1 /*
2 * Copyright (c) 2020 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #ifndef _KERN_MACH_FILTER_H_
30 #define _KERN_MACH_FILTER_H_
31
32 #if KERNEL_PRIVATE
33
34 #include <sys/cdefs.h>
35 #include <mach/message.h>
36 #include <mach/port.h>
37
38 /* Sandbox-specific calls for task based message filtering */
39 typedef boolean_t (*mach_msg_fetch_filter_policy_cbfunc_t) (struct task *task, void *portlabel,
40 mach_msg_id_t msgid, mach_msg_filter_id *fpid);
41
42 typedef kern_return_t (*mach_msg_filter_alloc_service_port_sblabel_cbfunc_t) (mach_service_port_info_t service_port_info,
43 void **sblabel);
44
45 typedef void (*mach_msg_filter_dealloc_service_port_sblabel_cbfunc_t) (void *sblabel);
46
47 typedef void* (*mach_msg_filter_derive_sblabel_from_service_port_cbfunc_t) (void *service_port_sblabel,
48 boolean_t *send_side_filtering);
49
50 typedef kern_return_t (*mach_msg_filter_get_connection_port_filter_policy_cbfunc_t) (void *service_port_sblabel,
51 void *connection_port_sblabel, uint64_t *fpid);
52
53 /* Will be called with the port lock held */
54 typedef void (*mach_msg_filter_retain_sblabel_cbfunc_t) (void * sblabel);
55
56 struct mach_msg_filter_callbacks {
57 unsigned int version;
58 /* v0 */
59 const mach_msg_fetch_filter_policy_cbfunc_t fetch_filter_policy;
60
61 /* v1 */
62 const mach_msg_filter_alloc_service_port_sblabel_cbfunc_t alloc_service_port_sblabel;
63 const mach_msg_filter_dealloc_service_port_sblabel_cbfunc_t dealloc_service_port_sblabel;
64 const mach_msg_filter_derive_sblabel_from_service_port_cbfunc_t derive_sblabel_from_service_port;
65 const mach_msg_filter_get_connection_port_filter_policy_cbfunc_t get_connection_port_filter_policy;
66 const mach_msg_filter_retain_sblabel_cbfunc_t retain_sblabel;
67 };
68
69 #define MACH_MSG_FILTER_CALLBACKS_VERSION_0 (0) /* up-to fetch_filter_policy */
70 #define MACH_MSG_FILTER_CALLBACKS_VERSION_1 (1) /* up-to derive_sblabel_from_service_port */
71 #define MACH_MSG_FILTER_CALLBACKS_CURRENT MACH_MSG_FILTER_CALLBACKS_VERSION_1
72
73 __BEGIN_DECLS
74
75 int mach_msg_filter_register_callback(const struct mach_msg_filter_callbacks *callbacks);
76
77 __END_DECLS
78
79 #endif /* KERNEL_PRIVATE */
80
81 #if XNU_KERNEL_PRIVATE
82 extern struct mach_msg_filter_callbacks mach_msg_filter_callbacks;
83
84 static inline bool __pure2
mach_msg_filter_at_least(unsigned int version)85 mach_msg_filter_at_least(unsigned int version)
86 {
87 if (version == 0) {
88 /*
89 * a non initialized cb struct looks the same as v0
90 * so we need a null check for that one
91 */
92 return mach_msg_filter_callbacks.fetch_filter_policy != NULL;
93 }
94 return mach_msg_filter_callbacks.version >= version;
95 }
96
97 /* v0 */
98 #define mach_msg_fetch_filter_policy_callback \
99 (mach_msg_filter_callbacks.fetch_filter_policy)
100
101 /* v1 */
102 #define mach_msg_filter_alloc_service_port_sblabel_callback \
103 (mach_msg_filter_callbacks.alloc_service_port_sblabel)
104 #define mach_msg_filter_dealloc_service_port_sblabel_callback \
105 (mach_msg_filter_callbacks.dealloc_service_port_sblabel)
106 #define mach_msg_filter_derive_sblabel_from_service_port_callback \
107 (mach_msg_filter_callbacks.derive_sblabel_from_service_port)
108 #define mach_msg_filter_get_connection_port_filter_policy_callback \
109 (mach_msg_filter_callbacks.get_connection_port_filter_policy)
110 #define mach_msg_filter_retain_sblabel_callback \
111 (mach_msg_filter_callbacks.retain_sblabel)
112
113 extern
114 boolean_t mach_msg_fetch_filter_policy(void *portlabel, mach_msg_id_t msgh_id, mach_msg_filter_id *fid);
115 #endif /* XNU_KERNEL_PRIVATE */
116
117 #endif /* _KERN_MACH_FILTER_H_ */
118