source: trunk/base/src/darwintracelib1.0/darwintrace.h @ 113026

Last change on this file since 113026 was 113026, checked in by cal@…, 7 years ago

darwintrace: major overhaul, now successfully compiles all ports I have installed (except go)

  • Split darwintrace.c into separate files for different syscalls to clean up the mess. This does prevent some inlining that used to take place before, makes some global variables necessary and required me to define a darwintrace functions API, but it makes the whole thing so much cleaner.
  • Now compiles without -Wno-deprecated-declarations, because stat.c no longer includes sys/stat.h. While that might seem wrong at first, it actually makes things easier for us, because we can avoid the function renaming magic Apple introduced to support 64-bit inodes.
  • darwintrace now prints all syscalls with their returned result in debug mode (except for syscalls that do not return on success, those are printed with a question mark instead, but with the return value, if they do return).
  • Dropped legacy code supporting non C99 compilers in darwintrace.c
  • Removed the code that enabled redirecting opened locations into a different directory, since it was completely untested, very likely broken and hard to maintain.
  • Added handler for posix_spawn(2). This fixes a lot of problems that would previously break builds (e.g. using /opt/local/bin/ar, although that should have been outside the sandbox, which in turn used /opt/local/bin/ranlib, which failed and broke builds).
  • Avoid memory leak when execve(2) failed that was also affecting posix_spawn(2).
  • Use compare and swap primitives provided by Apple in libkern/OSAtomic.h instead of GCC's sync_bool_compare_and_swap. Should fix the build on some older systems that don't support the compiler builtin.
  • Use getattrlist(2) instead of fcntl(F_GETPATH) to get the absolute path of files referenced using the volfs at /.vol/. TODO: Do this before checking against sandbox bounds (it's currently only used before reporting sandbox violations).
  • Improve support for tracing symlinks: Previously, only the symlink's name would be checked against the sandbox, not its target. Now both the name and the target is checked, if it is the last component of a path to be checked against the sandbox bounds. While there are some directory symlinks in some ports I doubt any of them cross a port boundary, which would be incorrectly detected at the moment.
  • Add a flag to support allowing access to directories completely for syscalls that do not operate on directories (i.e., all except rename, rmdir and mkdir).
  • Increase the size of the communication buffer used between tracelib and darwintrace.
  • Abort in tracelib, if the filemap buffer size is exceeded, rather than reading invalid memory later in darwintrace.
  • Fix a segfault in tracelib when installing a port with no dependents.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Rev URL
File size: 5.9 KB
Line 
1/*
2 * Copyright (c) 2005 Apple Inc. All rights reserved.
3 * Copyright (c) 2005-2006 Paul Guyot <pguyot@kallisys.net>,
4 * All rights reserved.
5 * Copyright (c) 2006-2013 The MacPorts Project
6 *
7 * $Id: darwintrace.h 113026 2013-11-07 01:50:28Z cal@macports.org $
8 *
9 * @APPLE_BSD_LICENSE_HEADER_START@
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 *
15 * 1.  Redistributions of source code must retain the above copyright
16 *     notice, this list of conditions and the following disclaimer.
17 * 2.  Redistributions in binary form must reproduce the above copyright
18 *     notice, this list of conditions and the following disclaimer in the
19 *     documentation and/or other materials provided with the distribution.
20 * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
21 *     its contributors may be used to endorse or promote products derived
22 *     from this software without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
26 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
28 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 *
35 * @APPLE_BSD_LICENSE_HEADER_END@
36 */
37
38#ifdef HAVE_CONFIG_H
39#include <config.h>
40#endif
41
42#include <pthread.h>
43#include <stdbool.h>
44#include <stdio.h>
45
46/**
47 * DARWINTRACE_DEBUG: verbose output of operations to debug darwintrace
48 */
49#ifndef DARWINTRACE_DEBUG
50#define DARWINTRACE_DEBUG (0)
51#endif
52
53/**
54 * \c debug_printf() is a macro that will print a message prefixed with
55 * "darwintrace" and the calling process' PID to stderr, or to the file
56 * indicated by the environment variable \c DARWINTRACE_DEBUG, if set.
57 */
58#if DARWINTRACE_DEBUG
59#       define debug_printf(format, ...) \
60                if (__darwintrace_stderr != NULL) { \
61                        fprintf(__darwintrace_stderr, "darwintrace[%d]: " format, getpid(), __VA_ARGS__); \
62                        fflush(__darwintrace_stderr); \
63                }
64#else
65#   define debug_printf(...)
66#endif
67
68enum {
69        DT_REPORT   = 1 << 0,
70        DT_ALLOWDIR = 1 << 1
71};
72
73/**
74 * Debug socket. Will be set by a constructor function in darwintrace.c.
75 */
76extern FILE *__darwintrace_stderr;
77
78/**
79 * Initializer function, ensures darwintrace has been properly set up and check
80 * whether this process was fork(2)'d or clone(2)'d since the last call. Call
81 * this before calling any other functions from this library.
82 */
83void __darwintrace_setup();
84
85/**
86 * Close the darwintrace socket and set it to \c NULL. Since this uses \c
87 * fclose(3), which internally calls \c close(2), which is intercepted by this
88 * library and this library prevents closing the socket to MacPorts, we use \c
89 * __darwintrace_close_sock to allow closing specific FDs.
90 */
91void __darwintrace_close();
92
93/**
94 * Check a path against the current sandbox
95 *
96 * \param[in] path the path to be checked; not necessarily absolute
97 * \param[in] flags A binary or combination of the following flags:
98 *                  - DT_REPORT: If access to this path is being denied, report
99 *                    it as sandbox violation. Set this for all operations that
100 *                    read file contents or check file attributes. Omit this
101 *                    flag for operations that might only attempt to access
102 *                    a file by chance, such as readdir(3).
103 *                  - DT_ALLOWDIR: Whether to always allow access if the given
104 *                    path references an existing directory. Set this for
105 *                    read operations such as stat(2), omit this for operations
106 *                    that modify directories like rmdir(2) and mkdir(2).
107 * \return \c true if the file is within sandbox bounds, \c false if access
108 *         should be denied
109 */
110bool __darwintrace_is_in_sandbox(const char *path, int flags);
111
112#ifdef DARWINTRACE_USE_PRIVATE_API
113#include <errno.h>
114#include <stdlib.h>
115
116/**
117 * PID of the process darwintrace was last used in. This is used to detect
118 * forking and opening a new connection to the control socket in the child
119 * process. Not doing so would potentially cause two processes writing to the
120 * same socket.
121 */
122extern pid_t __darwintrace_pid;
123
124/**
125 * Copy of the DARWINTRACE_LOG environment variable to restore it in execve(2).
126 * Contains the path to the unix socket used for communication with the
127 * MacPorts-side of the sandbox.
128 */
129extern char *__env_darwintrace_log;
130
131/**
132 * Helper variable containing the number of the darwintrace socket, iff the
133 * close(2) syscall should be allowed to close it. Used by \c
134 * __darwintrace_close.
135 */
136extern volatile int __darwintrace_close_sock;
137
138/**
139 * pthread_key_t for the darwintrace socket to ensure the socket is only used
140 * from a single thread.
141 */
142extern pthread_key_t sock_key;
143
144/**
145 * Convenience getter function for the thread-local darwintrace socket. Do not
146 * consider this part of public API. It is only needed to prevent closing and
147 * duplicating over darwintrace's socket FDs.
148 */
149static inline FILE *__darwintrace_sock() {
150        return (FILE *) pthread_getspecific(sock_key);
151}
152
153/**
154 * Convenience setter function for the thread-local darwintrace socket. Do not
155 * consider this part of public API. It is only needed to prevent closing and
156 * duplicating over darwintrace's socket FDs.
157 */
158static inline void __darwintrace_sock_set(FILE *stream) {
159        if (0 != (errno = pthread_setspecific(sock_key, stream))) {
160                perror("darwintrace: pthread_setspecific");
161                abort();
162        }
163}
164#endif /* defined(DARWINTRACE_USE_PRIVATE_API) */
Note: See TracBrowser for help on using the repository browser.