#include "base/logging.h"
#include "base/mac/mach_logging.h"
#include "sandbox/mac/bootstrap_sandbox.h"
+#include "sandbox/mac/mach_message_server.h"
namespace sandbox {
return message_server_->Initialize();
}
-void LaunchdInterceptionServer::DemuxMessage(mach_msg_header_t* request,
- mach_msg_header_t* reply) {
- VLOG(3) << "Incoming message #" << request->msgh_id;
+void LaunchdInterceptionServer::DemuxMessage(IPCMessage request) {
+ const uint64_t message_id = compat_shim_.ipc_message_get_id(request);
+ VLOG(3) << "Incoming message #" << message_id;
pid_t sender_pid = message_server_->GetMessageSenderPID(request);
const BootstrapSandboxPolicy* policy =
return;
}
- if (request->msgh_id == compat_shim_.msg_id_look_up2) {
+ if (message_id == compat_shim_.msg_id_look_up2) {
// Filter messages sent via bootstrap_look_up to enforce the sandbox policy
// over the bootstrap namespace.
- HandleLookUp(request, reply, policy);
- } else if (request->msgh_id == compat_shim_.msg_id_swap_integer) {
+ HandleLookUp(request, policy);
+ } else if (message_id == compat_shim_.msg_id_swap_integer) {
// Ensure that any vproc_swap_integer requests are safe.
- HandleSwapInteger(request, reply);
+ HandleSwapInteger(request);
} else {
// All other messages are not permitted.
- VLOG(1) << "Rejecting unhandled message #" << request->msgh_id;
- message_server_->RejectMessage(reply, MIG_REMOTE_ERROR);
+ VLOG(1) << "Rejecting unhandled message #" << message_id;
+ message_server_->RejectMessage(request, MIG_REMOTE_ERROR);
}
}
void LaunchdInterceptionServer::HandleLookUp(
- mach_msg_header_t* request,
- mach_msg_header_t* reply,
+ IPCMessage request,
const BootstrapSandboxPolicy* policy) {
const std::string request_service_name(
compat_shim_.look_up2_get_request_name(request));
// reply to the client. Returning a NULL or unserviced port for a look up
// can cause clients to crash or hang.
VLOG(1) << "Denying look_up2 with MIG error: " << request_service_name;
- message_server_->RejectMessage(reply, BOOTSTRAP_UNKNOWN_SERVICE);
+ message_server_->RejectMessage(request, BOOTSTRAP_UNKNOWN_SERVICE);
} else if (rule.result == POLICY_DENY_DUMMY_PORT ||
rule.result == POLICY_SUBSTITUTE_PORT) {
// The policy result is to deny access to the real service port, replying
else
result_port = rule.substitute_port;
+ IPCMessage reply = message_server_->CreateReply(request);
compat_shim_.look_up2_fill_reply(reply, result_port);
// If the message was sent successfully, clear the result_port out of the
// message so that it is not destroyed at the end of ReceiveMessage. The
}
}
-void LaunchdInterceptionServer::HandleSwapInteger(mach_msg_header_t* request,
- mach_msg_header_t* reply) {
+void LaunchdInterceptionServer::HandleSwapInteger(IPCMessage request) {
// Only allow getting information out of launchd. Do not allow setting
// values. Two commonly observed values that are retrieved are
// VPROC_GSK_MGR_PID and VPROC_GSK_TRANSACTIONS_ENABLED.
ForwardMessage(request);
} else {
VLOG(2) << "Rejecting non-read-only swap_integer message.";
- message_server_->RejectMessage(reply, BOOTSTRAP_NOT_PRIVILEGED);
+ message_server_->RejectMessage(request, BOOTSTRAP_NOT_PRIVILEGED);
}
}
-void LaunchdInterceptionServer::ForwardMessage(mach_msg_header_t* request) {
+void LaunchdInterceptionServer::ForwardMessage(IPCMessage request) {
message_server_->ForwardMessage(request, sandbox_->real_bootstrap_port());
}