1*42e22086SApple OSS Distributions /*
2*42e22086SApple OSS Distributions * Copyright (c) 2015 Apple Inc. All rights reserved.
3*42e22086SApple OSS Distributions *
4*42e22086SApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5*42e22086SApple OSS Distributions *
6*42e22086SApple OSS Distributions * This file contains Original Code and/or Modifications of Original Code
7*42e22086SApple OSS Distributions * as defined in and that are subject to the Apple Public Source License
8*42e22086SApple OSS Distributions * Version 2.0 (the 'License'). You may not use this file except in
9*42e22086SApple OSS Distributions * compliance with the License. The rights granted to you under the License
10*42e22086SApple OSS Distributions * may not be used to create, or enable the creation or redistribution of,
11*42e22086SApple OSS Distributions * unlawful or unlicensed copies of an Apple operating system, or to
12*42e22086SApple OSS Distributions * circumvent, violate, or enable the circumvention or violation of, any
13*42e22086SApple OSS Distributions * terms of an Apple operating system software license agreement.
14*42e22086SApple OSS Distributions *
15*42e22086SApple OSS Distributions * Please obtain a copy of the License at
16*42e22086SApple OSS Distributions * http://www.opensource.apple.com/apsl/ and read it before using this file.
17*42e22086SApple OSS Distributions *
18*42e22086SApple OSS Distributions * The Original Code and all software distributed under the License are
19*42e22086SApple OSS Distributions * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20*42e22086SApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21*42e22086SApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22*42e22086SApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23*42e22086SApple OSS Distributions * Please see the License for the specific language governing rights and
24*42e22086SApple OSS Distributions * limitations under the License.
25*42e22086SApple OSS Distributions *
26*42e22086SApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27*42e22086SApple OSS Distributions */
28*42e22086SApple OSS Distributions #ifndef _SYS_PERSONA_H_
29*42e22086SApple OSS Distributions #define _SYS_PERSONA_H_
30*42e22086SApple OSS Distributions
31*42e22086SApple OSS Distributions #ifdef PRIVATE
32*42e22086SApple OSS Distributions #include <sys/param.h>
33*42e22086SApple OSS Distributions
34*42e22086SApple OSS Distributions #ifdef KERNEL
35*42e22086SApple OSS Distributions __enum_decl(persona_type_t, int, {
36*42e22086SApple OSS Distributions #else /* !KERNEL */
37*42e22086SApple OSS Distributions enum {
38*42e22086SApple OSS Distributions #endif /* KERNEL */
39*42e22086SApple OSS Distributions PERSONA_INVALID = 0,
40*42e22086SApple OSS Distributions PERSONA_GUEST = 1,
41*42e22086SApple OSS Distributions PERSONA_MANAGED = 2,
42*42e22086SApple OSS Distributions PERSONA_PRIV = 3,
43*42e22086SApple OSS Distributions PERSONA_SYSTEM = 4,
44*42e22086SApple OSS Distributions PERSONA_DEFAULT = 5,
45*42e22086SApple OSS Distributions PERSONA_SYSTEM_PROXY = 6,
46*42e22086SApple OSS Distributions PERSONA_SYS_EXT = 7,
47*42e22086SApple OSS Distributions PERSONA_ENTERPRISE = 8,
48*42e22086SApple OSS Distributions
49*42e22086SApple OSS Distributions PERSONA_TYPE_MAX = PERSONA_ENTERPRISE,
50*42e22086SApple OSS Distributions #ifdef KERNEL
51*42e22086SApple OSS Distributions });
52*42e22086SApple OSS Distributions #else /* !KERNEL */
53*42e22086SApple OSS Distributions };
54*42e22086SApple OSS Distributions #endif /* KERNEL */
55*42e22086SApple OSS Distributions
56*42e22086SApple OSS Distributions #define PERSONA_ID_NONE ((uid_t)-1)
57*42e22086SApple OSS Distributions
58*42e22086SApple OSS Distributions struct kpersona_info {
59*42e22086SApple OSS Distributions /* v1 fields */
60*42e22086SApple OSS Distributions uint32_t persona_info_version;
61*42e22086SApple OSS Distributions
62*42e22086SApple OSS Distributions uid_t persona_id;
63*42e22086SApple OSS Distributions int persona_type;
64*42e22086SApple OSS Distributions gid_t persona_gid; /* unused */
65*42e22086SApple OSS Distributions uint32_t persona_ngroups; /* unused */
66*42e22086SApple OSS Distributions gid_t persona_groups[NGROUPS]; /* unused */
67*42e22086SApple OSS Distributions uid_t persona_gmuid; /* unused */
68*42e22086SApple OSS Distributions char persona_name[MAXLOGNAME + 1];
69*42e22086SApple OSS Distributions
70*42e22086SApple OSS Distributions /* v2 fields */
71*42e22086SApple OSS Distributions uid_t persona_uid;
72*42e22086SApple OSS Distributions } __attribute__((packed));
73*42e22086SApple OSS Distributions
74*42e22086SApple OSS Distributions #define PERSONA_INFO_V1 1
75*42e22086SApple OSS Distributions #define PERSONA_INFO_V2 2
76*42e22086SApple OSS Distributions
77*42e22086SApple OSS Distributions // Userspace and the kernel must see the same struct layout. Assert that in
78*42e22086SApple OSS Distributions // either case sizeof() is equal to the same pre-determined value.
79*42e22086SApple OSS Distributions _Static_assert(sizeof(struct kpersona_info) == 348, "sizeof(kpersona_info) == 348");
80*42e22086SApple OSS Distributions
81*42e22086SApple OSS Distributions #define PERSONA_OP_ALLOC 1
82*42e22086SApple OSS Distributions #define PERSONA_OP_PALLOC 2
83*42e22086SApple OSS Distributions #define PERSONA_OP_DEALLOC 3
84*42e22086SApple OSS Distributions #define PERSONA_OP_GET 4
85*42e22086SApple OSS Distributions #define PERSONA_OP_INFO 5
86*42e22086SApple OSS Distributions #define PERSONA_OP_PIDINFO 6
87*42e22086SApple OSS Distributions #define PERSONA_OP_FIND 7
88*42e22086SApple OSS Distributions #define PERSONA_OP_GETPATH 8
89*42e22086SApple OSS Distributions #define PERSONA_OP_FIND_BY_TYPE 9
90*42e22086SApple OSS Distributions
91*42e22086SApple OSS Distributions #define PERSONA_MGMT_ENTITLEMENT "com.apple.private.persona-mgmt"
92*42e22086SApple OSS Distributions
93*42e22086SApple OSS Distributions #ifndef KERNEL
94*42e22086SApple OSS Distributions /*
95*42e22086SApple OSS Distributions * user space persona interface
96*42e22086SApple OSS Distributions */
97*42e22086SApple OSS Distributions
98*42e22086SApple OSS Distributions /*
99*42e22086SApple OSS Distributions * kpersona_alloc: Allocate a new in-kernel persona
100*42e22086SApple OSS Distributions *
101*42e22086SApple OSS Distributions * Parameters:
102*42e22086SApple OSS Distributions * info: Pointer to persona info structure describing the
103*42e22086SApple OSS Distributions * attributes of the persona to create / allocate.
104*42e22086SApple OSS Distributions *
105*42e22086SApple OSS Distributions * id: output: set to the ID of the created persona
106*42e22086SApple OSS Distributions *
107*42e22086SApple OSS Distributions * Note:
108*42e22086SApple OSS Distributions * The 'persona_id' field of the 'info' parameter is ignored.
109*42e22086SApple OSS Distributions *
110*42e22086SApple OSS Distributions * Return:
111*42e22086SApple OSS Distributions * != 0: ERROR
112*42e22086SApple OSS Distributions * == 0: Success
113*42e22086SApple OSS Distributions */
114*42e22086SApple OSS Distributions int kpersona_alloc(struct kpersona_info *info, uid_t *id);
115*42e22086SApple OSS Distributions
116*42e22086SApple OSS Distributions /*
117*42e22086SApple OSS Distributions * kpersona_palloc: Allocate a new in-kernel persona with a directory
118*42e22086SApple OSS Distributions * pathname
119*42e22086SApple OSS Distributions *
120*42e22086SApple OSS Distributions * Parameters:
121*42e22086SApple OSS Distributions * info: Pointer to persona info structure describing the
122*42e22086SApple OSS Distributions * attributes of the persona to create / allocate.
123*42e22086SApple OSS Distributions *
124*42e22086SApple OSS Distributions * path: Pointer to directory name that stores persona specific
125*42e22086SApple OSS Distributions * data. Assumes path buffer length = MAXPATHLEN and is a
126*42e22086SApple OSS Distributions * null-terminated string.
127*42e22086SApple OSS Distributions *
128*42e22086SApple OSS Distributions * id: output: set to the ID of the created persona
129*42e22086SApple OSS Distributions *
130*42e22086SApple OSS Distributions * Note:
131*42e22086SApple OSS Distributions * The 'persona_id' field of the 'info' parameter is ignored.
132*42e22086SApple OSS Distributions *
133*42e22086SApple OSS Distributions * Return:
134*42e22086SApple OSS Distributions * != 0: ERROR
135*42e22086SApple OSS Distributions * == 0: Success
136*42e22086SApple OSS Distributions */
137*42e22086SApple OSS Distributions int kpersona_palloc(struct kpersona_info *info, uid_t *id, char path[MAXPATHLEN]);
138*42e22086SApple OSS Distributions
139*42e22086SApple OSS Distributions /*
140*42e22086SApple OSS Distributions * kpersona_dealloc: delete / destroy an in-kernel persona
141*42e22086SApple OSS Distributions *
142*42e22086SApple OSS Distributions * Parameters:
143*42e22086SApple OSS Distributions * id: the ID of the persona to destroy
144*42e22086SApple OSS Distributions *
145*42e22086SApple OSS Distributions * Return:
146*42e22086SApple OSS Distributions * < 0: ERROR
147*42e22086SApple OSS Distributions * 0: Success
148*42e22086SApple OSS Distributions */
149*42e22086SApple OSS Distributions int kpersona_dealloc(uid_t id);
150*42e22086SApple OSS Distributions
151*42e22086SApple OSS Distributions /*
152*42e22086SApple OSS Distributions * kpersona_get: retrieve the persona with which the current thread is running
153*42e22086SApple OSS Distributions *
154*42e22086SApple OSS Distributions * To find the proc's persona id use kpersona_pidinfo
155*42e22086SApple OSS Distributions *
156*42e22086SApple OSS Distributions * Parameters:
157*42e22086SApple OSS Distributions * id: output: will be filled with the persona id from the voucher adopted
158*42e22086SApple OSS Distributions * on the current thread. If that voucher contains no persona information
159*42e22086SApple OSS Distributions * or there is no such voucher, then it defaults to the proc's persona id.
160*42e22086SApple OSS Distributions *
161*42e22086SApple OSS Distributions * Return:
162*42e22086SApple OSS Distributions * < 0: Thread is not running under any persona
163*42e22086SApple OSS Distributions * 0: Success (uuid is filled with running persona UUID)
164*42e22086SApple OSS Distributions */
165*42e22086SApple OSS Distributions int kpersona_get(uid_t *id);
166*42e22086SApple OSS Distributions
167*42e22086SApple OSS Distributions /*
168*42e22086SApple OSS Distributions * kpersona_get_path: retrieve the given persona's path
169*42e22086SApple OSS Distributions *
170*42e22086SApple OSS Distributions * Parameters:
171*42e22086SApple OSS Distributions * id: ID of the persona
172*42e22086SApple OSS Distributions *
173*42e22086SApple OSS Distributions * path: output: filled in with path on success.
174*42e22086SApple OSS Distributions * Assumes path buffer length = MAXPATHLEN
175*42e22086SApple OSS Distributions *
176*42e22086SApple OSS Distributions * Return:
177*42e22086SApple OSS Distributions * < 0: Error
178*42e22086SApple OSS Distributions * 0: Success
179*42e22086SApple OSS Distributions */
180*42e22086SApple OSS Distributions int kpersona_getpath(uid_t id, char path[MAXPATHLEN]);
181*42e22086SApple OSS Distributions
182*42e22086SApple OSS Distributions /*
183*42e22086SApple OSS Distributions * kpersona_info: gather info about the given persona
184*42e22086SApple OSS Distributions *
185*42e22086SApple OSS Distributions * Parameters:
186*42e22086SApple OSS Distributions * id: ID of the persona to investigate
187*42e22086SApple OSS Distributions * If set to 0, it uses persona id from the voucher adopted on the current
188*42e22086SApple OSS Distributions * thread. If that voucher contains no persona information or there is no
189*42e22086SApple OSS Distributions * such voucher, then it defaults to the proc's persona id.
190*42e22086SApple OSS Distributions *
191*42e22086SApple OSS Distributions * info: output: filled in with persona attributes on success.
192*42e22086SApple OSS Distributions *
193*42e22086SApple OSS Distributions * Return:
194*42e22086SApple OSS Distributions * < 0: ERROR
195*42e22086SApple OSS Distributions * 0: Success
196*42e22086SApple OSS Distributions */
197*42e22086SApple OSS Distributions int kpersona_info(uid_t id, struct kpersona_info *info);
198*42e22086SApple OSS Distributions
199*42e22086SApple OSS Distributions /*
200*42e22086SApple OSS Distributions * kpersona_pidinfo: gather persona info about the given PID
201*42e22086SApple OSS Distributions *
202*42e22086SApple OSS Distributions * Parameters:
203*42e22086SApple OSS Distributions * pid: PID of the process whose persona info we're to return
204*42e22086SApple OSS Distributions *
205*42e22086SApple OSS Distributions * info: output: filled in with persona attributes on success.
206*42e22086SApple OSS Distributions *
207*42e22086SApple OSS Distributions * Return:
208*42e22086SApple OSS Distributions * < 0: ERROR
209*42e22086SApple OSS Distributions * 0: Success
210*42e22086SApple OSS Distributions */
211*42e22086SApple OSS Distributions int kpersona_pidinfo(pid_t pid, struct kpersona_info *info);
212*42e22086SApple OSS Distributions
213*42e22086SApple OSS Distributions /*
214*42e22086SApple OSS Distributions * kpersona_find: lookup the kernel's UUID of a persona
215*42e22086SApple OSS Distributions *
216*42e22086SApple OSS Distributions * Parameters:
217*42e22086SApple OSS Distributions * name: Local login name of the persona.
218*42e22086SApple OSS Distributions * Set this to NULL to find personas by 'uid'.
219*42e22086SApple OSS Distributions *
220*42e22086SApple OSS Distributions * uid: UID of the persona.
221*42e22086SApple OSS Distributions * Set this to -1 to find personas by 'name'
222*42e22086SApple OSS Distributions *
223*42e22086SApple OSS Distributions * id: output: the ID(s) matching the input parameters
224*42e22086SApple OSS Distributions * This can be NULL
225*42e22086SApple OSS Distributions *
226*42e22086SApple OSS Distributions * idlen: input - size of 'id' buffer (in number of IDs)
227*42e22086SApple OSS Distributions * output - the total required size of the 'id' buffer
228*42e22086SApple OSS Distributions * (in number of IDs) - may be larger than input size
229*42e22086SApple OSS Distributions * Note:
230*42e22086SApple OSS Distributions * At least one of 'name' or 'uid' must be set.
231*42e22086SApple OSS Distributions *
232*42e22086SApple OSS Distributions * Return:
233*42e22086SApple OSS Distributions * < 0: ERROR
234*42e22086SApple OSS Distributions * >= 0: Output value of idlen - may be larger than input size
235*42e22086SApple OSS Distributions */
236*42e22086SApple OSS Distributions int kpersona_find(const char *name, uid_t uid, uid_t *id, size_t *idlen);
237*42e22086SApple OSS Distributions
238*42e22086SApple OSS Distributions /*
239*42e22086SApple OSS Distributions * kpersona_find_by_type: lookup the persona ids by type
240*42e22086SApple OSS Distributions *
241*42e22086SApple OSS Distributions * Parameters:
242*42e22086SApple OSS Distributions * persona_type: Type of persona id (see enum)
243*42e22086SApple OSS Distributions *
244*42e22086SApple OSS Distributions * id: output: the ID(s) matching the input parameters
245*42e22086SApple OSS Distributions * This can be NULL
246*42e22086SApple OSS Distributions *
247*42e22086SApple OSS Distributions * idlen: input - size of 'id' buffer (in number of IDs)
248*42e22086SApple OSS Distributions * output - the total required size of the 'id' buffer
249*42e22086SApple OSS Distributions * (in number of IDs) - may be larger than input size
250*42e22086SApple OSS Distributions * Return:
251*42e22086SApple OSS Distributions * < 0: ERROR
252*42e22086SApple OSS Distributions * >= 0: Output value of idlen - may be larger than input size
253*42e22086SApple OSS Distributions */
254*42e22086SApple OSS Distributions int kpersona_find_by_type(int persona_type, uid_t *id, size_t *idlen);
255*42e22086SApple OSS Distributions #endif /* !KERNEL */
256*42e22086SApple OSS Distributions
257*42e22086SApple OSS Distributions #ifdef KERNEL_PRIVATE
258*42e22086SApple OSS Distributions /* XNU + kext private interface */
259*42e22086SApple OSS Distributions #include <sys/cdefs.h>
260*42e22086SApple OSS Distributions #include <sys/kauth.h>
261*42e22086SApple OSS Distributions #include <libkern/libkern.h>
262*42e22086SApple OSS Distributions #include <os/refcnt.h>
263*42e22086SApple OSS Distributions
264*42e22086SApple OSS Distributions #ifdef PERSONA_DEBUG
265*42e22086SApple OSS Distributions #include <os/log.h>
266*42e22086SApple OSS Distributions #define persona_dbg(fmt, ...) \
267*42e22086SApple OSS Distributions os_log(OS_LOG_DEFAULT, "[%4d] %s: " fmt "\n", \
268*42e22086SApple OSS Distributions current_proc() ? proc_getpid(current_proc()) : -1, \
269*42e22086SApple OSS Distributions __func__, ## __VA_ARGS__)
270*42e22086SApple OSS Distributions #else
271*42e22086SApple OSS Distributions #define persona_dbg(fmt, ...) do { } while (0)
272*42e22086SApple OSS Distributions #endif
273*42e22086SApple OSS Distributions
274*42e22086SApple OSS Distributions /*
275*42e22086SApple OSS Distributions * Persona
276*42e22086SApple OSS Distributions */
277*42e22086SApple OSS Distributions #ifdef XNU_KERNEL_PRIVATE
278*42e22086SApple OSS Distributions /* only XNU proper needs to see the persona structure */
279*42e22086SApple OSS Distributions struct persona {
280*42e22086SApple OSS Distributions os_refcnt_t pna_refcount;
281*42e22086SApple OSS Distributions int32_t pna_valid;
282*42e22086SApple OSS Distributions
283*42e22086SApple OSS Distributions uid_t pna_id;
284*42e22086SApple OSS Distributions persona_type_t pna_type;
285*42e22086SApple OSS Distributions char pna_login[MAXLOGNAME + 1];
286*42e22086SApple OSS Distributions char *pna_path;
287*42e22086SApple OSS Distributions uid_t pna_uid;
288*42e22086SApple OSS Distributions
289*42e22086SApple OSS Distributions LIST_ENTRY(persona) pna_list;
290*42e22086SApple OSS Distributions
291*42e22086SApple OSS Distributions /* this could go away if we used a coalition */
292*42e22086SApple OSS Distributions LIST_HEAD(, proc) pna_members;
293*42e22086SApple OSS Distributions
294*42e22086SApple OSS Distributions lck_mtx_t pna_lock;
295*42e22086SApple OSS Distributions
296*42e22086SApple OSS Distributions /*
297*42e22086SApple OSS Distributions * We can add things here such as PID maps, UID maps, etc.
298*42e22086SApple OSS Distributions */
299*42e22086SApple OSS Distributions #ifdef PERSONA_DEBUG
300*42e22086SApple OSS Distributions char pna_desc[128];
301*42e22086SApple OSS Distributions #endif
302*42e22086SApple OSS Distributions };
303*42e22086SApple OSS Distributions
304*42e22086SApple OSS Distributions #define persona_lock(persona) lck_mtx_lock(&(persona)->pna_lock)
305*42e22086SApple OSS Distributions #define persona_unlock(persona) lck_mtx_unlock(&(persona)->pna_lock)
306*42e22086SApple OSS Distributions #define persona_try_lock(persona) lck_mtx_try_lock(&(persona)->pna_lock)
307*42e22086SApple OSS Distributions
308*42e22086SApple OSS Distributions #define persona_lock_assert_held(persona) \
309*42e22086SApple OSS Distributions LCK_MTX_ASSERT(&(persona)->pna_lock, LCK_MTX_ASSERT_OWNED)
310*42e22086SApple OSS Distributions
311*42e22086SApple OSS Distributions #ifdef PERSONA_DEBUG
312*42e22086SApple OSS Distributions static inline const char *
persona_desc(struct persona * persona,int locked)313*42e22086SApple OSS Distributions persona_desc(struct persona *persona, int locked)
314*42e22086SApple OSS Distributions {
315*42e22086SApple OSS Distributions if (!persona) {
316*42e22086SApple OSS Distributions return "<none>";
317*42e22086SApple OSS Distributions }
318*42e22086SApple OSS Distributions
319*42e22086SApple OSS Distributions if (persona->pna_desc[0] != 0) {
320*42e22086SApple OSS Distributions return persona->pna_desc;
321*42e22086SApple OSS Distributions }
322*42e22086SApple OSS Distributions
323*42e22086SApple OSS Distributions if (!locked) {
324*42e22086SApple OSS Distributions persona_lock(persona);
325*42e22086SApple OSS Distributions }
326*42e22086SApple OSS Distributions if (persona->pna_desc[0] != 0) {
327*42e22086SApple OSS Distributions goto out_unlock;
328*42e22086SApple OSS Distributions }
329*42e22086SApple OSS Distributions
330*42e22086SApple OSS Distributions char *p = &persona->pna_desc[0];
331*42e22086SApple OSS Distributions char *end = p + sizeof(persona->pna_desc) - 1;
332*42e22086SApple OSS Distributions
333*42e22086SApple OSS Distributions *end = 0;
334*42e22086SApple OSS Distributions p += scnprintf(p, end - p, "%s/%d",
335*42e22086SApple OSS Distributions persona->pna_login,
336*42e22086SApple OSS Distributions persona->pna_id);
337*42e22086SApple OSS Distributions
338*42e22086SApple OSS Distributions if (p <= end) {
339*42e22086SApple OSS Distributions *p = 0;
340*42e22086SApple OSS Distributions }
341*42e22086SApple OSS Distributions out_unlock:
342*42e22086SApple OSS Distributions if (!locked) {
343*42e22086SApple OSS Distributions persona_unlock(persona);
344*42e22086SApple OSS Distributions }
345*42e22086SApple OSS Distributions
346*42e22086SApple OSS Distributions return persona->pna_desc;
347*42e22086SApple OSS Distributions }
348*42e22086SApple OSS Distributions #else /* !PERSONA_DEBUG */
349*42e22086SApple OSS Distributions static inline const char *
persona_desc(struct persona * persona,int locked)350*42e22086SApple OSS Distributions persona_desc(struct persona *persona, int locked)
351*42e22086SApple OSS Distributions {
352*42e22086SApple OSS Distributions (void)persona;
353*42e22086SApple OSS Distributions (void)locked;
354*42e22086SApple OSS Distributions return "<persona>";
355*42e22086SApple OSS Distributions }
356*42e22086SApple OSS Distributions #endif
357*42e22086SApple OSS Distributions
358*42e22086SApple OSS Distributions #else /* !XNU_KERNEL_PRIVATE */
359*42e22086SApple OSS Distributions /* kexts should only see an opaque persona structure */
360*42e22086SApple OSS Distributions struct persona;
361*42e22086SApple OSS Distributions #endif
362*42e22086SApple OSS Distributions
363*42e22086SApple OSS Distributions __BEGIN_DECLS
364*42e22086SApple OSS Distributions
365*42e22086SApple OSS Distributions #ifndef _KAUTH_CRED_T
366*42e22086SApple OSS Distributions #define _KAUTH_CRED_T
367*42e22086SApple OSS Distributions typedef struct ucred *kauth_cred_t;
368*42e22086SApple OSS Distributions #endif /* !_KAUTH_CRED_T */
369*42e22086SApple OSS Distributions
370*42e22086SApple OSS Distributions /* returns the persona ID for the given pesona structure */
371*42e22086SApple OSS Distributions uid_t persona_get_id(struct persona *persona);
372*42e22086SApple OSS Distributions
373*42e22086SApple OSS Distributions /* returns the persona UID for the given pesona structure */
374*42e22086SApple OSS Distributions uid_t persona_get_uid(struct persona *persona);
375*42e22086SApple OSS Distributions
376*42e22086SApple OSS Distributions /* returns the type of the persona (see enum above: PERSONA_GUEST, etc.) */
377*42e22086SApple OSS Distributions int persona_get_type(struct persona *persona);
378*42e22086SApple OSS Distributions
379*42e22086SApple OSS Distributions /* returns a reference that must be released with persona_put() */
380*42e22086SApple OSS Distributions struct persona *persona_lookup(uid_t id);
381*42e22086SApple OSS Distributions
382*42e22086SApple OSS Distributions /*
383*42e22086SApple OSS Distributions * Search for personas based on name or uid
384*42e22086SApple OSS Distributions *
385*42e22086SApple OSS Distributions * Parameters:
386*42e22086SApple OSS Distributions * name: Local login name of the persona.
387*42e22086SApple OSS Distributions * Set this to NULL to find personas by 'uid'.
388*42e22086SApple OSS Distributions *
389*42e22086SApple OSS Distributions * uid: UID of the persona.
390*42e22086SApple OSS Distributions * Set this to -1 to find personas by 'name'
391*42e22086SApple OSS Distributions *
392*42e22086SApple OSS Distributions * persona: output - array of persona pointers. Each non-NULL value
393*42e22086SApple OSS Distributions * must* be released with persona_put. This can be NULL.
394*42e22086SApple OSS Distributions *
395*42e22086SApple OSS Distributions * plen: input - size of 'persona' buffer (in number of pointers)
396*42e22086SApple OSS Distributions * output - the total required size of the 'persona' buffer (could be larger than input value)
397*42e22086SApple OSS Distributions *
398*42e22086SApple OSS Distributions * Return:
399*42e22086SApple OSS Distributions * 0: Success
400*42e22086SApple OSS Distributions * != 0: failure (BSD errno value ESRCH or EINVAL)
401*42e22086SApple OSS Distributions */
402*42e22086SApple OSS Distributions int persona_find(const char *login, uid_t uid,
403*42e22086SApple OSS Distributions struct persona **persona, size_t *plen);
404*42e22086SApple OSS Distributions
405*42e22086SApple OSS Distributions /* returns a reference that must be released with persona_put() */
406*42e22086SApple OSS Distributions struct persona *persona_proc_get(pid_t pid);
407*42e22086SApple OSS Distributions
408*42e22086SApple OSS Distributions /* returns the persona id tied to the current thread (also uses adopted voucher) */
409*42e22086SApple OSS Distributions uid_t current_persona_get_id(void);
410*42e22086SApple OSS Distributions
411*42e22086SApple OSS Distributions /* returns a reference to the persona tied to the current thread (also uses adopted voucher) */
412*42e22086SApple OSS Distributions struct persona *current_persona_get(void);
413*42e22086SApple OSS Distributions
414*42e22086SApple OSS Distributions /* get a reference to a persona structure */
415*42e22086SApple OSS Distributions struct persona *persona_get(struct persona *persona);
416*42e22086SApple OSS Distributions
417*42e22086SApple OSS Distributions /* returns a reference to proc's persona that must be released with persona_put() */
418*42e22086SApple OSS Distributions struct persona *proc_persona_get(proc_t p);
419*42e22086SApple OSS Distributions
420*42e22086SApple OSS Distributions /* release a reference to a persona structure */
421*42e22086SApple OSS Distributions void persona_put(struct persona *persona);
422*42e22086SApple OSS Distributions
423*42e22086SApple OSS Distributions /*
424*42e22086SApple OSS Distributions * Search for personas of a given type, 'persona_type'.
425*42e22086SApple OSS Distributions *
426*42e22086SApple OSS Distributions * Parameters:
427*42e22086SApple OSS Distributions * persona_type: Type of persona (see enum)
428*42e22086SApple OSS Distributions *
429*42e22086SApple OSS Distributions * persona: output - array of persona pointers. Each non-NULL value
430*42e22086SApple OSS Distributions * must* be released with persona_put. This can be NULL.
431*42e22086SApple OSS Distributions *
432*42e22086SApple OSS Distributions * plen: input - size of 'persona' buffer (in number of pointers)
433*42e22086SApple OSS Distributions * output - the total required size of the 'persona' buffer (could be larger than input value)
434*42e22086SApple OSS Distributions *
435*42e22086SApple OSS Distributions * Return:
436*42e22086SApple OSS Distributions * 0: Success
437*42e22086SApple OSS Distributions * != 0: failure (BSD errno value ESRCH or EINVAL)
438*42e22086SApple OSS Distributions */
439*42e22086SApple OSS Distributions int persona_find_by_type(persona_type_t persona_type, struct persona **persona,
440*42e22086SApple OSS Distributions size_t *plen);
441*42e22086SApple OSS Distributions
442*42e22086SApple OSS Distributions boolean_t persona_is_adoption_allowed(struct persona *persona);
443*42e22086SApple OSS Distributions
444*42e22086SApple OSS Distributions #ifdef XNU_KERNEL_PRIVATE
445*42e22086SApple OSS Distributions
446*42e22086SApple OSS Distributions #if CONFIG_PERSONAS
447*42e22086SApple OSS Distributions #include <sys/proc_internal.h>
448*42e22086SApple OSS Distributions
449*42e22086SApple OSS Distributions /*
450*42e22086SApple OSS Distributions * In-kernel persona API
451*42e22086SApple OSS Distributions */
452*42e22086SApple OSS Distributions extern const uint32_t g_max_personas;
453*42e22086SApple OSS Distributions
454*42e22086SApple OSS Distributions struct persona *persona_alloc(uid_t id, const char *login,
455*42e22086SApple OSS Distributions persona_type_t type, char *path, uid_t uid, int *error);
456*42e22086SApple OSS Distributions
457*42e22086SApple OSS Distributions int persona_init_begin(struct persona *persona);
458*42e22086SApple OSS Distributions void persona_init_end(struct persona *persona, int error);
459*42e22086SApple OSS Distributions
460*42e22086SApple OSS Distributions struct persona *persona_lookup_and_invalidate(uid_t id);
461*42e22086SApple OSS Distributions
462*42e22086SApple OSS Distributions static inline int
proc_has_persona(proc_t p)463*42e22086SApple OSS Distributions proc_has_persona(proc_t p)
464*42e22086SApple OSS Distributions {
465*42e22086SApple OSS Distributions if (p && p->p_persona) {
466*42e22086SApple OSS Distributions return 1;
467*42e22086SApple OSS Distributions }
468*42e22086SApple OSS Distributions return 0;
469*42e22086SApple OSS Distributions }
470*42e22086SApple OSS Distributions
471*42e22086SApple OSS Distributions static inline uid_t
persona_id_from_proc(proc_t p)472*42e22086SApple OSS Distributions persona_id_from_proc(proc_t p)
473*42e22086SApple OSS Distributions {
474*42e22086SApple OSS Distributions if (p && p->p_persona) {
475*42e22086SApple OSS Distributions return p->p_persona->pna_id;
476*42e22086SApple OSS Distributions }
477*42e22086SApple OSS Distributions return PERSONA_ID_NONE;
478*42e22086SApple OSS Distributions }
479*42e22086SApple OSS Distributions
480*42e22086SApple OSS Distributions int persona_proc_inherit(proc_t child, proc_t parent);
481*42e22086SApple OSS Distributions
482*42e22086SApple OSS Distributions int persona_proc_adopt(proc_t p, struct persona *persona,
483*42e22086SApple OSS Distributions kauth_cred_t auth_override);
484*42e22086SApple OSS Distributions int persona_proc_drop(proc_t p);
485*42e22086SApple OSS Distributions
486*42e22086SApple OSS Distributions /* returns a reference that must be released with persona_put() */
487*42e22086SApple OSS Distributions struct persona *persona_proc_get(pid_t pid);
488*42e22086SApple OSS Distributions
489*42e22086SApple OSS Distributions int persona_find_all(const char *login, uid_t uid, persona_type_t persona_type,
490*42e22086SApple OSS Distributions struct persona **persona, size_t *plen);
491*42e22086SApple OSS Distributions
492*42e22086SApple OSS Distributions #else /* !CONFIG_PERSONAS */
493*42e22086SApple OSS Distributions
494*42e22086SApple OSS Distributions static inline int
proc_has_persona(__unused proc_t p)495*42e22086SApple OSS Distributions proc_has_persona(__unused proc_t p)
496*42e22086SApple OSS Distributions {
497*42e22086SApple OSS Distributions return 0;
498*42e22086SApple OSS Distributions }
499*42e22086SApple OSS Distributions
500*42e22086SApple OSS Distributions static inline uid_t
persona_id_from_proc(__unused proc_t p)501*42e22086SApple OSS Distributions persona_id_from_proc(__unused proc_t p)
502*42e22086SApple OSS Distributions {
503*42e22086SApple OSS Distributions return PERSONA_ID_NONE;
504*42e22086SApple OSS Distributions }
505*42e22086SApple OSS Distributions
506*42e22086SApple OSS Distributions #endif /* CONFIG_PERSONAS */
507*42e22086SApple OSS Distributions #endif /* XNU_KERNEL_PRIVATE */
508*42e22086SApple OSS Distributions __END_DECLS
509*42e22086SApple OSS Distributions
510*42e22086SApple OSS Distributions #endif /* KERNEL_PRIVATE */
511*42e22086SApple OSS Distributions
512*42e22086SApple OSS Distributions #endif /* PRIVATE */
513*42e22086SApple OSS Distributions #endif /* _SYS_PERSONA_H_ */
514