1 files changed, 81 insertions, 28 deletions

diff --git a/src/third_party/mac_headers/mach/vm_prot.h b/src/third_party/mac_headers/mach/vm_prot.h
index 07c2114e..b19c8e24 100644
--- a/src/third_party/mac_headers/mach/vm_prot.h
+++ b/src/third_party/mac_headers/mach/vm_prot.h
@@ -1,8 +1,8 @@
 /*
- * Copyright (c) 2000-2002 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2021 Apple Computer, Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
@@ -11,10 +11,10 @@
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -22,34 +22,34 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @OSF_COPYRIGHT@
  */
-/* 
+/*
  * Mach Operating System
  * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University
  * All Rights Reserved.
- * 
+ *
  * Permission to use, copy, modify and distribute this software and its
  * documentation is hereby granted, provided that both the copyright
  * notice and this permission notice appear in all copies of the
  * software, derivative works or modified versions, and any portions
  * thereof, and that both notices appear in supporting documentation.
- * 
+ *
  * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
  * CONDITION.  CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
  * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
- * 
+ *
  * Carnegie Mellon requests users of this software to return to
- * 
+ *
  *  Software Distribution Coordinator  or  Software.Distribution@CS.CMU.EDU
  *  School of Computer Science
  *  Carnegie Mellon University
  *  Pittsburgh PA 15213-3890
- * 
+ *
  * any improvements or extensions that they make and grant Carnegie Mellon
  * the rights to redistribute these changes.
  */
@@ -63,8 +63,8 @@
  *
  */
 
-#ifndef	_MACH_VM_PROT_H_
-#define	_MACH_VM_PROT_H_
+#ifndef _MACH_VM_PROT_H_
+#define _MACH_VM_PROT_H_
 
 /*
  *	Types defined:
@@ -72,29 +72,36 @@
  *	vm_prot_t		VM protection values.
  */
 
-typedef int		vm_prot_t;
+typedef int             vm_prot_t;
 
 /*
  *	Protection values, defined as bits within the vm_prot_t type
  */
 
-#define	VM_PROT_NONE	((vm_prot_t) 0x00)
+#define VM_PROT_NONE    ((vm_prot_t) 0x00)
 
-#define VM_PROT_READ	((vm_prot_t) 0x01)	/* read permission */
-#define VM_PROT_WRITE	((vm_prot_t) 0x02)	/* write permission */
-#define VM_PROT_EXECUTE	((vm_prot_t) 0x04)	/* execute permission */
+#define VM_PROT_READ    ((vm_prot_t) 0x01)      /* read permission */
+#define VM_PROT_WRITE   ((vm_prot_t) 0x02)      /* write permission */
+#define VM_PROT_EXECUTE ((vm_prot_t) 0x04)      /* execute permission */
 
 /*
  *	The default protection for newly-created virtual memory
  */
 
-#define VM_PROT_DEFAULT	(VM_PROT_READ|VM_PROT_WRITE)
+#define VM_PROT_DEFAULT (VM_PROT_READ|VM_PROT_WRITE)
 
 /*
  *	The maximum privileges possible, for parameter checking.
  */
 
-#define VM_PROT_ALL	(VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE)
+#define VM_PROT_ALL     (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE)
+
+/*
+ *	This is an alias to VM_PROT_EXECUTE to identify callers that
+ *	want to allocate an hardware assisted Read-only/read-write
+ *	trusted path in userland.
+ */
+#define        VM_PROT_RORW_TP                 (VM_PROT_EXECUTE)
 
 /*
  *	An invalid protection value.
@@ -103,15 +110,16 @@ typedef int		vm_prot_t;
  *	looks like VM_PROT_ALL and then some.
  */
 
-#define VM_PROT_NO_CHANGE	((vm_prot_t) 0x08)
+#define VM_PROT_NO_CHANGE_LEGACY       ((vm_prot_t) 0x08)
+#define VM_PROT_NO_CHANGE              ((vm_prot_t) 0x01000000)
 
-/* 
+/*
  *      When a caller finds that he cannot obtain write permission on a
  *      mapped entry, the following flag can be used.  The entry will
  *      be made "needs copy" effectively copying the object (using COW),
  *      and write permission will be added to the maximum protections
- *      for the associated entry. 
- */        
+ *      for the associated entry.
+ */
 
 #define VM_PROT_COPY            ((vm_prot_t) 0x10)
 
@@ -127,14 +135,59 @@ typedef int		vm_prot_t;
  *	walking down the shadow chain.
  */
 
-#define VM_PROT_WANTS_COPY	((vm_prot_t) 0x10)
+#define VM_PROT_WANTS_COPY      ((vm_prot_t) 0x10)
 
+#ifdef PRIVATE
+/*
+ *	The caller wants this memory region treated as if it had a valid
+ *	code signature.
+ */
+
+#define VM_PROT_TRUSTED         ((vm_prot_t) 0x20)
+#endif /* PRIVATE */
 
 /*
- * 	Another invalid protection value.
+ *      Another invalid protection value.
  *	Indicates that the other protection bits are to be applied as a mask
  *	against the actual protection bits of the map entry.
  */
-#define VM_PROT_IS_MASK		((vm_prot_t) 0x40)
+#define VM_PROT_IS_MASK         ((vm_prot_t) 0x40)
+
+/*
+ * Another invalid protection value to support execute-only protection.
+ * VM_PROT_STRIP_READ is a special marker that tells mprotect to not
+ * set VM_PROT_READ. We have to do it this way because existing code
+ * expects the system to set VM_PROT_READ if VM_PROT_EXECUTE is set.
+ * VM_PROT_EXECUTE_ONLY is just a convenience value to indicate that
+ * the memory should be executable and explicitly not readable. It will
+ * be ignored on platforms that do not support this type of protection.
+ */
+#define VM_PROT_STRIP_READ              ((vm_prot_t) 0x80)
+#define VM_PROT_EXECUTE_ONLY    (VM_PROT_EXECUTE|VM_PROT_STRIP_READ)
+
+#ifdef PRIVATE
+/*
+ * When using VM_PROT_COPY, fail instead of copying an executable mapping,
+ * since that could cause code-signing violations.
+ */
+#define VM_PROT_COPY_FAIL_IF_EXECUTABLE ((vm_prot_t)0x100)
+#endif /* PRIVATE */
+
+#if defined(__x86_64__)
+/*
+ * Another invalid protection value to support specifying different
+ * execute permissions for user- and supervisor- modes.  When
+ * MBE is enabled in a VM, VM_PROT_EXECUTE is used to indicate
+ * supervisor-mode execute permission, and VM_PROT_UEXEC specifies
+ * user-mode execute permission.  Currently only used by the
+ * x86 Hypervisor kext.
+ */
+#define VM_PROT_UEXEC                   ((vm_prot_t) 0x8)     /* User-mode Execute Permission */
+
+#define VM_PROT_ALLEXEC                 (VM_PROT_EXECUTE | VM_PROT_UEXEC)
+#else
+#define VM_PROT_ALLEXEC                 (VM_PROT_EXECUTE)
+#endif /* defined(__x86_64__) */
+
 
-#endif	/* _MACH_VM_PROT_H_ */
+#endif  /* _MACH_VM_PROT_H_ */
\ No newline at end of file