Loading...
iokit/Kernel/IOUserClient.cpp xnu-2050.22.13 xnu-1228
--- xnu/xnu-2050.22.13/iokit/Kernel/IOUserClient.cpp
+++ xnu/xnu-1228/iokit/Kernel/IOUserClient.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2011 Apple Inc. All rights reserved.
+ * Copyright (c) 1998-2006 Apple Computer, Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
@@ -27,7 +27,6 @@
  */
 
 
-#include <libkern/c++/OSKext.h>
 #include <IOKit/IOKitServer.h>
 #include <IOKit/IOKitKeysPrivate.h>
 #include <IOKit/IOUserClient.h>
@@ -35,24 +34,8 @@
 #include <IOKit/IORegistryEntry.h>
 #include <IOKit/IOCatalogue.h>
 #include <IOKit/IOMemoryDescriptor.h>
-#include <IOKit/IOBufferMemoryDescriptor.h>
 #include <IOKit/IOLib.h>
-#include <IOKit/IOStatisticsPrivate.h>
-#include <IOKit/IOTimeStamp.h>
-#include <libkern/OSDebug.h>
 #include <sys/proc.h>
-#include <sys/kauth.h>
-
-#if CONFIG_MACF
-
-extern "C" {
-#include <security/mac_framework.h>
-};
-#include <sys/kauth.h>
-
-#define IOMACF_LOG 0
-
-#endif /* CONFIG_MACF */
 
 #include <IOKit/assert.h>
 
@@ -62,7 +45,7 @@
 #define SCALAR64(x) ((io_user_scalar_t)((unsigned int)x))
 #define SCALAR32(x) ((uint32_t )x)
 #define ARG32(x)    ((void *)SCALAR32(x))
-#define REF64(x)    ((io_user_reference_t)((UInt64)(x)))
+#define REF64(x)    ((io_user_reference_t)((natural_t)(x)))
 #define REF32(x)    ((int)(x))
 
 enum
@@ -71,32 +54,6 @@
     kIOUCAsync64Flag = 1ULL
 };
 
-#if IOKITSTATS
-
-#define IOStatisticsRegisterCounter() \
-do { \
-	reserved->counter = IOStatistics::registerUserClient(this); \
-} while (0)
-
-#define IOStatisticsUnregisterCounter() \
-do { \
-	if (reserved) \
-		IOStatistics::unregisterUserClient(reserved->counter); \
-} while (0)
-
-#define IOStatisticsClientCall() \
-do { \
-	IOStatistics::countUserClientCall(client); \
-} while (0)
-
-#else
-
-#define IOStatisticsRegisterCounter()
-#define IOStatisticsUnregisterCounter()
-#define IOStatisticsClientCall()
-
-#endif /* IOKITSTATS */
-
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
 // definitions we should get from osfmk
@@ -128,7 +85,6 @@
 
 extern void iokit_retain_port( ipc_port_t port );
 extern void iokit_release_port( ipc_port_t port );
-extern void iokit_release_port_send( ipc_port_t port );
 
 extern kern_return_t iokit_switch_object_port( ipc_port_t port, io_object_t obj, ipc_kobject_type_t type );
 
@@ -254,7 +210,7 @@
 
 	machPort = (IOMachPort *) dict->getObject( (const OSSymbol *) obj );
 	if( machPort) {
-	    destroyed = (machPort->mscount <= *mscount);
+	    destroyed = (machPort->mscount == *mscount);
 	    if( destroyed)
 		dict->removeObject( (const OSSymbol *) obj );
 	    else
@@ -423,10 +379,8 @@
 
     if( IKOT_IOKIT_CONNECT == type)
     {
-	if( (client = OSDynamicCast( IOUserClient, obj ))) {
-		IOStatisticsClientCall();
+	if( (client = OSDynamicCast( IOUserClient, obj )))
 	    client->clientDied();
-    }
     }
     else if( IKOT_IOKIT_OBJECT == type)
     {
@@ -468,7 +422,7 @@
     virtual void free();
 
     static bool _handler( void * target,
-                          void * ref, IOService * newService, IONotifier * notifier );
+                          void * ref, IOService * newService );
     virtual bool handler( void * ref, IOService * newService );
 
     virtual OSObject * getNextObject();
@@ -482,7 +436,7 @@
         mach_msg_header_t		msgHdr;
 	mach_msg_body_t			msgBody;
 	mach_msg_port_descriptor_t	ports[1];
-        OSNotificationHeader64		notifyHeader __attribute__ ((packed));
+        OSNotificationHeader64		notifyHeader;
     };
 
     PingMsg *		pingMsg;
@@ -580,9 +534,6 @@
 				       void * reference, vm_size_t referenceSize,
 				       bool clientIs64 )
 {
-    if( !super::init())
-        return( false );
-
     newSet = OSArray::withCapacity( 1 );
     if( !newSet)
         return( false );
@@ -608,7 +559,7 @@
     pingMsg->notifyHeader.type = type;
     bcopy( reference, pingMsg->notifyHeader.reference, referenceSize );
 
-    return( true );
+    return( super::init() );
 }
 
 void IOServiceUserNotification::free( void )
@@ -625,12 +576,8 @@
 
     super::free();
 
-    if( _pingMsg && _msgSize) {
-		if (_pingMsg->msgHdr.msgh_remote_port) {
-			iokit_release_port_send(_pingMsg->msgHdr.msgh_remote_port);
-		}
-        IOFree(_pingMsg, _msgSize);
-	}
+    if( _pingMsg && _msgSize)
+        IOFree( _pingMsg, _msgSize);
 
     if( _lastEntry)
         _lastEntry->release();
@@ -640,7 +587,7 @@
 }
 
 bool IOServiceUserNotification::_handler( void * target,
-                                    void * ref, IOService * newService, IONotifier * notifier )
+                                    void * ref, IOService * newService )
 {
     return( ((IOServiceUserNotification *) target)->handler( ref, newService ));
 }
@@ -674,13 +621,13 @@
 	else
             pingMsg->msgHdr.msgh_local_port = NULL;
 
-        kr = mach_msg_send_from_kernel_proper( &pingMsg->msgHdr,
+        kr = mach_msg_send_from_kernel( &pingMsg->msgHdr,
                                         pingMsg->msgHdr.msgh_size);
 	if( port)
 	    iokit_release_port( port );
 
         if( KERN_SUCCESS != kr)
-            IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr );
+            IOLog("%s: mach_msg_send_from_kernel {%x}\n", __FILE__, kr );
     }
 
     return( true );
@@ -722,8 +669,6 @@
 				void * reference, vm_size_t referenceSize, vm_size_t extraSize,
 				bool client64 )
 {
-    if( !super::init())
-        return( false );
 
     if (referenceSize > sizeof(OSAsyncReference64))
         return( false );
@@ -758,7 +703,7 @@
     pingMsg->notifyHeader.type 		= type;
     bcopy( reference, pingMsg->notifyHeader.reference, referenceSize );
 
-    return( true );
+    return( super::init() );
 }
 
 void IOServiceMessageUserNotification::free( void )
@@ -771,12 +716,8 @@
 
     super::free();
 
-    if( _pingMsg && _msgSize) {
-		if (_pingMsg->msgHdr.msgh_remote_port) {
-			iokit_release_port_send(_pingMsg->msgHdr.msgh_remote_port);
-		}
+    if( _pingMsg && _msgSize)
         IOFree( _pingMsg, _msgSize);
-	}
 }
 
 IOReturn IOServiceMessageUserNotification::_handler( void * target, void * ref,
@@ -799,8 +740,8 @@
 
     if (kIOMessageCopyClientID == messageType)
     {
-        *((void **) messageArgument) = OSNumber::withNumber(owningPID, 32);
-        return (kIOReturnSuccess);
+	*((void **) messageArgument) = IOCopyLogNameForPID(owningPID);
+	return (kIOReturnSuccess);
     }
 
     data->messageType = messageType;
@@ -813,7 +754,7 @@
 	else
 	{
 	    data->messageArgument[0] |= (data->messageArgument[0] << 32);
-	    argSize = sizeof(uint32_t);
+	    argSize = sizeof(messageArgument);
 	}
     }
     else
@@ -831,7 +772,7 @@
     pingMsg->ports[0].name = providerPort;
     thisPort = iokit_port_for_object( this, IKOT_IOKIT_OBJECT );
     pingMsg->msgHdr.msgh_local_port = thisPort;
-    kr = mach_msg_send_from_kernel_proper( &pingMsg->msgHdr,
+    kr = mach_msg_send_from_kernel( &pingMsg->msgHdr,
 				    pingMsg->msgHdr.msgh_size);
     if( thisPort)
 	iokit_release_port( thisPort );
@@ -839,7 +780,7 @@
 	iokit_release_port( providerPort );
 
     if( KERN_SUCCESS != kr)
-        IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr );
+        IOLog("%s: mach_msg_send_from_kernel {%x}\n", __FILE__, kr );
 
     return( kIOReturnSuccess );
 }
@@ -866,10 +807,10 @@
                                      mach_port_t wakePort,
                                      void *callback, void *refcon)
 {
-    asyncRef[kIOAsyncReservedIndex]      = ((uintptr_t) wakePort) 
+    asyncRef[kIOAsyncReservedIndex]      = ((natural_t) wakePort) 
 					 | (kIOUCAsync0Flags & asyncRef[kIOAsyncReservedIndex]);
-    asyncRef[kIOAsyncCalloutFuncIndex]   = (uintptr_t) callback;
-    asyncRef[kIOAsyncCalloutRefconIndex] = (uintptr_t) refcon;
+    asyncRef[kIOAsyncCalloutFuncIndex]   = (natural_t) callback;
+    asyncRef[kIOAsyncCalloutRefconIndex] = (natural_t) refcon;
 }
 
 void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef,
@@ -882,7 +823,7 @@
     asyncRef[kIOAsyncCalloutRefconIndex] = refcon;
 }
 
-static OSDictionary * CopyConsoleUser(UInt32 uid)
+inline OSDictionary * CopyConsoleUser(UInt32 uid)
 {
 	OSArray * array;
 	OSDictionary * user = 0; 
@@ -906,29 +847,6 @@
     return user;
 }
 
-static OSDictionary * CopyUserOnConsole(void)
-{
-    OSArray * array;
-    OSDictionary * user = 0; 
-    
-    if ((array = OSDynamicCast(OSArray,
-	IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey))))
-    {
-	for (unsigned int idx = 0;
-		(user = OSDynamicCast(OSDictionary, array->getObject(idx)));
-		idx++)
-	{
-	    if (kOSBooleanTrue == user->getObject(gIOConsoleSessionOnConsoleKey))
-	    {
-		user->retain();
-		break;
-	    }
-	}
-	array->release();
-    }
-    return (user);
-}
-
 IOReturn IOUserClient::clientHasPrivilege( void * securityToken,
                                             const char * privilegeName )
 {
@@ -939,71 +857,26 @@
     OSDictionary *          user;
     bool                    secureConsole;
 
-
-    if (!strncmp(privilegeName, kIOClientPrivilegeForeground, 
-                sizeof(kIOClientPrivilegeForeground)))
-    {
-	/* is graphics access denied for current task? */
-	if (proc_get_task_selfgpuacc_deny() != 0) 
-		return (kIOReturnNotPrivileged);
-	else 
-		return (kIOReturnSuccess);
-    }
-
-    if (!strncmp(privilegeName, kIOClientPrivilegeConsoleSession,
-                                sizeof(kIOClientPrivilegeConsoleSession)))
-    {
-	kauth_cred_t cred;
-	proc_t       p;
-
-        task = (task_t) securityToken;
-	if (!task)
-	    task = current_task();
-	p = (proc_t) get_bsdtask_info(task);
-	kr = kIOReturnNotPrivileged;
-
-	if (p && (cred = kauth_cred_proc_ref(p)))
-	{
-	    user = CopyUserOnConsole();
-	    if (user)
-	    {
-		OSNumber * num;
-		if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionAuditIDKey)))
-		  && (cred->cr_audit.as_aia_p->ai_asid == (au_asid_t) num->unsigned32BitValue()))
-		{
-		    kr = kIOReturnSuccess;
-		}
-		user->release();
-	    }
-	    kauth_cred_unref(&cred);
-	}
-	return (kr);
-    }
-
-    if ((secureConsole = !strncmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess,
-            sizeof(kIOClientPrivilegeSecureConsoleProcess))))
+    if ((secureConsole = !strcmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess)))
         task = (task_t)((IOUCProcessToken *)securityToken)->token;
     else
         task = (task_t)securityToken;
-
+    
     count = TASK_SECURITY_TOKEN_COUNT;
     kr = task_info( task, TASK_SECURITY_TOKEN, (task_info_t) &token, &count );
 
     if (KERN_SUCCESS != kr)
     {}
-    else if (!strncmp(privilegeName, kIOClientPrivilegeAdministrator, 
-                sizeof(kIOClientPrivilegeAdministrator))) {
+    else if (!strcmp(privilegeName, kIOClientPrivilegeAdministrator)) {
         if (0 != token.val[0])
             kr = kIOReturnNotPrivileged;
-    } else if (!strncmp(privilegeName, kIOClientPrivilegeLocalUser,
-                sizeof(kIOClientPrivilegeLocalUser))) {
+    } else if (!strcmp(privilegeName, kIOClientPrivilegeLocalUser)) {
         user = CopyConsoleUser(token.val[0]);
         if ( user )
             user->release();
         else
             kr = kIOReturnNotPrivileged;            
-    } else if (secureConsole || !strncmp(privilegeName, kIOClientPrivilegeConsoleUser,
-                                    sizeof(kIOClientPrivilegeConsoleUser))) {
+    } else if (secureConsole || !strcmp(privilegeName, kIOClientPrivilegeConsoleUser)) {
         user = CopyConsoleUser(token.val[0]);
         if ( user ) {
             if (user->getObject(gIOConsoleSessionOnConsoleKey) != kOSBooleanTrue)
@@ -1025,28 +898,28 @@
 
 bool IOUserClient::init()
 {
-	if (getPropertyTable() || super::init())
-		return reserve();
-	
-	return false;
+    if( getPropertyTable())
+        return true;
+    else
+        return super::init();
 }
 
 bool IOUserClient::init(OSDictionary * dictionary)
 {
-	if (getPropertyTable() || super::init(dictionary))
-		return reserve();
-	
-	return false;
+    if( getPropertyTable())
+        return true;
+    else
+        return super::init(dictionary);
 }
 
 bool IOUserClient::initWithTask(task_t owningTask,
                                 void * securityID,
                                 UInt32 type )
-{	
-	if (getPropertyTable() || super::init())
-		return reserve();
-	
-	return false;
+{
+    if( getPropertyTable())
+        return true;
+    else
+        return super::init();
 }
 
 bool IOUserClient::initWithTask(task_t owningTask,
@@ -1062,30 +935,11 @@
     return( ok );
 }
 
-bool IOUserClient::reserve()
-{		
-	if(!reserved) {
-		reserved = IONew(ExpansionData, 1);
-		if (!reserved) {
-			return false;
-		}
-	}
-
-	IOStatisticsRegisterCounter();
-	
-	return true;
-}
-
 void IOUserClient::free()
 {
     if( mappings)
         mappings->release();
-		
-    IOStatisticsUnregisterCounter();
-
-    if (reserved)
-        IODelete(reserved, ExpansionData, 1);
-		
+
     super::free();
 }
 
@@ -1112,14 +966,6 @@
     return( kIOReturnUnsupported);
 }
 
-IOReturn IOUserClient::registerNotificationPort(
-		mach_port_t port,
-		UInt32		type,
-		io_user_reference_t refCon)
-{
-    return (registerNotificationPort(port, type, (UInt32) refCon));
-}
-
 IOReturn IOUserClient::getNotificationSemaphore( UInt32 notification_type,
                                     semaphore_t * semaphore )
 {
@@ -1138,16 +984,29 @@
     return( kIOReturnUnsupported);
 }
 
-#if !__LP64__
 IOMemoryMap * IOUserClient::mapClientMemory( 
 	IOOptionBits		type,
 	task_t			task,
 	IOOptionBits		mapFlags,
 	IOVirtualAddress	atAddress )
 {
-    return (NULL);
-}
-#endif
+    IOReturn		err;
+    IOOptionBits	options = 0;
+    IOMemoryDescriptor * memory;
+    IOMemoryMap *	map = 0;
+
+    err = clientMemoryForType( (UInt32) type, &options, &memory );
+
+    if( memory && (kIOReturnSuccess == err)) {
+
+        options = (options & ~kIOMapUserOptionsMask)
+		| (mapFlags & kIOMapUserOptionsMask);
+	map = memory->map( task, atAddress, options );
+	memory->release();
+    }
+
+    return( map );
+}
 
 IOMemoryMap * IOUserClient::mapClientMemory64( 
 	IOOptionBits		type,
@@ -1233,25 +1092,6 @@
       }
 
       return trap;
-}
-
-IOReturn IOUserClient::releaseAsyncReference64(OSAsyncReference64 reference)
-{
-    mach_port_t port;
-    port = (mach_port_t) (reference[0] & ~kIOUCAsync0Flags);
-
-    if (MACH_PORT_NULL != port)
-	iokit_release_port_send(port);
-
-    return (kIOReturnSuccess);
-}
-
-IOReturn IOUserClient::releaseNotificationPort(mach_port_t port)
-{
-    if (MACH_PORT_NULL != port)
-	iokit_release_port_send(port);
-
-    return (kIOReturnSuccess);
 }
 
 IOReturn IOUserClient::sendAsyncResult(OSAsyncReference reference,
@@ -1291,7 +1131,8 @@
 	    {
 		OSNotificationHeader64	 notifyHdr;
 		IOAsyncCompletionContent asyncContent;
-		io_user_reference_t	 args[kMaxAsyncArgs] __attribute__ ((packed));
+		uint32_t		 pad;
+		io_user_reference_t	 args[kMaxAsyncArgs];
 	    } msg64;
 	} m;
     };
@@ -1318,6 +1159,7 @@
 	    sizeof(replyMsg.msgHdr) + sizeof(replyMsg.m.msg64) 
 	    - (kMaxAsyncArgs - numArgs) * sizeof(io_user_reference_t);
 	replyMsg.m.msg64.notifyHdr.size = sizeof(IOAsyncCompletionContent)
+					+ sizeof(uint32_t)
 					+ numArgs * sizeof(io_user_reference_t);
 	replyMsg.m.msg64.notifyHdr.type = kIOAsyncCompletionNotificationType;
 	bcopy(reference, replyMsg.m.msg64.notifyHdr.reference, sizeof(OSAsyncReference64));
@@ -1347,10 +1189,10 @@
 	    replyMsg.m.msg32.args[idx] = REF32(args[idx]);
     }
 
-     kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr,
+     kr = mach_msg_send_from_kernel( &replyMsg.msgHdr,
             replyMsg.msgHdr.msgh_size);
     if( KERN_SUCCESS != kr)
-        IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr );
+        IOLog("%s: mach_msg_send_from_kernel {%x}\n", __FILE__, kr );
     return kr;
 }
 
@@ -1370,16 +1212,16 @@
 	io_name_t className )
 {
 	const OSMetaClass* my_obj = NULL;
-	
-	if( !object)
-		return( kIOReturnBadArgument );
+
+    if( !object)
+        return( kIOReturnBadArgument );
 		
 	my_obj = object->getMetaClass();
 	if (!my_obj) {
 		return (kIOReturnNotFound);
 	}
 	
-    strlcpy( className, my_obj->getClassName(), sizeof(io_name_t));
+    strcpy( className, my_obj->getClassName());
     return( kIOReturnSuccess );
 }
 
@@ -1563,9 +1405,9 @@
 	kern_return_t *result,
 	boolean_t *matches )
 {
-    kern_return_t	  kr;
-    vm_offset_t 	  data;
-    vm_map_offset_t	  map_data;
+    kern_return_t	kr;
+    vm_offset_t 	data;
+    vm_map_offset_t	map_data;
 
     kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching );
     data = CAST_DOWN(vm_offset_t, map_data);
@@ -1631,60 +1473,6 @@
 
     return( kr );
 }
-
-
-/* Routine io_service_get_matching_service */
-kern_return_t is_io_service_get_matching_service(
-	mach_port_t master_port,
-	io_string_t matching,
-	io_service_t *service )
-{
-    kern_return_t	kr;
-    OSObject *		obj;
-    OSDictionary *	dict;
-
-    if( master_port != master_device_port)
-        return( kIOReturnNotPrivileged);
-
-    obj = OSUnserializeXML( matching );
-
-    if( (dict = OSDynamicCast( OSDictionary, obj))) {
-        *service = IOService::copyMatchingService( dict );
-	kr = *service ? kIOReturnSuccess : kIOReturnNotFound;
-    } else
-	kr = kIOReturnBadArgument;
-
-    if( obj)
-        obj->release();
-
-    return( kr );
-}
-
-/* Routine io_service_get_matching_services_ool */
-kern_return_t is_io_service_get_matching_service_ool(
-	mach_port_t master_port,
-	io_buf_ptr_t matching,
-	mach_msg_type_number_t matchingCnt,
-	kern_return_t *result,
-	io_object_t *service )
-{
-    kern_return_t	kr;
-    vm_offset_t 	data;
-    vm_map_offset_t	map_data;
-
-    kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) matching );
-    data = CAST_DOWN(vm_offset_t, map_data);
-
-    if( KERN_SUCCESS == kr) {
-        // must return success after vm_map_copyout() succeeds
-	*result = is_io_service_get_matching_service( master_port,
-			(char *) data, service );
-	vm_deallocate( kernel_map, data, matchingCnt );
-    }
-
-    return( kr );
-}
-
 
 static kern_return_t internal_io_service_add_notification(
 	mach_port_t master_port,
@@ -1734,16 +1522,16 @@
 
         if( userNotify && !userNotify->init( port, userMsgType,
                                              reference, referenceSize, client64)) {
-			iokit_release_port_send(port);
             userNotify->release();
             userNotify = 0;
         }
         if( !userNotify)
 	    continue;
 
-        notify = IOService::addMatchingNotification( sym, dict,
+        notify = IOService::addNotification( sym, dict,
                                              &userNotify->_handler, userNotify );
 	if( notify) {
+            dict = 0;
             *notification = userNotify;
 	    userNotify->setNotification( notify );
 	    err = kIOReturnSuccess;
@@ -1861,7 +1649,6 @@
 	io_name_t notification_type,
 	io_string_t matching,
 	mach_port_t port,
-	// for binary compatibility reasons, this must be natural_t for ILP32
 	natural_t ref,
 	io_object_t * notification )
 {
@@ -1896,7 +1683,6 @@
                                              reference, referenceSize,
 					     kIOUserNotifyMaxMessageSize,
 					     client64 )) {
-			iokit_release_port_send(port);
             userNotify->release();
             userNotify = 0;
         }
@@ -1967,7 +1753,6 @@
 {
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     return( client->getNotificationSemaphore( (UInt32) notification_type,
                                               semaphore ));
 }
@@ -2148,22 +1933,10 @@
         return( kIOReturnNotFound );
 }
 
-/* Routine io_registry_entry_get_registry_entry_id */
-kern_return_t is_io_registry_entry_get_registry_entry_id(
-	io_object_t registry_entry,
-	uint64_t *entry_id )
-{
-    CHECK( IORegistryEntry, registry_entry, entry );
-
-    *entry_id = entry->getRegistryEntryID();
-
-    return (kIOReturnSuccess);
-}
-
 // Create a vm_map_copy_t or kalloc'ed data for memory
 // to be copied out. ipc will free after the copyout.
 
-static kern_return_t copyoutkdata( const void * data, vm_size_t len,
+static kern_return_t copyoutkdata( void * data, vm_size_t len,
                                     io_buf_ptr_t * buf )
 {
     kern_return_t	err;
@@ -2377,17 +2150,11 @@
         obj = OSUnserializeXML( (const char *) data );
 	vm_deallocate( kernel_map, data, propertiesCnt );
 
-	if (!obj)
-	    res = kIOReturnBadArgument;
-#if CONFIG_MACF
-	else if (0 != mac_iokit_check_set_properties(kauth_cred_get(),
-	    registry_entry, obj))
-	    res = kIOReturnNotPermitted;
-#endif
-	else
+        if( obj) {
             res = entry->setProperties( obj );
-	if (obj)
-	    obj->release();
+            obj->release();
+        } else
+            res = kIOReturnBadArgument;
     } else
         res = err;
 
@@ -2438,15 +2205,11 @@
 /* Routine io_service_get_state */
 kern_return_t is_io_service_get_state(
 	io_object_t _service,
-	uint64_t *state,
-	uint32_t *busy_state,
-	uint64_t *accumulated_busy_time )
+	uint64_t *state )
 {
     CHECK( IOService, _service, service );
 
-    *state                 = service->getState();
-    *busy_state            = service->getBusyState();
-    *accumulated_busy_time = service->getAccumulatedBusyTime();
+    *state = service->getState();
 
     return( kIOReturnSuccess );
 }
@@ -2456,15 +2219,9 @@
 	io_object_t _service,
 	mach_timespec_t wait_time )
 {
-    uint64_t    timeoutNS;
-    
     CHECK( IOService, _service, service );
 
-    timeoutNS = wait_time.tv_sec;
-    timeoutNS *= kSecondScale;
-    timeoutNS += wait_time.tv_nsec;
-    
-    return( service->waitQuiet(timeoutNS) );
+    return( service->waitQuiet( &wait_time ));
 }
 
 /* Routine io_service_request_probe */
@@ -2475,6 +2232,30 @@
     CHECK( IOService, _service, service );
 
     return( service->requestProbe( options ));
+}
+
+
+/* Routine io_service_open */
+kern_return_t is_io_service_open(
+	io_object_t _service,
+	task_t owningTask,
+	uint32_t connect_type,
+	io_object_t *connection )
+{
+    IOUserClient	*	client;
+    IOReturn 			err;
+
+    CHECK( IOService, _service, service );
+
+    err = service->newUserClient( owningTask, (void *) owningTask,
+		connect_type, 0, &client );
+
+    if( err == kIOReturnSuccess) {
+	assert( OSDynamicCast(IOUserClient, client) );
+	*connection = client;
+    }
+
+    return( err);
 }
 
 /* Routine io_service_open_ndr */
@@ -2552,26 +2333,16 @@
 	    disallowAccess = (crossEndian
 		&& (kOSBooleanTrue != service->getProperty(kIOUserClientCrossEndianCompatibleKey))
 		&& (kOSBooleanTrue != client->getProperty(kIOUserClientCrossEndianCompatibleKey)));
-            if (disallowAccess) res = kIOReturnUnsupported;
-#if CONFIG_MACF
-	    else if (0 != mac_iokit_check_open(kauth_cred_get(), client, connect_type))
-		res = kIOReturnNotPermitted;
-#endif
-	    if (kIOReturnSuccess != res)
+
+	    if (disallowAccess)
 	    {
-		IOStatisticsClientCall();
 		client->clientClose();
 		client->release();
 		client = 0;
+		res = kIOReturnUnsupported;
 		break;
 	    }
 	    client->sharedInstance = (0 != client->getProperty(kIOUserClientSharedInstanceKey));
-	    OSString * creatorName = IOCopyLogNameForPID(proc_selfpid());
-	    if (creatorName)
-	    {
-		client->setProperty(kIOUserClientCreatorKey, creatorName);
-		creatorName->release();
-	    }
 	}
     }
     while (false);
@@ -2592,7 +2363,6 @@
 
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     client->clientClose();
 
     return( kIOReturnSuccess );
@@ -2625,9 +2395,8 @@
 {
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     return( client->registerNotificationPort( port, notification_type,
-						(io_user_reference_t) reference ));
+						reference ));
 }
 
 /* Routine io_connect_set_notification_port */
@@ -2639,7 +2408,6 @@
 {
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     return( client->registerNotificationPort( port, notification_type,
 						reference ));
 }
@@ -2660,7 +2428,6 @@
 
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     map = client->mapClientMemory64( memory_type, into_task, flags, *address );
 
     if( map) {
@@ -2718,8 +2485,6 @@
 
     return (err);
 }
-
-} /* extern "C" */
 
 IOMemoryMap * IOUserClient::removeMappingForDescriptor(IOMemoryDescriptor * mem)
 {
@@ -2748,8 +2513,6 @@
     return (map);
 }
 
-extern "C" {
-
 /* Routine io_connect_unmap_memory_from_task */
 kern_return_t is_io_connect_unmap_memory_from_task
 (
@@ -2765,7 +2528,6 @@
 
     CHECK( IOUserClient, connection, client );
 
-    IOStatisticsClientCall();
     err = client->clientMemoryForType( (UInt32) memory_type, &options, &memory );
 
     if( memory && (kIOReturnSuccess == err)) {
@@ -2787,7 +2549,7 @@
 		name = IOMachPort::makeSendRightForTask( from_task, map, IKOT_IOKIT_OBJECT );
 	    if (name)
 	    {
-		map->userClientUnmap();
+		map->unmap();
 		err = iokit_mod_send_right( from_task, name, -2 );
 		err = kIOReturnSuccess;
 	    }
@@ -2828,7 +2590,6 @@
     CHECK( IOUserClient, connection, client );
     CHECK( IOUserClient, connect_to, to );
 
-    IOStatisticsClientCall();
     return( client->connectClient( to ) );
 }
 
@@ -2843,97 +2604,6 @@
     return( is_io_registry_entry_set_properties( connection, properties, propertiesCnt, result ));
 }
 
-/* Routine io_user_client_method */
-kern_return_t is_io_connect_method_var_output
-(
-	io_connect_t connection,
-	uint32_t selector,
-	io_scalar_inband64_t scalar_input,
-	mach_msg_type_number_t scalar_inputCnt,
-	io_struct_inband_t inband_input,
-	mach_msg_type_number_t inband_inputCnt,
-	mach_vm_address_t ool_input,
-	mach_vm_size_t ool_input_size,
-	io_struct_inband_t inband_output,
-	mach_msg_type_number_t *inband_outputCnt,
-	io_scalar_inband64_t scalar_output,
-	mach_msg_type_number_t *scalar_outputCnt,
-	io_buf_ptr_t *var_output,
-	mach_msg_type_number_t *var_outputCnt
-)
-{
-    CHECK( IOUserClient, connection, client );
-
-    IOExternalMethodArguments args;
-    IOReturn ret;
-    IOMemoryDescriptor * inputMD  = 0;
-    OSObject *           structureVariableOutputData = 0;
-
-    bzero(&args.__reserved[0], sizeof(args.__reserved));
-    args.version = kIOExternalMethodArgumentsCurrentVersion;
-
-    args.selector = selector;
-
-    args.asyncWakePort               = MACH_PORT_NULL;
-    args.asyncReference              = 0;
-    args.asyncReferenceCount         = 0;
-    args.structureVariableOutputData = &structureVariableOutputData;
-
-    args.scalarInput = scalar_input;
-    args.scalarInputCount = scalar_inputCnt;
-    args.structureInput = inband_input;
-    args.structureInputSize = inband_inputCnt;
-
-    if (ool_input)
-	inputMD = IOMemoryDescriptor::withAddressRange(ool_input, ool_input_size, 
-						    kIODirectionOut, current_task());
-
-    args.structureInputDescriptor = inputMD;
-
-    args.scalarOutput = scalar_output;
-    args.scalarOutputCount = *scalar_outputCnt;
-    args.structureOutput = inband_output;
-    args.structureOutputSize = *inband_outputCnt;
-    args.structureOutputDescriptor = NULL;
-    args.structureOutputDescriptorSize = 0;
-
-    IOStatisticsClientCall();
-    ret = client->externalMethod( selector, &args );
-
-    *scalar_outputCnt = args.scalarOutputCount;
-    *inband_outputCnt = args.structureOutputSize;
-
-    if (var_outputCnt && var_output && (kIOReturnSuccess == ret))
-    {
-    	OSSerialize * serialize;
-    	OSData      * data;
-	vm_size_t     len;
-
-	if ((serialize = OSDynamicCast(OSSerialize, structureVariableOutputData)))
-	{
-	    len = serialize->getLength();
-	    *var_outputCnt = len;
-	    ret = copyoutkdata(serialize->text(), len, var_output);
-	}
-	else if ((data = OSDynamicCast(OSData, structureVariableOutputData)))
-	{
-	    len = data->getLength();
-	    *var_outputCnt = len;
-	    ret = copyoutkdata(data->getBytesNoCopy(), len, var_output);
-	}
-	else
-	{
-	    ret = kIOReturnUnderrun;
-	}
-    }
-
-    if (inputMD)
-	inputMD->release();
-    if (structureVariableOutputData)
-    	structureVariableOutputData->release();
-
-    return (ret);
-}
 
 /* Routine io_user_client_method */
 kern_return_t is_io_connect_method
@@ -2946,12 +2616,12 @@
 	mach_msg_type_number_t inband_inputCnt,
 	mach_vm_address_t ool_input,
 	mach_vm_size_t ool_input_size,
+	io_scalar_inband64_t scalar_output,
+	mach_msg_type_number_t *scalar_outputCnt,
 	io_struct_inband_t inband_output,
 	mach_msg_type_number_t *inband_outputCnt,
-	io_scalar_inband64_t scalar_output,
-	mach_msg_type_number_t *scalar_outputCnt,
 	mach_vm_address_t ool_output,
-	mach_vm_size_t *ool_output_size
+	mach_vm_size_t * ool_output_size
 )
 {
     CHECK( IOUserClient, connection, client );
@@ -2966,10 +2636,9 @@
 
     args.selector = selector;
 
-    args.asyncWakePort               = MACH_PORT_NULL;
-    args.asyncReference              = 0;
-    args.asyncReferenceCount         = 0;
-    args.structureVariableOutputData = 0;
+    args.asyncWakePort       = MACH_PORT_NULL;
+    args.asyncReference      = 0;
+    args.asyncReferenceCount = 0;
 
     args.scalarInput = scalar_input;
     args.scalarInputCount = scalar_inputCnt;
@@ -2987,16 +2656,15 @@
     args.structureOutput = inband_output;
     args.structureOutputSize = *inband_outputCnt;
 
-    if (ool_output && ool_output_size)
+    if (ool_output)
     {
 	outputMD = IOMemoryDescriptor::withAddressRange(ool_output, *ool_output_size, 
 						    kIODirectionIn, current_task());
     }
 
     args.structureOutputDescriptor = outputMD;
-    args.structureOutputDescriptorSize = ool_output_size ? *ool_output_size : 0;
-
-    IOStatisticsClientCall();
+    args.structureOutputDescriptorSize = *ool_output_size;
+
     ret = client->externalMethod( selector, &args );
 
     *scalar_outputCnt = args.scalarOutputCount;
@@ -3025,10 +2693,10 @@
 	mach_msg_type_number_t inband_inputCnt,
 	mach_vm_address_t ool_input,
 	mach_vm_size_t ool_input_size,
+	io_scalar_inband64_t scalar_output,
+	mach_msg_type_number_t *scalar_outputCnt,
 	io_struct_inband_t inband_output,
 	mach_msg_type_number_t *inband_outputCnt,
-	io_scalar_inband64_t scalar_output,
-	mach_msg_type_number_t *scalar_outputCnt,
 	mach_vm_address_t ool_output,
 	mach_vm_size_t * ool_output_size
 )
@@ -3078,7 +2746,6 @@
     args.structureOutputDescriptor = outputMD;
     args.structureOutputDescriptorSize = *ool_output_size;
 
-    IOStatisticsClientCall();
     ret = client->externalMethod( selector, &args );
 
     *inband_outputCnt = args.structureOutputSize;
@@ -3116,8 +2783,8 @@
 		    _input, inputCount, 
 		    NULL, 0,
 		    0, 0,
+		    _output, outputCount,
 		    NULL, &struct_outputCnt,
-		    _output, outputCount,
 		    0, &ool_output_size);
 
     for (i = 0; i < *outputCount; i++)
@@ -3235,8 +2902,8 @@
 		    _input, inputCount, 
 		    NULL, 0,
 		    0, 0,
+		    _output, outputCount,
 		    NULL, &struct_outputCnt,
-		    _output, outputCount,
 		    0, &ool_output_size);
 
     for (i = 0; i < *outputCount; i++)
@@ -3275,8 +2942,8 @@
 		    _input, inputCount, 
 		    NULL, 0,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    output, outputCount,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -3312,8 +2979,8 @@
 		    _input, inputCount, 
 		    inputStruct, inputStructCount,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    NULL, &inband_outputCnt,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -3343,8 +3010,8 @@
 		    NULL, 0, 
 		    input, inputCount,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    output, outputCount,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -3463,8 +3130,8 @@
 		    _input, inputCount, 
 		    NULL, 0,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    output, outputCount,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -3475,7 +3142,7 @@
         const io_user_scalar_t * input,
         mach_msg_type_number_t	inputCount,
         io_struct_inband_t		output,
-        IOByteCount *	outputCount )
+        mach_msg_type_number_t *	outputCount )
 {
     IOMethod		func;
     IOReturn 		err;
@@ -3636,8 +3303,8 @@
 		    _input, inputCount, 
 		    inputStruct, inputStructCount,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    NULL, &inband_outputCnt,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -3809,8 +3476,8 @@
 		    NULL, 0, 
 		    input, inputCount,
 		    0, 0,
+		    NULL, &scalar_outputCnt,
 		    output, outputCount,
-		    NULL, &scalar_outputCnt,
 		    0, &ool_output_size));
 }
 
@@ -3820,7 +3487,7 @@
         io_struct_inband_t		input,
         mach_msg_type_number_t	inputCount,
         io_struct_inband_t		output,
-        IOByteCount *	outputCount )
+        mach_msg_type_number_t *	outputCount )
 {
     IOMethod		func;
     IOReturn 		err = kIOReturnBadArgument;
@@ -3915,6 +3582,72 @@
     return( err);
 }
 
+/* Routine io_make_matching */
+kern_return_t is_io_make_matching(
+	mach_port_t	    master_port,
+	uint32_t	    type,
+	uint32_t		options,
+        io_struct_inband_t	input,
+        mach_msg_type_number_t	inputCount,
+	io_string_t	matching )
+{
+    OSSerialize * 	s;
+    IOReturn		err = kIOReturnSuccess;
+    OSDictionary *	dict;
+
+    if( master_port != master_device_port)
+        return( kIOReturnNotPrivileged);
+
+    switch( type) {
+
+	case kIOServiceMatching:
+            dict = IOService::serviceMatching( gIOServiceKey );
+	    break;
+
+	case kIOBSDNameMatching:
+	    dict = IOBSDNameMatching( (const char *) input );
+	    break;
+
+	case kIOOFPathMatching:
+	    dict = IOOFPathMatching( (const char *) input,
+                                    matching, sizeof( io_string_t));
+	    break;
+
+	default:
+	    dict = 0;
+    }
+
+    if( !dict)
+	return( kIOReturnUnsupported);
+
+    do {
+        s = OSSerialize::withCapacity(4096);
+        if( !s) {
+            err = kIOReturnNoMemory;
+	    continue;
+	}
+        s->clearText();
+        if( !dict->serialize( s )) {
+            err = kIOReturnUnsupported;
+	    continue;
+        }
+
+        if( s->getLength() > sizeof( io_string_t)) {
+            err = kIOReturnNoMemory;
+	    continue;
+        } else
+            strcpy( matching, s->text());
+    }
+    while( false);
+
+    if( s)
+	s->release();
+    if( dict)
+	dict->release();
+
+    return( err);
+}
+
 /* Routine io_catalog_send_data */
 kern_return_t is_io_catalog_send_data(
         mach_port_t		master_port,
@@ -3932,19 +3665,15 @@
     if( master_port != master_device_port)
         return kIOReturnNotPrivileged;
 
-    if( (flag != kIOCatalogRemoveKernelLinker && 
-            flag != kIOCatalogKextdActive &&
-            flag != kIOCatalogKextdFinishedLaunching) && 
-        ( !inData || !inDataCount) ) 
-    {
+    // FIXME: This is a hack. Should have own function for removeKernelLinker()
+    if( (flag != kIOCatalogRemoveKernelLinker && flag != kIOCatalogKextdFinishedLaunching) && ( !inData || !inDataCount) )
         return kIOReturnBadArgument;
-    }
 
     if (inData) {
         vm_map_offset_t map_data;
 
         kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t)inData);
-		data = CAST_DOWN(vm_offset_t, map_data);
+	data = CAST_DOWN(vm_offset_t, map_data);
 
         if( kr != KERN_SUCCESS)
             return kr;
@@ -3962,23 +3691,6 @@
     }
 
     switch ( flag ) {
-        case kIOCatalogResetDrivers:
-        case kIOCatalogResetDriversNoMatch: {
-                OSArray * array;
-
-                array = OSDynamicCast(OSArray, obj);
-                if (array) {
-                    if ( !gIOCatalogue->resetAndAddDrivers(array, 
-                        flag == kIOCatalogResetDrivers) ) {
-
-                        kr = kIOReturnError;
-                    }
-                } else {
-                    kr = kIOReturnBadArgument;
-                }
-            }
-            break;
-
         case kIOCatalogAddDrivers: 
         case kIOCatalogAddDriversNoMatch: {
                 OSArray * array;
@@ -4028,31 +3740,21 @@
             }
             break;
 
-        case kIOCatalogRemoveKernelLinker:
-            kr = KERN_NOT_SUPPORTED;
-            break;
-
-        case kIOCatalogKextdActive:
-#if !NO_KEXTD
-            IOServiceTrace(IOSERVICE_KEXTD_ALIVE, 0, 0, 0, 0);
-            OSKext::setKextdActive();
-
-           /* Dump all nonloaded startup extensions; kextd will now send them
-            * down on request.
-            */
-            OSKext::flushNonloadedKexts( /* flushPrelinkedKexts */ false);
-#endif
-            kr = kIOReturnSuccess;
+        case kIOCatalogRemoveKernelLinker: {
+                if (gIOCatalogue->removeKernelLinker() != KERN_SUCCESS) {
+                    kr = kIOReturnError;
+                } else {
+                    kr = kIOReturnSuccess;
+                }
+            }
             break;
 
         case kIOCatalogKextdFinishedLaunching: {
 #if !NO_KEXTD
                 static bool clearedBusy = false;
-
                 if (!clearedBusy) {
                     IOService * serviceRoot = IOService::getServiceRoot();
                     if (serviceRoot) {
-                        IOServiceTrace(IOSERVICE_KEXTD_READY, 0, 0, 0, 0);
                         serviceRoot->adjustBusy(-1);
                         clearedBusy = true;
                     }
@@ -4090,7 +3792,6 @@
         return( kr );
 
     switch ( flag ) {
-#if !defined(SECURE_KERNEL)
         case kIOCatalogServiceTerminate:
             OSIterator *	iter;
             IOService *		service;
@@ -4120,7 +3821,6 @@
             kr = gIOCatalogue->terminateDriversForModule(name,
                                         flag == kIOCatalogModuleUnload);
             break;
-#endif
 
         default:
             kr = kIOReturnBadArgument;
@@ -4192,9 +3892,7 @@
     return kIOReturnSuccess;
 }
 
-/* Routine io_catalog_module_loaded.
- * Is invoked from IOKitLib's IOCatalogueModuleLoaded(). Doesn't seem to be used.
- */
+/* Routine io_catalog_module_loaded */
 kern_return_t is_io_catalog_module_loaded(
         mach_port_t		master_port,
         io_name_t               name)
@@ -4259,14 +3957,11 @@
     return result;
 }
 
-} /* extern "C" */
-
 IOReturn IOUserClient::externalMethod( uint32_t selector, IOExternalMethodArguments * args,
 					IOExternalMethodDispatch * dispatch, OSObject * target, void * reference )
 {
     IOReturn    err;
     IOService * object;
-    IOByteCount structureOutputSize;
 
     if (dispatch)
     {
@@ -4307,7 +4002,6 @@
 	return (err);
     }
 
-
     // pre-Leopard API's don't do ool structs
     if (args->structureInputDescriptor || args->structureOutputDescriptor)
     {
@@ -4315,21 +4009,12 @@
        return (err);
     }
 
-    structureOutputSize = args->structureOutputSize;
-
     if (args->asyncWakePort)
     {
 	IOExternalAsyncMethod *	method;
 
 	if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) )
 	    return (kIOReturnUnsupported);
-
-    if (kIOUCForegroundOnly & method->flags)
-    {
-	/* is graphics access denied for current task? */
-	if (proc_get_task_selfgpuacc_deny() != 0) 
-            return (kIOReturnNotPermitted);
-    }
 
 	switch (method->flags & kIOUCTypeMask)
 	{
@@ -4374,20 +4059,12 @@
 	if( !(method = getTargetAndMethodForIndex(&object, selector)) )
 	    return (kIOReturnUnsupported);
 
-    if (kIOUCForegroundOnly & method->flags)
-    {
-	/* is graphics access denied for current task? */
-	if (proc_get_task_selfgpuacc_deny() != 0) 
-            return (kIOReturnNotPermitted);
-    
-    }
-
 	switch (method->flags & kIOUCTypeMask)
 	{
 	    case kIOUCScalarIStructI:
 		err = shim_io_connect_method_scalarI_structureI( method, object,
 					args->scalarInput, args->scalarInputCount,
-					(char *) args->structureInput, args->structureInputSize );
+					(char *)args->structureInput, args->structureInputSize );
 		break;
 
 	    case kIOUCScalarIScalarO:
@@ -4399,14 +4076,14 @@
 	    case kIOUCScalarIStructO:
 		err = shim_io_connect_method_scalarI_structureO( method, object,
 					args->scalarInput, args->scalarInputCount,
-					(char *) args->structureOutput, &structureOutputSize );
+					(char *) args->structureOutput, &args->structureOutputSize );
 		break;
 
 
 	    case kIOUCStructIStructO:
 		err = shim_io_connect_method_structureI_structureO( method, object,
-					(char *) args->structureInput, args->structureInputSize,
-					(char *) args->structureOutput, &structureOutputSize );
+					(char *)args->structureInput, args->structureInputSize,
+					(char *) args->structureOutput, &args->structureOutputSize );
 		break;
 
 	    default:
@@ -4414,20 +4091,14 @@
 		break;
 	}
     }
-
-    args->structureOutputSize = structureOutputSize;
-
     return (err);
 }
 
 
-#if __LP64__
-OSMetaClassDefineReservedUnused(IOUserClient, 0);
+};	/* extern "C" */
+
+OSMetaClassDefineReservedUsed(IOUserClient, 0);
 OSMetaClassDefineReservedUnused(IOUserClient, 1);
-#else
-OSMetaClassDefineReservedUsed(IOUserClient, 0);
-OSMetaClassDefineReservedUsed(IOUserClient, 1);
-#endif
 OSMetaClassDefineReservedUnused(IOUserClient, 2);
 OSMetaClassDefineReservedUnused(IOUserClient, 3);
 OSMetaClassDefineReservedUnused(IOUserClient, 4);