_kernelrpc_mach_port_allocate_trap

Point d'entrée trap qui implémente mach_port_allocate — crée un nouveau droit de port du type demandé dans l'espace IPC d'un task.

Prototype

kern_return_t _kernelrpc_mach_port_allocate_trap(/* 3 args */);

Retour: kern_return_t

Historique des versions

XNU tag	macOS	#
xnu-2050.18.24	macOS 10.8 Mountain Lion	-16
xnu-2422.115.4	macOS 10.9 Mavericks	-16
xnu-2782.40.9	macOS 10.10 Yosemite	-16
xnu-3247.1.106	macOS 10.11 El Capitan	-16
xnu-3789.1.32	macOS 10.12 Sierra	-16
xnu-4570.1.46	macOS 10.13 High Sierra	-16
xnu-4903.221.2	macOS 10.14 Mojave	-16
xnu-6153.11.26	macOS 10.15 Catalina	-16
xnu-7195.50.7.100.1	macOS 11.0 Big Sur	-16
xnu-8019.41.5	macOS 12.0 Monterey	-16
xnu-8792.41.9	macOS 13.0 Ventura	-16
xnu-10002.1.13	macOS 14.0 Sonoma	-16
xnu-11215.1.10	macOS 15.0 Sequoia	-16
xnu-11417.101.15	macOS 15.4 Sequoia	-16
xnu-12377.1.9	macOS 26.0 Tahoe	-16
xnu-10002.41.9	—	-16
xnu-10002.61.3	—	-16
xnu-10002.81.5	—	-16
xnu-10063.101.15	—	-16
xnu-10063.121.3	—	-16
xnu-10063.141.1	—	-16
xnu-11215.41.3	—	-16
xnu-11215.61.5	—	-16
xnu-11215.81.4	—	-16
xnu-11417.121.6	—	-16
xnu-11417.140.69	—	-16
xnu-12377.101.15	—	-16
xnu-12377.41.6	—	-16
xnu-12377.61.12	—	-16
xnu-12377.81.4	—	-16
xnu-2050.22.13	—	-16
xnu-2050.24.15	—	-16
xnu-2050.48.11	—	-16
xnu-2050.7.9	—	-16
xnu-2050.9.2	—	-16
xnu-2422.1.72	—	-16
xnu-2422.100.13	—	-16
xnu-2422.110.17	—	-16
xnu-2422.90.20	—	-16
xnu-2782.1.97	—	-16
xnu-2782.10.72	—	-16
xnu-2782.20.48	—	-16
xnu-2782.30.5	—	-16
xnu-3247.10.11	—	-16
xnu-3248.20.55	—	-16
xnu-3248.30.4	—	-16
xnu-3248.40.184	—	-16
xnu-3248.50.21	—	-16
xnu-3248.60.10	—	-16
xnu-3789.21.4	—	-16
xnu-3789.31.2	—	-16
xnu-3789.41.3	—	-16
xnu-3789.51.2	—	-16
xnu-3789.60.24	—	-16
xnu-3789.70.16	—	-16
xnu-4570.20.62	—	-16
xnu-4570.31.3	—	-16
xnu-4570.41.2	—	-16
xnu-4570.51.1	—	-16
xnu-4570.61.1	—	-16
xnu-4570.71.2	—	-16
xnu-4903.231.4	—	-16
xnu-4903.241.1	—	-16
xnu-4903.270.47	—	-16
xnu-6153.101.6	—	-16
xnu-6153.121.1	—	-16
xnu-6153.141.1	—	-16
xnu-6153.41.3	—	-16
xnu-6153.61.1	—	-16
xnu-6153.81.5	—	-16
xnu-7195.101.1	—	-16
xnu-7195.121.3	—	-16
xnu-7195.141.2	—	-16
xnu-7195.60.75	—	-16
xnu-7195.81.3	—	-16
xnu-8019.61.5	—	-16
xnu-8019.80.24	—	-16
xnu-8020.101.4	—	-16
xnu-8020.121.3	—	-16
xnu-8020.140.41	—	-16
xnu-8792.61.2	—	-16
xnu-8792.81.2	—	-16
xnu-8796.101.5	—	-16
xnu-8796.121.2	—	-16
xnu-8796.141.3	—	-16

Exemples

C — allocate a receive right via the libsyscall wrapper

mach_port_t recv;
kern_return_t kr = mach_port_allocate(mach_task_self(),
                                      MACH_PORT_RIGHT_RECEIVE,
                                      &recv);
// libsyscall routes this directly through _kernelrpc_mach_port_allocate_trap

Notes

Le stub MIG userspace mach_port_allocate appelle directement ce trap lorsque la cible est mach_task_self(), contournant la machinerie MIG pour un chemin rapide. L'argument right_type choisit MACH_PORT_RIGHT_RECEIVE, MACH_PORT_RIGHT_PORT_SET ou MACH_PORT_RIGHT_DEAD_NAME ; les receive rights sont les plus fréquents puisqu'ils sont la brique de tout serveur et port de réponse. Chaque droit alloué compte dans le quota de la table IPC du task (actuellement 64 K noms par défaut, ajustable via task_set_port_space_limits).

Détection

Les opérations IPC Mach ne sont pas exposées par Endpoint Security. DTrace mach_trap::_kernelrpc_mach_port_allocate_trap:entry combiné à des captures périodiques de lsmp (ou task_info(TASK_EXTMOD_INFO)) constitue la surface pratique pour traquer les fuites de ports.

API associées

_kernelrpc_mach_port_deallocate_trap_kernelrpc_mach_port_construct_trap_kernelrpc_mach_port_mod_refs_trapmach_port_allocatemach_reply_port