Loading...
iokit/Kernel/IOUserClient.cpp xnu-3248.50.21 xnu-2050.9.2
--- xnu/xnu-3248.50.21/iokit/Kernel/IOUserClient.cpp
+++ xnu/xnu-2050.9.2/iokit/Kernel/IOUserClient.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2014 Apple Inc. All rights reserved.
+ * Copyright (c) 1998-2011 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
@@ -39,11 +39,9 @@
 #include <IOKit/IOLib.h>
 #include <IOKit/IOStatisticsPrivate.h>
 #include <IOKit/IOTimeStamp.h>
-#include <IOKit/system.h>
 #include <libkern/OSDebug.h>
 #include <sys/proc.h>
 #include <sys/kauth.h>
-#include <sys/codesign.h>
 
 #if CONFIG_MACF
 
@@ -63,7 +61,7 @@
 
 #define SCALAR64(x) ((io_user_scalar_t)((unsigned int)x))
 #define SCALAR32(x) ((uint32_t )x)
-#define ARG32(x)    ((void *)(uintptr_t)SCALAR32(x))
+#define ARG32(x)    ((void *)SCALAR32(x))
 #define REF64(x)    ((io_user_reference_t)((UInt64)(x)))
 #define REF32(x)    ((int)(x))
 
@@ -166,7 +164,7 @@
     static mach_port_name_t makeSendRightForTask( task_t task,
 				io_object_t obj, ipc_kobject_type_t type );
 
-    virtual void free() APPLE_KEXT_OVERRIDE;
+    virtual void free();
 };
 
 #define super OSObject
@@ -354,119 +352,26 @@
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
-class IOUserIterator : public OSIterator
-{
-    OSDeclareDefaultStructors(IOUserIterator)
+class IOUserNotification : public OSIterator
+{
+    OSDeclareDefaultStructors(IOUserNotification)
+
+    IONotifier 	* 	holdNotify;
+    IOLock 	*	lock;
+
 public:
-    OSObject 	* 	userIteratorObject;
-    IOLock 	*	lock;
-
-    static IOUserIterator * withIterator(OSIterator * iter);
-    virtual bool init( void ) APPLE_KEXT_OVERRIDE;
-    virtual void free() APPLE_KEXT_OVERRIDE;
-
-    virtual void reset() APPLE_KEXT_OVERRIDE;
-    virtual bool isValid() APPLE_KEXT_OVERRIDE;
-    virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
+
+    virtual bool init( void );
+    virtual void free();
+
+    virtual void setNotification( IONotifier * obj );
+
+    virtual void reset();
+    virtual bool isValid();
 };
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
-class IOUserNotification : public IOUserIterator
-{
-    OSDeclareDefaultStructors(IOUserNotification)
-
-#define holdNotify	userIteratorObject
-
-public:
-
-    virtual void free() APPLE_KEXT_OVERRIDE;
-
-    virtual void setNotification( IONotifier * obj );
-
-    virtual void reset() APPLE_KEXT_OVERRIDE;
-    virtual bool isValid() APPLE_KEXT_OVERRIDE;
-};
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-OSDefineMetaClassAndStructors( IOUserIterator, OSIterator )
-
-IOUserIterator *
-IOUserIterator::withIterator(OSIterator * iter)
-{
-    IOUserIterator * me;
-
-    if (!iter) return (0);
-
-    me = new IOUserIterator;
-    if (me && !me->init())
-    {
-	me->release();
-	me = 0;
-    }
-    if (!me) return me;
-    me->userIteratorObject = iter;
-
-    return (me);
-}
-
-bool
-IOUserIterator::init( void )
-{
-    if (!OSObject::init()) return (false);
-
-    lock = IOLockAlloc();
-    if( !lock)
-        return( false );
-
-    return (true);
-}
-
-void
-IOUserIterator::free()
-{
-    if (userIteratorObject) userIteratorObject->release();
-    if (lock) IOLockFree(lock);
-    OSObject::free();
-}
-
-void
-IOUserIterator::reset()
-{
-    IOLockLock(lock);
-    assert(OSDynamicCast(OSIterator, userIteratorObject));
-    ((OSIterator *)userIteratorObject)->reset();
-    IOLockUnlock(lock);
-}
-
-bool
-IOUserIterator::isValid()
-{
-    bool ret;
-
-    IOLockLock(lock);
-    assert(OSDynamicCast(OSIterator, userIteratorObject));
-    ret = ((OSIterator *)userIteratorObject)->isValid();
-    IOLockUnlock(lock);
-
-    return (ret);
-}
-
-OSObject *
-IOUserIterator::getNextObject()
-{
-    OSObject * ret;
-
-    IOLockLock(lock);
-    assert(OSDynamicCast(OSIterator, userIteratorObject));
-    ret = ((OSIterator *)userIteratorObject)->getNextObject();
-    IOLockUnlock(lock);
-
-    return (ret);
-}
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 extern "C" {
 
 // functions called from osfmk/device/iokit_rpc.c
@@ -483,55 +388,6 @@
 {
     if( obj)
 	obj->release();
-}
-
-void
-iokit_add_connect_reference( io_object_t obj )
-{
-    IOUserClient * uc;
-
-    if (!obj) return;
-
-    if ((uc = OSDynamicCast(IOUserClient, obj))) OSIncrementAtomic(&uc->__ipc);
-
-    obj->retain();
-}
-
-void
-iokit_remove_connect_reference( io_object_t obj )
-{
-    IOUserClient * uc;
-    bool           finalize = false;
-
-    if (!obj) return;
-
-    if ((uc = OSDynamicCast(IOUserClient, obj)))
-    {
-	if (1 == OSDecrementAtomic(&uc->__ipc) && uc->isInactive())
-	{
-	    IOLockLock(gIOObjectPortLock);
-	    if ((finalize = uc->__ipcFinal)) uc->__ipcFinal = false;
-	    IOLockUnlock(gIOObjectPortLock);
-	}
-	if (finalize) uc->scheduleFinalize(true);
-    }
-
-    obj->release();
-}
-
-bool
-IOUserClient::finalizeUserReferences(OSObject * obj)
-{
-    IOUserClient * uc;
-    bool           ok = true;
-
-    if ((uc = OSDynamicCast(IOUserClient, obj)))
-    {
-	IOLockLock(gIOObjectPortLock);
-	if ((uc->__ipcFinal = (0 != uc->__ipc))) ok = false;
-	IOLockUnlock(gIOObjectPortLock);
-    }
-    return (ok);
 }
 
 ipc_port_t
@@ -609,13 +465,13 @@
     virtual bool init( mach_port_t port, natural_t type,
                        void * reference, vm_size_t referenceSize,
 		       bool clientIs64 );
-    virtual void free() APPLE_KEXT_OVERRIDE;
+    virtual void free();
 
     static bool _handler( void * target,
                           void * ref, IOService * newService, IONotifier * notifier );
     virtual bool handler( void * ref, IOService * newService );
 
-    virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
+    virtual OSObject * getNextObject();
 };
 
 class IOServiceMessageUserNotification : public IOUserNotification
@@ -641,7 +497,7 @@
 		       vm_size_t extraSize,
 		       bool clientIs64 );
 
-    virtual void free() APPLE_KEXT_OVERRIDE;
+    virtual void free();
     
     static IOReturn _handler( void * target, void * ref,
                               UInt32 messageType, IOService * provider,
@@ -650,35 +506,46 @@
                               UInt32 messageType, IOService * provider,
                               void * messageArgument, vm_size_t argSize );
 
-    virtual OSObject * getNextObject() APPLE_KEXT_OVERRIDE;
+    virtual OSObject * getNextObject();
 };
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
 #undef super
-#define super IOUserIterator
-OSDefineMetaClass( IOUserNotification, IOUserIterator )
-OSDefineAbstractStructors( IOUserNotification, IOUserIterator )
+#define super OSIterator
+OSDefineMetaClass( IOUserNotification, OSIterator )
+OSDefineAbstractStructors( IOUserNotification, OSIterator )
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
+bool IOUserNotification::init( void )
+{
+    if( !super::init())
+	return( false );
+
+    lock = IOLockAlloc();
+    if( !lock)
+        return( false );
+
+    return( true );
+}
+
 void IOUserNotification::free( void )
 {
-    if (holdNotify)
-    {
-	assert(OSDynamicCast(IONotifier, holdNotify));
-	((IONotifier *)holdNotify)->remove();
-	holdNotify = 0;
-    }
+    if( holdNotify)
+	holdNotify->remove();
     // can't be in handler now
 
+    if( lock)
+	IOLockFree( lock );
+
     super::free();
 }
 
 
 void IOUserNotification::setNotification( IONotifier * notify )
 {
-    OSObject * previousNotify;
+    IONotifier * previousNotify;
 
     IOLockLock( gIOObjectPortLock);
 
@@ -688,10 +555,7 @@
     IOLockUnlock( gIOObjectPortLock);
 
     if( previousNotify)
-    {
-	assert(OSDynamicCast(IONotifier, previousNotify));
-	((IONotifier *)previousNotify)->remove();
-    }
+	previousNotify->remove();
 }
 
 void IOUserNotification::reset()
@@ -810,10 +674,8 @@
 	else
             pingMsg->msgHdr.msgh_local_port = NULL;
 
-        kr = mach_msg_send_from_kernel_with_options( &pingMsg->msgHdr,
-						     pingMsg->msgHdr.msgh_size,
-						     (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE),
-						     0);
+        kr = mach_msg_send_from_kernel_proper( &pingMsg->msgHdr,
+                                        pingMsg->msgHdr.msgh_size);
 	if( port)
 	    iokit_release_port( port );
 
@@ -960,15 +822,6 @@
             argSize = kIOUserNotifyMaxMessageSize;
         bcopy( messageArgument, data->messageArgument, argSize );
     }
-
-    // adjust message size for ipc restrictions
-    natural_t type;
-    type = pingMsg->notifyHeader.type;
-    type &= ~(kIOKitNoticationMsgSizeMask << kIOKitNoticationTypeSizeAdjShift);
-    type |= ((argSize & kIOKitNoticationMsgSizeMask) << kIOKitNoticationTypeSizeAdjShift);
-    pingMsg->notifyHeader.type = type;
-    argSize = (argSize + kIOKitNoticationMsgSizeMask) & ~kIOKitNoticationMsgSizeMask;
-
     pingMsg->msgHdr.msgh_size = msgSize - pingMsg->notifyHeader.size
         + sizeof( IOServiceInterestContent64 )
         - sizeof( data->messageArgument)
@@ -978,10 +831,8 @@
     pingMsg->ports[0].name = providerPort;
     thisPort = iokit_port_for_object( this, IKOT_IOKIT_OBJECT );
     pingMsg->msgHdr.msgh_local_port = thisPort;
-    kr = mach_msg_send_from_kernel_with_options( &pingMsg->msgHdr,
-						 pingMsg->msgHdr.msgh_size,
-						 (MACH_SEND_MSG | MACH_SEND_ALWAYS | MACH_SEND_IMPORTANCE),
-						 0);
+    kr = mach_msg_send_from_kernel_proper( &pingMsg->msgHdr,
+				    pingMsg->msgHdr.msgh_size);
     if( thisPort)
 	iokit_release_port( thisPort );
     if( providerPort)
@@ -1029,16 +880,6 @@
 					 | (kIOUCAsync0Flags & asyncRef[kIOAsyncReservedIndex]);
     asyncRef[kIOAsyncCalloutFuncIndex]   = (io_user_reference_t) callback;
     asyncRef[kIOAsyncCalloutRefconIndex] = refcon;
-}
-
-void IOUserClient::setAsyncReference64(OSAsyncReference64 asyncRef,
-					mach_port_t wakePort,
-					mach_vm_address_t callback, io_user_reference_t refcon, task_t task)
-{
-    setAsyncReference64(asyncRef, wakePort, callback, refcon);
-    if (vm_map_is_64bit(get_task_map(task))) {
-            asyncRef[kIOAsyncReservedIndex] |= kIOUCAsync64Flag;
-    }
 }
 
 static OSDictionary * CopyConsoleUser(UInt32 uid)
@@ -1088,29 +929,6 @@
     return (user);
 }
 
-IOReturn IOUserClient::clientHasAuthorization( task_t task,
-                                               IOService * service )
-{
-    proc_t p;
-    
-    p = (proc_t) get_bsdtask_info(task);
-    if (p)
-    {
-        uint64_t authorizationID;
-
-        authorizationID = proc_uniqueid(p);
-        if (authorizationID)
-        {
-            if (service->getAuthorizationID() == authorizationID)
-            {
-                return (kIOReturnSuccess);
-            }
-        }
-    }
-
-    return (kIOReturnNotPermitted);
-}
-
 IOReturn IOUserClient::clientHasPrivilege( void * securityToken,
                                             const char * privilegeName )
 {
@@ -1125,9 +943,10 @@
     if (!strncmp(privilegeName, kIOClientPrivilegeForeground, 
                 sizeof(kIOClientPrivilegeForeground)))
     {
-	if (task_is_gpu_denied(current_task()))
+	/* is graphics access denied for current task? */
+	if (proc_get_task_selfgpuacc_deny() != 0) 
 		return (kIOReturnNotPrivileged);
-	else
+	else 
 		return (kIOReturnSuccess);
     }
 
@@ -1204,82 +1023,6 @@
     return (kr);
 }
 
-OSObject * IOUserClient::copyClientEntitlement( task_t task,
-                                                const char * entitlement )
-{
-#define	MAX_ENTITLEMENTS_LEN	(128 * 1024)
-
-	proc_t p = NULL;
-	pid_t pid = 0;
-	char procname[MAXCOMLEN + 1] = "";
-	size_t len = 0;
-	void *entitlements_blob = NULL;
-	char *entitlements_data = NULL;
-	OSObject *entitlements_obj = NULL;
-	OSDictionary *entitlements = NULL;
-	OSString *errorString = NULL;
-	OSObject *value = NULL;
-
-	p = (proc_t)get_bsdtask_info(task);
-	if (p == NULL)
-		goto fail;
-	pid = proc_pid(p);
-	proc_name(pid, procname, (int)sizeof(procname));
-
-	if (cs_entitlements_blob_get(p, &entitlements_blob, &len) != 0)
-		goto fail;
-
-	if (len <= offsetof(CS_GenericBlob, data))
-		goto fail;
-
-	/*
-	 * Per <rdar://problem/11593877>, enforce a limit on the amount of XML
-	 * we'll try to parse in the kernel.
-	 */
-	len -= offsetof(CS_GenericBlob, data);
-	if (len > MAX_ENTITLEMENTS_LEN) {
-		IOLog("failed to parse entitlements for %s[%u]: %lu bytes of entitlements exceeds maximum of %u\n", procname, pid, len, MAX_ENTITLEMENTS_LEN);
-		goto fail;
-	}
-
-	/*
-	 * OSUnserializeXML() expects a nul-terminated string, but that isn't
-	 * what is stored in the entitlements blob.  Copy the string and
-	 * terminate it.
-	 */
-	entitlements_data = (char *)IOMalloc(len + 1);
-	if (entitlements_data == NULL)
-		goto fail;
-	memcpy(entitlements_data, ((CS_GenericBlob *)entitlements_blob)->data, len);
-	entitlements_data[len] = '\0';
-
-	entitlements_obj = OSUnserializeXML(entitlements_data, len + 1, &errorString);
-	if (errorString != NULL) {
-		IOLog("failed to parse entitlements for %s[%u]: %s\n", procname, pid, errorString->getCStringNoCopy());
-		goto fail;
-	}
-	if (entitlements_obj == NULL)
-		goto fail;
-
-	entitlements = OSDynamicCast(OSDictionary, entitlements_obj);
-	if (entitlements == NULL)
-		goto fail;
-
-	/* Fetch the entitlement value from the dictionary. */
-	value = entitlements->getObject(entitlement);
-	if (value != NULL)
-		value->retain();
-
-fail:
-	if (entitlements_data != NULL)
-		IOFree(entitlements_data, len + 1);
-	if (entitlements_obj != NULL)
-		entitlements_obj->release();
-	if (errorString != NULL)
-		errorString->release();
-	return value;
-}
-
 bool IOUserClient::init()
 {
 	if (getPropertyTable() || super::init())
@@ -1321,16 +1064,16 @@
 
 bool IOUserClient::reserve()
 {		
-    if(!reserved) {
-	reserved = IONew(ExpansionData, 1);
-	if (!reserved) {
-	    return false;
-	}
-    }
-    setTerminateDefer(NULL, true);
-    IOStatisticsRegisterCounter();
-    
-    return true;
+	if(!reserved) {
+		reserved = IONew(ExpansionData, 1);
+		if (!reserved) {
+			return false;
+		}
+	}
+
+	IOStatisticsRegisterCounter();
+	
+	return true;
 }
 
 void IOUserClient::free()
@@ -1348,14 +1091,7 @@
 
 IOReturn IOUserClient::clientDied( void )
 {
-    IOReturn ret = kIOReturnNotReady;
-
-    if (sharedInstance || OSCompareAndSwap8(0, 1, &closed)) 
-    {
-	ret = clientClose();
-    }
-
-    return (ret);
+    return( clientClose());
 }
 
 IOReturn IOUserClient::clientClose( void )
@@ -1443,6 +1179,7 @@
     mach_port_name_t	name;
 
     name = IOMachPort::makeSendRightForTask( task, obj, IKOT_IOKIT_OBJECT );
+    assert( name );
 
     *(mach_port_name_t *)clientObj = name;
     return kIOReturnSuccess;
@@ -1536,20 +1273,8 @@
     return (sendAsyncResult64(reference64, result, args64, numArgs));
 }
 
-IOReturn IOUserClient::sendAsyncResult64WithOptions(OSAsyncReference64 reference,
-                                        IOReturn result, io_user_reference_t args[], UInt32 numArgs, IOOptionBits options)
-{
-	return _sendAsyncResult64(reference, result, args, numArgs, options);
-}
-
 IOReturn IOUserClient::sendAsyncResult64(OSAsyncReference64 reference,
                                         IOReturn result, io_user_reference_t args[], UInt32 numArgs)
-{
-        return _sendAsyncResult64(reference, result, args, numArgs, 0);
-}
-
-IOReturn IOUserClient::_sendAsyncResult64(OSAsyncReference64 reference,
-                                        IOReturn result, io_user_reference_t args[], UInt32 numArgs, IOOptionBits options)
 {
     struct ReplyMsg
     {
@@ -1622,15 +1347,9 @@
 	    replyMsg.m.msg32.args[idx] = REF32(args[idx]);
     }
 
-	if ((options & kIOUserNotifyOptionCanDrop) != 0) { 
-		kr = mach_msg_send_from_kernel_with_options( &replyMsg.msgHdr,
-										 replyMsg.msgHdr.msgh_size, MACH_SEND_TIMEOUT, MACH_MSG_TIMEOUT_NONE);
-	} else {
-		/* Fail on full queue. */
-		kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr,
-										 replyMsg.msgHdr.msgh_size);
-	}
-    if ((KERN_SUCCESS != kr) && (MACH_SEND_TIMED_OUT != kr))
+     kr = mach_msg_send_from_kernel_proper( &replyMsg.msgHdr,
+            replyMsg.msgHdr.msgh_size);
+    if( KERN_SUCCESS != kr)
         IOLog("%s: mach_msg_send_from_kernel_proper {%x}\n", __FILE__, kr );
     return kr;
 }
@@ -1645,63 +1364,22 @@
 	if( !(out = OSDynamicCast( cls, obj)))	\
 	    return( kIOReturnBadArgument )
 
-#define CHECKLOCKED(cls,obj,out)					\
-	IOUserIterator * oIter;						\
-	cls * out;							\
-	if( !(oIter = OSDynamicCast(IOUserIterator, obj)))		\
-	    return (kIOReturnBadArgument);				\
-	if( !(out = OSDynamicCast(cls, oIter->userIteratorObject)))	\
-	    return (kIOReturnBadArgument)
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-// Create a vm_map_copy_t or kalloc'ed data for memory
-// to be copied out. ipc will free after the copyout.
-
-static kern_return_t copyoutkdata( const void * data, vm_size_t len,
-                                    io_buf_ptr_t * buf )
-{
-    kern_return_t	err;
-    vm_map_copy_t	copy;
-
-    err = vm_map_copyin( kernel_map, CAST_USER_ADDR_T(data), len,
-                    false /* src_destroy */, &copy);
-
-    assert( err == KERN_SUCCESS );
-    if( err == KERN_SUCCESS )
-        *buf = (char *) copy;
-
-    return( err );
-}
-
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-/* Routine io_server_version */
-kern_return_t is_io_server_version(
-	mach_port_t master_port,
-	uint64_t *version)
-{
-    *version = IOKIT_SERVER_VERSION;
-    return (kIOReturnSuccess);
-}
-
 /* Routine io_object_get_class */
 kern_return_t is_io_object_get_class(
-    io_object_t object,
-    io_name_t className )
-{
-    const OSMetaClass* my_obj = NULL;
+	io_object_t object,
+	io_name_t className )
+{
+	const OSMetaClass* my_obj = NULL;
 	
-    if( !object)
-        return( kIOReturnBadArgument );
+	if( !object)
+		return( kIOReturnBadArgument );
 		
-    my_obj = object->getMetaClass();
-    if (!my_obj) {
-        return (kIOReturnNotFound);
-    }
-
+	my_obj = object->getMetaClass();
+	if (!my_obj) {
+		return (kIOReturnNotFound);
+	}
+	
     strlcpy( className, my_obj->getClassName(), sizeof(io_name_t));
-
     return( kIOReturnSuccess );
 }
 
@@ -1795,7 +1473,6 @@
         return( kIOReturnBadArgument );
 
     *conforms = (0 != object->metaCast( className ));
-
     return( kIOReturnSuccess );
 }
 
@@ -1816,7 +1493,6 @@
 	io_object_t iterator,
 	io_object_t *object )
 {
-    IOReturn    ret;
     OSObject *	obj;
 
     CHECK( OSIterator, iterator, iter );
@@ -1825,11 +1501,9 @@
     if( obj) {
 	obj->retain();
 	*object = obj;
-        ret = kIOReturnSuccess;
+        return( kIOReturnSuccess );
     } else
-        ret = kIOReturnNoDevice;
-
-    return (ret);
+        return( kIOReturnNoDevice );
 }
 
 /* Routine io_iterator_reset */
@@ -1855,12 +1529,11 @@
     return( kIOReturnSuccess );
 }
 
-
-static kern_return_t internal_io_service_match_property_table(
+/* Routine io_service_match_property_table */
+kern_return_t is_io_service_match_property_table(
 	io_service_t _service,
-	const char * matching,
-	mach_msg_type_number_t matching_size,
-	boolean_t *matches)
+	io_string_t matching,
+	boolean_t *matches )
 {
     CHECK( IOService, _service, service );
 
@@ -1868,8 +1541,8 @@
     OSObject *		obj;
     OSDictionary *	dict;
 
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-			: OSUnserializeXML(matching);
+    obj = OSUnserializeXML( matching );
+
     if( (dict = OSDynamicCast( OSDictionary, obj))) {
         *matches = service->passiveMatch( dict );
 	kr = kIOReturnSuccess;
@@ -1881,16 +1554,6 @@
 
     return( kr );
 }
-
-/* Routine io_service_match_property_table */
-kern_return_t is_io_service_match_property_table(
-	io_service_t service,
-	io_string_t matching,
-	boolean_t *matches )
-{
-    return (internal_io_service_match_property_table(service, matching, 0, matches));
-}
-
 
 /* Routine io_service_match_property_table_ool */
 kern_return_t is_io_service_match_property_table_ool(
@@ -1909,47 +1572,10 @@
 
     if( KERN_SUCCESS == kr) {
         // must return success after vm_map_copyout() succeeds
-	*result = internal_io_service_match_property_table(service,
-		(const char *)data, matchingCnt, matches );
+	*result = is_io_service_match_property_table( service,
+		(char *) data, matches );
 	vm_deallocate( kernel_map, data, matchingCnt );
     }
-
-    return( kr );
-}
-
-/* Routine io_service_match_property_table_bin */
-kern_return_t is_io_service_match_property_table_bin(
-	io_object_t service,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	boolean_t *matches)
-{
-    return (internal_io_service_match_property_table(service, matching, matchingCnt, matches));
-}
-
-static kern_return_t internal_io_service_get_matching_services(
-	mach_port_t master_port,
-	const char * matching,
-	mach_msg_type_number_t matching_size,
-	io_iterator_t *existing )
-{
-    kern_return_t	kr;
-    OSObject *		obj;
-    OSDictionary *	dict;
-
-    if( master_port != master_device_port)
-        return( kIOReturnNotPrivileged);
-
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-			: OSUnserializeXML(matching);
-    if( (dict = OSDynamicCast( OSDictionary, obj))) {
-        *existing = IOUserIterator::withIterator(IOService::getMatchingServices( dict ));
-	kr = kIOReturnSuccess;
-    } else
-	kr = kIOReturnBadArgument;
-
-    if( obj)
-        obj->release();
 
     return( kr );
 }
@@ -1960,7 +1586,25 @@
 	io_string_t matching,
 	io_iterator_t *existing )
 {
-    return (internal_io_service_get_matching_services(master_port, matching, 0, existing));
+    kern_return_t	kr;
+    OSObject *		obj;
+    OSDictionary *	dict;
+
+    if( master_port != master_device_port)
+        return( kIOReturnNotPrivileged);
+
+    obj = OSUnserializeXML( matching );
+
+    if( (dict = OSDynamicCast( OSDictionary, obj))) {
+        *existing = IOService::getMatchingServices( dict );
+	kr = kIOReturnSuccess;
+    } else
+	kr = kIOReturnBadArgument;
+
+    if( obj)
+        obj->release();
+
+    return( kr );
 }
 
 /* Routine io_service_get_matching_services_ool */
@@ -1980,31 +1624,19 @@
 
     if( KERN_SUCCESS == kr) {
         // must return success after vm_map_copyout() succeeds
-        // and mig will copy out objects on success
-        *existing = 0;
-	*result = internal_io_service_get_matching_services(master_port,
-			(const char *) data, matchingCnt, existing);
+	*result = is_io_service_get_matching_services( master_port,
+			(char *) data, existing );
 	vm_deallocate( kernel_map, data, matchingCnt );
     }
 
     return( kr );
 }
 
-/* Routine io_service_get_matching_services_bin */
-kern_return_t is_io_service_get_matching_services_bin(
+
+/* Routine io_service_get_matching_service */
+kern_return_t is_io_service_get_matching_service(
 	mach_port_t master_port,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	io_object_t *existing)
-{
-    return (internal_io_service_get_matching_services(master_port, matching, matchingCnt, existing));
-}
-
-
-static kern_return_t internal_io_service_get_matching_service(
-	mach_port_t master_port,
-	const char * matching,
-	mach_msg_type_number_t matching_size,
+	io_string_t matching,
 	io_service_t *service )
 {
     kern_return_t	kr;
@@ -2014,8 +1646,8 @@
     if( master_port != master_device_port)
         return( kIOReturnNotPrivileged);
 
-    obj = matching_size ? OSUnserializeXML(matching, matching_size)
-			: OSUnserializeXML(matching);
+    obj = OSUnserializeXML( matching );
+
     if( (dict = OSDynamicCast( OSDictionary, obj))) {
         *service = IOService::copyMatchingService( dict );
 	kr = *service ? kIOReturnSuccess : kIOReturnNotFound;
@@ -2026,15 +1658,6 @@
         obj->release();
 
     return( kr );
-}
-
-/* Routine io_service_get_matching_service */
-kern_return_t is_io_service_get_matching_service(
-	mach_port_t master_port,
-	io_string_t matching,
-	io_service_t *service )
-{
-    return (internal_io_service_get_matching_service(master_port, matching, 0, service));
 }
 
 /* Routine io_service_get_matching_services_ool */
@@ -2054,31 +1677,19 @@
 
     if( KERN_SUCCESS == kr) {
         // must return success after vm_map_copyout() succeeds
-        // and mig will copy out objects on success
-        *service = 0;
-	*result = internal_io_service_get_matching_service(master_port,
-			(const char *) data, matchingCnt, service );
+	*result = is_io_service_get_matching_service( master_port,
+			(char *) data, service );
 	vm_deallocate( kernel_map, data, matchingCnt );
     }
 
     return( kr );
 }
 
-/* Routine io_service_get_matching_service_bin */
-kern_return_t is_io_service_get_matching_service_bin(
-	mach_port_t master_port,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	io_object_t *service)
-{
-    return (internal_io_service_get_matching_service(master_port, matching, matchingCnt, service));
-}
 
 static kern_return_t internal_io_service_add_notification(
 	mach_port_t master_port,
 	io_name_t notification_type,
-	const char * matching,
-	size_t matching_size,
+	io_string_t matching,
 	mach_port_t port,
 	void * reference,
 	vm_size_t referenceSize,
@@ -2092,6 +1703,7 @@
     IOReturn			err;
     unsigned long int		userMsgType;
 
+
     if( master_port != master_device_port)
         return( kIOReturnNotPrivileged);
 
@@ -2101,16 +1713,8 @@
         if( !(sym = OSSymbol::withCString( notification_type )))
 	    err = kIOReturnNoResources;
 
-	if (matching_size)
-	{
-            dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching, matching_size));
-	}
-	else
-	{
-	    dict = OSDynamicCast(OSDictionary, OSUnserializeXML(matching));
-	}
-
-        if (!dict) {
+        if( !(dict = OSDynamicCast( OSDictionary,
+                    OSUnserializeXML( matching )))) {
             err = kIOReturnBadArgument;
 	    continue;
 	}
@@ -2168,7 +1772,7 @@
 	io_object_t * notification )
 {
     return (internal_io_service_add_notification(master_port, notification_type, 
-		matching, 0, port, &reference[0], sizeof(io_async_ref_t),
+		matching, port, &reference[0], sizeof(io_async_ref_t),
 		false, notification));
 }
 
@@ -2183,43 +1787,10 @@
 	io_object_t *notification )
 {
     return (internal_io_service_add_notification(master_port, notification_type, 
-		matching, 0, wake_port, &reference[0], sizeof(io_async_ref64_t),
+		matching, wake_port, &reference[0], sizeof(io_async_ref64_t),
 		true, notification));
 }
 
-/* Routine io_service_add_notification_bin */
-kern_return_t is_io_service_add_notification_bin
-(
-	mach_port_t master_port,
-	io_name_t notification_type,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	mach_port_t wake_port,
-	io_async_ref_t reference,
-	mach_msg_type_number_t referenceCnt,
-	io_object_t *notification)
-{
-    return (internal_io_service_add_notification(master_port, notification_type, 
-		matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref_t),
-		false, notification));
-}
-
-/* Routine io_service_add_notification_bin_64 */
-kern_return_t is_io_service_add_notification_bin_64
-(
-	mach_port_t master_port,
-	io_name_t notification_type,
-	io_struct_inband_t matching,
-	mach_msg_type_number_t matchingCnt,
-	mach_port_t wake_port,
-	io_async_ref64_t reference,
-	mach_msg_type_number_t referenceCnt,
-	io_object_t *notification)
-{
-    return (internal_io_service_add_notification(master_port, notification_type, 
-		matching, matchingCnt, wake_port, &reference[0], sizeof(io_async_ref64_t),
-		true, notification));
-}
 
 static kern_return_t internal_io_service_add_notification_ool(
 	mach_port_t master_port,
@@ -2242,10 +1813,8 @@
 
     if( KERN_SUCCESS == kr) {
         // must return success after vm_map_copyout() succeeds
-        // and mig will copy out objects on success
-        *notification = 0;
 	*result = internal_io_service_add_notification( master_port, notification_type,
-			(char *) data, matchingCnt, wake_port, reference, referenceSize, client64, notification );
+			(char *) data, wake_port, reference, referenceSize, client64, notification );
 	vm_deallocate( kernel_map, data, matchingCnt );
     }
 
@@ -2385,7 +1954,7 @@
 {
     CHECK( IOService, _service, service );
 
-    return( service->acknowledgeNotification( (IONotificationRef)(uintptr_t) notify_ref,
+    return( service->acknowledgeNotification( (IONotificationRef) notify_ref,
                                               (IOOptionBits) response ));
     
 }
@@ -2431,9 +2000,8 @@
     if( master_port != master_device_port)
         return( kIOReturnNotPrivileged);
 
-    *iterator = IOUserIterator::withIterator(
-	IORegistryIterator::iterateOver(
-		IORegistryEntry::getPlane( plane ), options ));
+    *iterator = IORegistryIterator::iterateOver(
+	IORegistryEntry::getPlane( plane ), options );
 
     return( *iterator ? kIOReturnSuccess : kIOReturnBadArgument );
 }
@@ -2447,9 +2015,8 @@
 {
     CHECK( IORegistryEntry, registry_entry, entry );
 
-    *iterator = IOUserIterator::withIterator(
-	IORegistryIterator::iterateOver( entry,
-		IORegistryEntry::getPlane( plane ), options ));
+    *iterator = IORegistryIterator::iterateOver( entry,
+	IORegistryEntry::getPlane( plane ), options );
 
     return( *iterator ? kIOReturnSuccess : kIOReturnBadArgument );
 }
@@ -2458,11 +2025,9 @@
 kern_return_t is_io_registry_iterator_enter_entry(
 	io_object_t iterator )
 {
-    CHECKLOCKED( IORegistryIterator, iterator, iter );
-
-    IOLockLock(oIter->lock);
+    CHECK( IORegistryIterator, iterator, iter );
+
     iter->enterEntry();
-    IOLockUnlock(oIter->lock);
 
     return( kIOReturnSuccess );
 }
@@ -2473,11 +2038,9 @@
 {
     bool	didIt;
 
-    CHECKLOCKED( IORegistryIterator, iterator, iter );
-
-    IOLockLock(oIter->lock);
+    CHECK( IORegistryIterator, iterator, iter );
+
     didIt = iter->exitEntry();
-    IOLockUnlock(oIter->lock);
 
     return( didIt ? kIOReturnSuccess : kIOReturnNoDevice );
 }
@@ -2500,58 +2063,6 @@
     return( kIOReturnSuccess );
 }
 
-
-/* Routine io_registry_entry_from_path */
-kern_return_t is_io_registry_entry_from_path_ool(
-	mach_port_t master_port,
-	io_string_inband_t path,
-	io_buf_ptr_t path_ool,
-	mach_msg_type_number_t path_oolCnt,
-	kern_return_t *result,
-	io_object_t *registry_entry)
-{
-    IORegistryEntry *	entry;
-    vm_map_offset_t	map_data;
-    const char * 	cpath;
-    IOReturn            res;
-    kern_return_t       err;
-
-    if (master_port != master_device_port) return(kIOReturnNotPrivileged);
-
-    map_data = 0;
-    entry    = 0;
-    res = err = KERN_SUCCESS;
-    if (path[0]) cpath = path;
-    else
-    {
-	if (!path_oolCnt)                                      return(kIOReturnBadArgument);
-	if (path_oolCnt > (sizeof(io_struct_inband_t) * 1024)) return(kIOReturnMessageTooLarge);
-
-	err = vm_map_copyout(kernel_map, &map_data, (vm_map_copy_t) path_ool);
-	if (KERN_SUCCESS == err)
-	{
-	    // must return success to mig after vm_map_copyout() succeeds, so result is actual
-	    cpath = CAST_DOWN(const char *, map_data);
-	    if (cpath[path_oolCnt - 1]) res = kIOReturnBadArgument;
-	}
-    }
-
-    if ((KERN_SUCCESS == err) && (KERN_SUCCESS == res))
-    {
-	entry = IORegistryEntry::fromPath(cpath);
-	res = entry ? kIOReturnSuccess : kIOReturnNotFound;
-    }
-
-    if (map_data) vm_deallocate(kernel_map, map_data, path_oolCnt);
-
-    if (KERN_SUCCESS != err) res = err;
-    *registry_entry = entry;
-    *result = res;
-
-    return (err);
-}
-
-
 /* Routine io_registry_entry_in_plane */
 kern_return_t is_io_registry_entry_in_plane(
 	io_object_t registry_entry,
@@ -2582,42 +2093,6 @@
 	return( kIOReturnBadArgument );
 }
 
-/* Routine io_registry_entry_get_path */
-kern_return_t is_io_registry_entry_get_path_ool(
-	io_object_t registry_entry,
-	io_name_t plane,
-	io_string_inband_t path,
-	io_buf_ptr_t *path_ool,
-	mach_msg_type_number_t *path_oolCnt)
-{
-    enum   { kMaxPath = 16384 };
-    IOReturn err;
-    int      length;
-    char   * buf;
-
-    CHECK( IORegistryEntry, registry_entry, entry );
-
-    *path_ool    = NULL;
-    *path_oolCnt = 0;
-    length = sizeof(io_string_inband_t);
-    if (entry->getPath(path, &length, IORegistryEntry::getPlane(plane))) err = kIOReturnSuccess;
-    else
-    {
-	length = kMaxPath;
-	buf = IONew(char, length);
-	if (!buf) err = kIOReturnNoMemory;
-	else if (!entry->getPath(buf, &length, IORegistryEntry::getPlane(plane))) err = kIOReturnError;
-	else
-	{
-	    *path_oolCnt = length;
-	    err = copyoutkdata(buf, length, path_ool);
-	}
-	if (buf) IODelete(buf, char, kMaxPath);
-    }
-
-    return (err);
-}
-
 
 /* Routine io_registry_entry_get_name */
 kern_return_t is_io_registry_entry_get_name(
@@ -2683,6 +2158,25 @@
     *entry_id = entry->getRegistryEntryID();
 
     return (kIOReturnSuccess);
+}
+
+// Create a vm_map_copy_t or kalloc'ed data for memory
+// to be copied out. ipc will free after the copyout.
+
+static kern_return_t copyoutkdata( const void * data, vm_size_t len,
+                                    io_buf_ptr_t * buf )
+{
+    kern_return_t	err;
+    vm_map_copy_t	copy;
+
+    err = vm_map_copyin( kernel_map, CAST_USER_ADDR_T(data), len,
+                    false /* src_destroy */, &copy);
+
+    assert( err == KERN_SUCCESS );
+    if( err == KERN_SUCCESS )
+        *buf = (char *) copy;
+
+    return( err );
 }
 
 /* Routine io_registry_entry_get_property */
@@ -2704,11 +2198,6 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
-#if CONFIG_MACF
-    if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
-        return kIOReturnNotPermitted;
-#endif
-
     obj = entry->copyProperty(property_name);
     if( !obj)
         return( kIOReturnNoResources );
@@ -2766,11 +2255,6 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
-#if CONFIG_MACF
-    if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
-        return kIOReturnNotPermitted;
-#endif
-
     obj = entry->copyProperty(property_name);
     if( !obj)
         return( kIOReturnNotFound );
@@ -2780,6 +2264,7 @@
         obj->release();
 	return( kIOReturnNoMemory );
     }
+    s->clearText();
 
     if( obj->serialize( s )) {
         len = s->getLength();
@@ -2810,11 +2295,6 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
-#if CONFIG_MACF
-    if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
-        return kIOReturnNotPermitted;
-#endif
-
     obj = entry->copyProperty( property_name,
                                IORegistryEntry::getPlane( plane ), options);
     if( !obj)
@@ -2826,6 +2306,8 @@
 	return( kIOReturnNoMemory );
     }
 
+    s->clearText();
+
     if( obj->serialize( s )) {
         len = s->getLength();
         *propertiesCnt = len;
@@ -2839,43 +2321,6 @@
 
     return( err );
 }
-
-#if CONFIG_MACF
-
-static kern_return_t
-filteredProperties(IORegistryEntry *entry, OSDictionary *properties, OSDictionary **filteredp)
-{
-    kern_return_t	err = 0;
-    OSDictionary	*filtered = NULL;
-    OSCollectionIterator *iter = NULL;
-    OSSymbol		*key;
-    OSObject		*p;
-    kauth_cred_t	cred = kauth_cred_get();
-
-    if (properties == NULL)
-	return kIOReturnUnsupported;
-
-    if ((iter = OSCollectionIterator::withCollection(properties)) == NULL ||
-        (filtered = OSDictionary::withCapacity(properties->getCapacity())) == NULL) {
-	err = kIOReturnNoMemory;
-	goto out;
-    }
-
-    while ((p = iter->getNextObject()) != NULL) {
-	if ((key = OSDynamicCast(OSSymbol, p)) == NULL ||
-	    mac_iokit_check_get_property(cred, entry, key->getCStringNoCopy()) != 0)
-	    continue;
-	filtered->setObject(key, properties->getObject(key));
-    }
-
-out:
-    if (iter != NULL)
-	iter->release();
-    *filteredp = filtered;
-    return err;
-}
-
-#endif
 
 /* Routine io_registry_entry_get_properties */
 kern_return_t is_io_registry_entry_get_properties(
@@ -2883,7 +2328,7 @@
 	io_buf_ptr_t *properties,
 	mach_msg_type_number_t *propertiesCnt )
 {
-    kern_return_t	err = 0;
+    kern_return_t	err;
     vm_size_t 		len;
 
     CHECK( IORegistryEntry, registry_entry, entry );
@@ -2892,170 +2337,20 @@
     if( !s)
 	return( kIOReturnNoMemory );
 
-    if (!entry->serializeProperties(s))
-	err = kIOReturnUnsupported;
-
-#if CONFIG_MACF
-    if (!err && mac_iokit_check_filter_properties(kauth_cred_get(), entry)) {
-	OSObject *propobj = OSUnserializeXML(s->text(), s->getLength());
-	OSDictionary *filteredprops = NULL;
-	err = filteredProperties(entry, OSDynamicCast(OSDictionary, propobj), &filteredprops);
-	if (propobj) propobj->release();
-
-	if (!err) {
-	    s->clearText();
-	    if (!filteredprops->serialize(s))
-		err = kIOReturnUnsupported;
-	}
-	if (filteredprops != NULL)
-	    filteredprops->release();
-    }
-#endif /* CONFIG_MACF */
-
-    if (!err) {
-	len = s->getLength();
-	*propertiesCnt = len;
-	err = copyoutkdata( s->text(), len, properties );
-    }
-
-    s->release();
-    return( err );
-}
-
-#if CONFIG_MACF
-
-struct GetPropertiesEditorRef
-{
-    kauth_cred_t      cred;
-    IORegistryEntry * entry;
-    OSCollection    * root;
-};
-
-static const OSMetaClassBase *
-GetPropertiesEditor(void                  * reference,
-					OSSerialize           * s, 
-					OSCollection          * container, 
-					const OSSymbol        * name,
-					const OSMetaClassBase * value)
-{
-    GetPropertiesEditorRef * ref = (typeof(ref)) reference;
-
-    if (!ref->root) ref->root = container;
-    if (ref->root == container)
-	{
-		if (0 != mac_iokit_check_get_property(ref->cred, ref->entry, name->getCStringNoCopy())) 
-		{
-			value = 0;
-		}
-	}
-	if (value) value->retain();
-    return (value);
-}
-
-#endif /* CONFIG_MACF */
-
-/* Routine io_registry_entry_get_properties */
-kern_return_t is_io_registry_entry_get_properties_bin(
-	io_object_t registry_entry,
-	io_buf_ptr_t *properties,
-	mach_msg_type_number_t *propertiesCnt)
-{
-    kern_return_t	       err = kIOReturnSuccess;
-    vm_size_t 		       len;
-    OSSerialize          * s;
-    OSSerialize::Editor    editor = 0;
-    void                 * editRef = 0;
-
-    CHECK(IORegistryEntry, registry_entry, entry);
-
-#if CONFIG_MACF
-    GetPropertiesEditorRef ref;
-    if (mac_iokit_check_filter_properties(kauth_cred_get(), entry))
-    {
-    	editor    = &GetPropertiesEditor;
-    	editRef   = &ref;
-    	ref.cred  = kauth_cred_get();
-    	ref.entry = entry;
-    	ref.root  = 0;
-    }
-#endif
-
-    s = OSSerialize::binaryWithCapacity(4096, editor, editRef);
-    if (!s) return (kIOReturnNoMemory);
-
-    if (!entry->serializeProperties(s)) err = kIOReturnUnsupported;
-
-    if (kIOReturnSuccess == err)
-    {
-		len = s->getLength();
-		*propertiesCnt = len;
-		err = copyoutkdata(s->text(), len, properties);
-    }
-    s->release();
-
-    return (err);
-}
-
-/* Routine io_registry_entry_get_property_bin */
-kern_return_t is_io_registry_entry_get_property_bin(
-	io_object_t registry_entry,
-	io_name_t plane,
-	io_name_t property_name,
-	uint32_t options,
-	io_buf_ptr_t *properties,
-	mach_msg_type_number_t *propertiesCnt )
-{
-    kern_return_t	err;
-    vm_size_t 		len;
-    OSObject *		obj;
-    const OSSymbol *    sym;
-
-    CHECK( IORegistryEntry, registry_entry, entry );
-
-#if CONFIG_MACF
-    if (0 != mac_iokit_check_get_property(kauth_cred_get(), entry, property_name))
-        return kIOReturnNotPermitted;
-#endif
-
-    if ((kIORegistryIterateRecursively & options) && plane[0])
-    {
-	obj = entry->copyProperty(property_name,
-				  IORegistryEntry::getPlane(plane), options);
-    }
-    else
-    {
-	obj = entry->copyProperty(property_name);
-    }
-
-    if( !obj)
-        return( kIOReturnNotFound );
-
-    sym = OSSymbol::withCString(property_name);
-    if (sym)
-    {
-        if (gIORemoveOnReadProperties->containsObject(sym)) entry->removeProperty(sym);
-        sym->release();
-    }
-
-    OSSerialize * s = OSSerialize::binaryWithCapacity(4096);
-    if( !s) {
-        obj->release();
-	return( kIOReturnNoMemory );
-    }
-
-    if( obj->serialize( s )) {
+    s->clearText();
+
+    if( entry->serializeProperties( s )) {
         len = s->getLength();
         *propertiesCnt = len;
         err = copyoutkdata( s->text(), len, properties );
 
-    } else err = kIOReturnUnsupported; 
+    } else
+        err = kIOReturnUnsupported;
 
     s->release();
-    obj->release();
 
     return( err );
 }
-
 
 /* Routine io_registry_entry_set_properties */
 kern_return_t is_io_registry_entry_set_properties
@@ -3073,16 +2368,13 @@
 
     CHECK( IORegistryEntry, registry_entry, entry );
 
-    if( propertiesCnt > sizeof(io_struct_inband_t) * 1024)
-        return( kIOReturnMessageTooLarge);
-
     err = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) properties );
     data = CAST_DOWN(vm_offset_t, map_data);
 
     if( KERN_SUCCESS == err) {
 
         // must return success after vm_map_copyout() succeeds
-        obj = OSUnserializeXML( (const char *) data, propertiesCnt );
+        obj = OSUnserializeXML( (const char *) data );
 	vm_deallocate( kernel_map, data, propertiesCnt );
 
 	if (!obj)
@@ -3090,15 +2382,10 @@
 #if CONFIG_MACF
 	else if (0 != mac_iokit_check_set_properties(kauth_cred_get(),
 	    registry_entry, obj))
-	{
 	    res = kIOReturnNotPermitted;
-	}
 #endif
 	else
-	{
-	    res = entry->setProperties( obj );
-	}
-
+            res = entry->setProperties( obj );
 	if (obj)
 	    obj->release();
     } else
@@ -3188,35 +2475,6 @@
     CHECK( IOService, _service, service );
 
     return( service->requestProbe( options ));
-}
-
-/* Routine io_service_get_authorization_id */
-kern_return_t is_io_service_get_authorization_id(
-	io_object_t _service,
-	uint64_t *authorization_id )
-{
-    kern_return_t	   kr;
-
-    CHECK( IOService, _service, service );
-
-    kr = IOUserClient::clientHasPrivilege( (void *) current_task(),
-                                            kIOClientPrivilegeAdministrator );
-    if( kIOReturnSuccess != kr)
-        return( kr );
-
-    *authorization_id = service->getAuthorizationID();
-
-    return( kr );
-}
-
-/* Routine io_service_set_authorization_id */
-kern_return_t is_io_service_set_authorization_id(
-	io_object_t _service,
-	uint64_t authorization_id )
-{
-    CHECK( IOService, _service, service );
-
-    return( service->setAuthorizationID( authorization_id ) );
 }
 
 /* Routine io_service_open_ndr */
@@ -3239,8 +2497,6 @@
 
     CHECK( IOService, _service, service );
 
-    if (!owningTask) return (kIOReturnBadArgument);
-
     do
     {
 	if (properties)
@@ -3249,16 +2505,13 @@
 	    vm_offset_t     data;
 	    vm_map_offset_t map_data;
 
-	    if( propertiesCnt > sizeof(io_struct_inband_t))
-		return( kIOReturnMessageTooLarge);
-
 	    err = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t) properties );
 	    res = err;
 	    data = CAST_DOWN(vm_offset_t, map_data);
 	    if (KERN_SUCCESS == err)
 	    {
 		// must return success after vm_map_copyout() succeeds
-		obj = OSUnserializeXML( (const char *) data, propertiesCnt );
+		obj = OSUnserializeXML( (const char *) data );
 		vm_deallocate( kernel_map, data, propertiesCnt );
 		propertiesDict = OSDynamicCast(OSDictionary, obj);
 		if (!propertiesDict)
@@ -3313,14 +2566,12 @@
 		break;
 	    }
 	    client->sharedInstance = (0 != client->getProperty(kIOUserClientSharedInstanceKey));
-	    client->closed = false;
 	    OSString * creatorName = IOCopyLogNameForPID(proc_selfpid());
 	    if (creatorName)
 	    {
 		client->setProperty(kIOUserClientCreatorKey, creatorName);
 		creatorName->release();
 	    }
-	    client->setTerminateDefer(service, false);
 	}
     }
     while (false);
@@ -3342,16 +2593,7 @@
     CHECK( IOUserClient, connection, client );
 
     IOStatisticsClientCall();
-
-    if (client->sharedInstance || OSCompareAndSwap8(0, 1, &client->closed)) 
-    {
-	client->clientClose();
-    }
-    else
-    {
-	IOLog("ignored is_io_service_close(0x%qx,%s)\n", 
-		client->getRegistryEntryID(), client->getName());
-    }
+    client->clientClose();
 
     return( kIOReturnSuccess );
 }
@@ -3418,8 +2660,6 @@
 
     CHECK( IOUserClient, connection, client );
 
-    if (!into_task) return (kIOReturnBadArgument);
-
     IOStatisticsClientCall();
     map = client->mapClientMemory64( memory_type, into_task, flags, *address );
 
@@ -3435,6 +2675,7 @@
 	    mach_port_name_t name __unused =
 		IOMachPort::makeSendRightForTask(
                                     into_task, map, IKOT_IOKIT_OBJECT );
+            assert( name );
 
         } else {
             // keep it with the user client
@@ -3459,8 +2700,8 @@
 	io_object_t     connect,
 	uint32_t	type,
 	task_t		task,
-	uint32_t  *	mapAddr,
-	uint32_t  *	mapSize,
+	vm_address_t *	mapAddr,
+	vm_size_t    *	mapSize,
 	uint32_t	flags )
 {
     IOReturn	      err;
@@ -3523,8 +2764,6 @@
     IOMemoryMap *	map;
 
     CHECK( IOUserClient, connection, client );
-
-    if (!from_task) return (kIOReturnBadArgument);
 
     IOStatisticsClientCall();
     err = client->clientMemoryForType( (UInt32) memory_type, &options, &memory );
@@ -3568,7 +2807,7 @@
 	io_object_t     connect,
 	uint32_t	type,
 	task_t		task,
-	uint32_t 	mapAddr )
+	vm_address_t 	mapAddr )
 {
     IOReturn		err;
     mach_vm_address_t   address;
@@ -3653,7 +2892,6 @@
 
     args.scalarOutput = scalar_output;
     args.scalarOutputCount = *scalar_outputCnt;
-    bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
     args.structureOutput = inband_output;
     args.structureOutputSize = *inband_outputCnt;
     args.structureOutputDescriptor = NULL;
@@ -3746,7 +2984,6 @@
 
     args.scalarOutput = scalar_output;
     args.scalarOutputCount = *scalar_outputCnt;
-    bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
     args.structureOutput = inband_output;
     args.structureOutputSize = *inband_outputCnt;
 
@@ -3829,7 +3066,6 @@
 
     args.scalarOutput = scalar_output;
     args.scalarOutputCount = *scalar_outputCnt;
-    bzero(&scalar_output[0], *scalar_outputCnt * sizeof(scalar_output[0]));
     args.structureOutput = inband_output;
     args.structureOutputSize = *inband_outputCnt;
 
@@ -3873,7 +3109,6 @@
     mach_msg_type_number_t struct_outputCnt = 0;
     mach_vm_size_t ool_output_size = 0;
 
-    bzero(&_output[0], sizeof(_output));
     for (i = 0; i < inputCount; i++)
 	_input[i] = SCALAR64(input[i]);
 	
@@ -3904,7 +3139,6 @@
     IOReturn 		err;
     err = kIOReturnBadArgument;
 
-    bzero(&_output[0], sizeof(_output));
     do {
 
 	if( inputCount != method->count0)
@@ -3986,7 +3220,6 @@
     io_scalar_inband64_t _output;
     io_async_ref64_t _reference;
 
-    bzero(&_output[0], sizeof(_output));
     for (i = 0; i < referenceCnt; i++)
 	_reference[i] = REF64(reference[i]);
 
@@ -4133,7 +3366,6 @@
     IOReturn 		err;
     io_async_ref_t	reference;
 
-    bzero(&_output[0], sizeof(_output));
     for (i = 0; i < asyncReferenceCount; i++)
 	reference[i] = REF32(asyncReference[i]);
 
@@ -4422,7 +3654,8 @@
 
     do
     {
-	if (inputCount != method->count0)
+	if( (kIOUCVariableStructureSize != method->count0)
+		&& (inputCount != method->count0))
 	{
 	    IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
 	    continue;
@@ -4446,25 +3679,25 @@
 	    case 4:
 		err = (object->*func)( ARG32(input[0]), ARG32(input[1]), (void *)  input[2],
 					ARG32(input[3]),
-					inputStruct, (void *)(uintptr_t)inputStructCount );
+					inputStruct, (void *)inputStructCount );
 		break;
 	    case 3:
 		err = (object->*func)( ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
-					inputStruct, (void *)(uintptr_t)inputStructCount,
+					inputStruct, (void *)inputStructCount,
 					0 );
 		break;
 	    case 2:
 		err = (object->*func)( ARG32(input[0]), ARG32(input[1]),
-					inputStruct, (void *)(uintptr_t)inputStructCount,
+					inputStruct, (void *)inputStructCount,
 					0, 0 );
 		break;
 	    case 1:
 		err = (object->*func)( ARG32(input[0]),
-					inputStruct, (void *)(uintptr_t)inputStructCount,
+					inputStruct, (void *)inputStructCount,
 					0, 0, 0 );
 		break;
 	    case 0:
-		err = (object->*func)( inputStruct, (void *)(uintptr_t)inputStructCount,
+		err = (object->*func)( inputStruct, (void *)inputStructCount,
 					0, 0, 0, 0 );
 		break;
 
@@ -4498,7 +3731,8 @@
 
     do
     {
-	if (inputCount != method->count0)
+	if( (kIOUCVariableStructureSize != method->count0)
+		&& (inputCount != method->count0))
 	{
 	    IOLog("%s: IOUserClient inputCount count mismatch\n", object->getName());
 	    continue;
@@ -4524,29 +3758,29 @@
                 err = (object->*func)(	reference,
                                         ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
                                         ARG32(input[3]),
-                                        inputStruct, (void *)(uintptr_t)inputStructCount );
+                                        inputStruct, (void *)inputStructCount );
                 break;
             case 3:
                 err = (object->*func)(	reference,
                                         ARG32(input[0]), ARG32(input[1]), ARG32(input[2]),
-                                        inputStruct, (void *)(uintptr_t)inputStructCount,
+                                        inputStruct, (void *)inputStructCount,
                                         0 );
                 break;
             case 2:
                 err = (object->*func)(	reference,
                                         ARG32(input[0]), ARG32(input[1]),
-                                        inputStruct, (void *)(uintptr_t)inputStructCount,
+                                        inputStruct, (void *)inputStructCount,
                                         0, 0 );
                 break;
             case 1:
                 err = (object->*func)(	reference,
                                         ARG32(input[0]),
-                                        inputStruct, (void *)(uintptr_t)inputStructCount,
+                                        inputStruct, (void *)inputStructCount,
                                         0, 0, 0 );
                 break;
             case 0:
                 err = (object->*func)(	reference,
-                                        inputStruct, (void *)(uintptr_t)inputStructCount,
+                                        inputStruct, (void *)inputStructCount,
                                         0, 0, 0, 0 );
                 break;
 
@@ -4611,12 +3845,12 @@
 	if( method->count1) {
 	    if( method->count0) {
 		err = (object->*func)( input, output,
-					(void *)(uintptr_t)inputCount, outputCount, 0, 0 );
+					(void *)inputCount, outputCount, 0, 0 );
 	    } else {
 		err = (object->*func)( output, outputCount, 0, 0, 0, 0 );
 	    }
 	} else {
-		err = (object->*func)( input, (void *)(uintptr_t)inputCount, 0, 0, 0, 0 );
+		err = (object->*func)( input, (void *)inputCount, 0, 0, 0, 0 );
 	}
     }
     while( false);
@@ -4666,14 +3900,14 @@
             if( method->count0) {
                 err = (object->*func)( reference,
                                        input, output,
-                                        (void *)(uintptr_t)inputCount, outputCount, 0, 0 );
+                                        (void *)inputCount, outputCount, 0, 0 );
             } else {
                 err = (object->*func)( reference,
                                        output, outputCount, 0, 0, 0, 0 );
             }
         } else {
                 err = (object->*func)( reference,
-                                       input, (void *)(uintptr_t)inputCount, 0, 0, 0, 0 );
+                                       input, (void *)inputCount, 0, 0, 0, 0 );
         }
     }
     while( false);
@@ -4709,9 +3943,6 @@
     if (inData) {
         vm_map_offset_t map_data;
 
-        if( inDataCount > sizeof(io_struct_inband_t) * 1024)
-            return( kIOReturnMessageTooLarge);
-
         kr = vm_map_copyout( kernel_map, &map_data, (vm_map_copy_t)inData);
 		data = CAST_DOWN(vm_offset_t, map_data);
 
@@ -4721,7 +3952,7 @@
         // must return success after vm_map_copyout() succeeds
 
         if( inDataCount ) {
-            obj = (OSObject *)OSUnserializeXML((const char *)data, inDataCount);
+            obj = (OSObject *)OSUnserializeXML((const char *)data);
             vm_deallocate( kernel_map, data, inDataCount );
             if( !obj) {
                 *result = kIOReturnNoMemory;
@@ -4737,7 +3968,7 @@
 
                 array = OSDynamicCast(OSArray, obj);
                 if (array) {
-                   if ( !gIOCatalogue->resetAndAddDrivers(array,
+                    if ( !gIOCatalogue->resetAndAddDrivers(array, 
                         flag == kIOCatalogResetDrivers) ) {
 
                         kr = kIOReturnError;
@@ -4918,6 +4149,8 @@
     if ( !s )
         return kIOReturnNoMemory;
 
+    s->clearText();
+
     kr = gIOCatalogue->serializeData(flag, s);
 
     if ( kr == kIOReturnSuccess ) {
@@ -5020,7 +4253,7 @@
             }
         }
 
-	iokit_remove_connect_reference(userClient);
+        userClient->release();
     }
 
     return result;
@@ -5087,13 +4320,14 @@
     if (args->asyncWakePort)
     {
 	IOExternalAsyncMethod *	method;
-	object = 0;
-	if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) || !object )
+
+	if( !(method = getAsyncTargetAndMethodForIndex(&object, selector)) )
 	    return (kIOReturnUnsupported);
 
     if (kIOUCForegroundOnly & method->flags)
     {
-	if (task_is_gpu_denied(current_task()))
+	/* is graphics access denied for current task? */
+	if (proc_get_task_selfgpuacc_deny() != 0) 
             return (kIOReturnNotPermitted);
     }
 
@@ -5136,14 +4370,16 @@
     else
     {
 	IOExternalMethod *	method;
-	object = 0;
-	if( !(method = getTargetAndMethodForIndex(&object, selector)) || !object )
+
+	if( !(method = getTargetAndMethodForIndex(&object, selector)) )
 	    return (kIOReturnUnsupported);
 
     if (kIOUCForegroundOnly & method->flags)
     {
-	if (task_is_gpu_denied(current_task()))
+	/* is graphics access denied for current task? */
+	if (proc_get_task_selfgpuacc_deny() != 0) 
             return (kIOReturnNotPermitted);
+    
     }
 
 	switch (method->flags & kIOUCTypeMask)
@@ -5183,6 +4419,7 @@
 
     return (err);
 }
+
 
 #if __LP64__
 OSMetaClassDefineReservedUnused(IOUserClient, 0);