if (ret == -1 && errno == ENOTSUP) {
81 errno = 0;
82 supported = false;
83 return 0;
84 }
85
86 return ret;
87 }
88