Loading...
iokit/Kernel/IOUserClient.cpp xnu-792 xnu-792.24.17
--- xnu/xnu-792/iokit/Kernel/IOUserClient.cpp
+++ xnu/xnu-792.24.17/iokit/Kernel/IOUserClient.cpp
@@ -22,6 +22,7 @@
 
 
 #include <IOKit/IOKitServer.h>
+#include <IOKit/IOKitKeysPrivate.h>
 #include <IOKit/IOUserClient.h>
 #include <IOKit/IOService.h>
 #include <IOKit/IOService.h>
@@ -757,48 +758,75 @@
     asyncRef[kIOAsyncCalloutRefconIndex] = (natural_t) refcon;
 }
 
-IOReturn IOUserClient::clientHasPrivilege( void * securityToken,
-                                            const char * privilegeName )
-{
-    kern_return_t	   kr;
-    security_token_t	   token;
-    mach_msg_type_number_t count;
-
-    count = TASK_SECURITY_TOKEN_COUNT;
-    kr = task_info( (task_t) securityToken, TASK_SECURITY_TOKEN,
-		    (task_info_t) &token, &count );
-
-    if (KERN_SUCCESS != kr)
-    {}
-    else if (!strcmp(privilegeName, kIOClientPrivilegeAdministrator))
-    {
-	if (0 != token.val[0])
-	    kr = kIOReturnNotPrivileged;
-    }
-    else if (!strcmp(privilegeName, kIOClientPrivilegeLocalUser))
-    {
-	OSArray *      array;
-	OSDictionary * user = 0;
+inline OSDictionary * CopyConsoleUser(UInt32 uid)
+{
+	OSArray * array;
+	OSDictionary * user = 0; 
 
 	if ((array = OSDynamicCast(OSArray,
 	    IORegistryEntry::getRegistryRoot()->copyProperty(gIOConsoleUsersKey))))
 	{
 	    for (unsigned int idx = 0;
 		    (user = OSDynamicCast(OSDictionary, array->getObject(idx)));
-		    idx++)
-	    {
-		OSNumber * num;
-		if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionUIDKey)))
-		  && (token.val[0] == num->unsigned32BitValue()))
-		    break;
+		    idx++) {
+            OSNumber * num;
+            
+            if ((num = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionUIDKey)))
+              && (uid == num->unsigned32BitValue())) {
+                user->retain();
+                break;
+            }
 	    }
 	    array->release();
 	}
-	if (!user)
-	    kr = kIOReturnNotPrivileged;
-    }
+    return user;
+}
+
+IOReturn IOUserClient::clientHasPrivilege( void * securityToken,
+                                            const char * privilegeName )
+{
+    kern_return_t           kr;
+    security_token_t        token;
+    mach_msg_type_number_t  count;
+    task_t                  task;
+    OSDictionary *          user;
+    bool                    secureConsole;
+
+    if ((secureConsole = !strcmp(privilegeName, kIOClientPrivilegeSecureConsoleProcess)))
+        task = (task_t)((IOUCProcessToken *)securityToken)->token;
     else
-	kr = kIOReturnUnsupported;
+        task = (task_t)securityToken;
+    
+    count = TASK_SECURITY_TOKEN_COUNT;
+    kr = task_info( task, TASK_SECURITY_TOKEN, (task_info_t) &token, &count );
+
+    if (KERN_SUCCESS != kr)
+    {}
+    else if (!strcmp(privilegeName, kIOClientPrivilegeAdministrator)) {
+        if (0 != token.val[0])
+            kr = kIOReturnNotPrivileged;
+    } else if (!strcmp(privilegeName, kIOClientPrivilegeLocalUser)) {
+        user = CopyConsoleUser(token.val[0]);
+        if ( user )
+            user->release();
+        else
+            kr = kIOReturnNotPrivileged;            
+    } else if (secureConsole || !strcmp(privilegeName, kIOClientPrivilegeConsoleUser)) {
+        user = CopyConsoleUser(token.val[0]);
+        if ( user ) {
+            if (user->getObject(gIOConsoleSessionOnConsoleKey) != kOSBooleanTrue)
+                kr = kIOReturnNotPrivileged;
+            else if ( secureConsole ) {
+                OSNumber * pid = OSDynamicCast(OSNumber, user->getObject(gIOConsoleSessionSecureInputPIDKey));
+                if ( pid && pid->unsigned32BitValue() != ((IOUCProcessToken *)securityToken)->pid)
+                    kr = kIOReturnNotPrivileged;
+            }
+            user->release();
+        }
+        else 
+            kr = kIOReturnNotPrivileged;
+    } else
+        kr = kIOReturnUnsupported;
 
     return (kr);
 }