MacOS: Difference between revisions
| [unchecked revision] | [unchecked revision] |
(Minor fixes.) |
Netbsduser (talk | contribs) (Correct mistaken claims about the architecture of XNU.) |
||
| (7 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
{{stub}} |
{{stub}} |
||
XNU (acronym for "X is Not Unix") is a [[ |
XNU (acronym for "X is Not Unix") is a [[Monolithic Kernel|monolithic kernel]] used in macOS. It is based on OSF/MK, a derivative of [[wikipedia:Mach (kernel)|Mach]] 3.0, and on [[wikipedia:Berkeley_Software_Distribution|4.4BSD]]. It was developed for macOS as a work-alike to replace the the Mach 2.5-derived kernel used in NeXTStep operating system; when Apple purchased NeXT, they opted to use NeXTStep as a technological basis to replace the obsolete classic Mac OS (Mac OS 9 and older), which had poor memory protection and cooperative multitasking. |
||
macOS is Apple's partly proprietary operating system for Macintosh computers, which can run on many modern x86-64 computers; it also has a mobile version, iOS, and other specialised editions: tvOS and watchOS. |
|||
Darwin is |
Darwin is the term for the core BSD UNIX system which macOS builds atop. |
||
== Features == |
== Features == |
||
XNU as a derivative of 4.4BSD inherits most of its features, as well as some features imported from other BSD systems such as FreeBSD. Features of BSD heritage include: |
|||
XNU inherits some BSD features: |
|||
* POSIX system calls; |
* POSIX system calls and the various BSD extensions; |
||
* the [[Wikipedia:Kqueue|kqueue]] event multiplexing system, a later import from FreeBSD; |
|||
* some BSD extensions; |
|||
* Mandatory Access Control (MAC). |
* [[wikipedia:Mandatory_access_control|Mandatory Access Control (MAC)]], developed through the TrustedBSD project in collaboration with FreeBSD. |
||
And XNU and OS X introduce a lot of specific features, including: |
|||
* own sandboxing system; |
* own sandboxing system; |
||
* own file system hierarchy (with [[wikipedia:Filesystem_Hierarchy_Standard|FHS]] preserved); |
* own file system hierarchy (with [[wikipedia:Filesystem_Hierarchy_Standard|FHS]] preserved); |
||
| Line 20: | Line 20: | ||
* OpenDirectory, an authentification system; |
* OpenDirectory, an authentification system; |
||
* SystemConfiguration, a modular configuration mechanism; |
* SystemConfiguration, a modular configuration mechanism; |
||
* [https://developer.apple.com/library/ios/documentation/System/Conceptual/ManPages_iPhoneOS/man3/asl.3.html Apple System Log (ASL)]; |
|||
* Apple System Log (ASL); |
|||
* [[wikipedia:AppleScript|AppleScript]]; |
|||
* Apple Script; |
|||
* notifyd and distnoted, notification (IPC) mechanisms; |
* notifyd and distnoted, notification ([[Message_Passing|IPC]]) mechanisms; |
||
* launchd, |
* [[wikipedia:launchd|launchd]], a system initialisation and service management system' |
||
* Mach APIs; |
* Mach APIs; |
||
* the I/O Kit, an object-oriented drivers framework; |
|||
* IOKit framework, which allows interfacing with kernel mode drivers for user space programs; |
|||
* and more. |
* and more. |
||
| Line 39: | Line 39: | ||
==== Sandboxing ==== |
==== Sandboxing ==== |
||
This feature is present in both OS X and iOS, but in iOS it is much harder. In fact, it is a jail, which places applications inside their own environment, from which they can only access their own root. More about app sandbox |
This feature is present in both OS X and iOS, but in iOS it is much harder. In fact, it is a jail, which places applications inside their own environment, from which they can only access their own root. More about app sandbox [https://developer.apple.com/library/mac/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html here]. |
||
== |
== Kernel Design == |
||
TODO |
|||
macOS is derived from the OSF/MK kernel, a variant of Mach, and from 4.4BSD UNIX. Mach originated as a system which rearchitected the lowest levels of the BSD kernel <ref>Accetta et al. (1986). ''[https://cseweb.ucsd.edu/classes/wi11/cse221/papers/accetta86.pdf Mach: A New Kernel Foundation for UNIX Development]''. USENIX Summer Conference 1986. Retrieved June 25, 2024.</ref> and initially retained most of the BSD kernel as a component layered on top of the Mach primitives, thus remaining a monolithic kernel. The primary inspiration for this redesign was the Accent kernel developed at Carnegie-Mellon University. Mach made several adaptations to the Accent model to better support UNIX compatibility. NeXTSTEP forked their variant of Mach from a version in which this was the case. Later versions of Mach from version 3.0 onwards, such as OSF/MK, were [[microkernel]] systems. |
|||
| ⚫ | |||
In order to maintain similar properties to the NeXTSTEP kernel, while avoiding the use of the then-encumbered 4.3BSD UNIX source tree, Apple developed XNU on the basis of the unencumbered OSF/MK and 4.4BSD-Lite2 codebases. The resulting kernel uses the core abstractions of the Mach kernel, which include tasks, threads, ports, port sets, messages, and memory objects, as a basis on which the adapted BSD kernel provides the higher-level BSD interfaces. As the 4.4BSD code runs as an integral part of the kernel, the result is a layered [[monolithic kernel]], although the marketing term [[Hybrid Kernel]] is often used in reference to XNU. |
|||
=== Articles === |
|||
* [[Microkernel]] |
|||
| ⚫ | |||
* [[Hybrid Kernel]] |
|||
=== External Links === |
=== External Links === |
||
* http://opensource.apple.com - here you can obtain sources of all open source components. |
* http://opensource.apple.com - here you can obtain sources of all open source components. |
||
== References == |
|||
<references/> |
|||
Latest revision as of 15:32, 25 June 2024
XNU (acronym for "X is Not Unix") is a monolithic kernel used in macOS. It is based on OSF/MK, a derivative of Mach 3.0, and on 4.4BSD. It was developed for macOS as a work-alike to replace the the Mach 2.5-derived kernel used in NeXTStep operating system; when Apple purchased NeXT, they opted to use NeXTStep as a technological basis to replace the obsolete classic Mac OS (Mac OS 9 and older), which had poor memory protection and cooperative multitasking.
macOS is Apple's partly proprietary operating system for Macintosh computers, which can run on many modern x86-64 computers; it also has a mobile version, iOS, and other specialised editions: tvOS and watchOS.
Darwin is the term for the core BSD UNIX system which macOS builds atop.
Features
XNU as a derivative of 4.4BSD inherits most of its features, as well as some features imported from other BSD systems such as FreeBSD. Features of BSD heritage include:
- POSIX system calls and the various BSD extensions;
- the kqueue event multiplexing system, a later import from FreeBSD;
- Mandatory Access Control (MAC), developed through the TrustedBSD project in collaboration with FreeBSD.
And XNU and OS X introduce a lot of specific features, including:
- own sandboxing system;
- own file system hierarchy (with FHS preserved);
- Apple Events and FSEvents;
- OpenDirectory, an authentification system;
- SystemConfiguration, a modular configuration mechanism;
- Apple System Log (ASL);
- AppleScript;
- notifyd and distnoted, notification (IPC) mechanisms;
- launchd, a system initialisation and service management system'
- Mach APIs;
- the I/O Kit, an object-oriented drivers framework;
- and more.
OS X is a certified UNIX system.
Security
Code signing
OS X and iOS support code signing. In OS X it can be disabled, but in iOS it is a heavy protection mechanism, which allows only reviewed apps to be run. However, Apple sells developer and enterprise certificates which can be used to distribute malware; a user only needs to install a profile. There also were a vulnerability which allowed to install outdated profiles by resetting the date. Apple can easily block certificates.
Entitlements
An entitlement is simply a permission written for a binary; even with root access it is not possible to override them. For example, running a program which uses task_for_pid Mach call under root without the required entitlements will result in an error. Of course, entitlements are signed.
Sandboxing
This feature is present in both OS X and iOS, but in iOS it is much harder. In fact, it is a jail, which places applications inside their own environment, from which they can only access their own root. More about app sandbox here.
Kernel Design
macOS is derived from the OSF/MK kernel, a variant of Mach, and from 4.4BSD UNIX. Mach originated as a system which rearchitected the lowest levels of the BSD kernel [1] and initially retained most of the BSD kernel as a component layered on top of the Mach primitives, thus remaining a monolithic kernel. The primary inspiration for this redesign was the Accent kernel developed at Carnegie-Mellon University. Mach made several adaptations to the Accent model to better support UNIX compatibility. NeXTSTEP forked their variant of Mach from a version in which this was the case. Later versions of Mach from version 3.0 onwards, such as OSF/MK, were microkernel systems.
In order to maintain similar properties to the NeXTSTEP kernel, while avoiding the use of the then-encumbered 4.3BSD UNIX source tree, Apple developed XNU on the basis of the unencumbered OSF/MK and 4.4BSD-Lite2 codebases. The resulting kernel uses the core abstractions of the Mach kernel, which include tasks, threads, ports, port sets, messages, and memory objects, as a basis on which the adapted BSD kernel provides the higher-level BSD interfaces. As the 4.4BSD code runs as an integral part of the kernel, the result is a layered monolithic kernel, although the marketing term Hybrid Kernel is often used in reference to XNU.
See Also
External Links
- http://opensource.apple.com - here you can obtain sources of all open source components.
References
- ↑ Accetta et al. (1986). Mach: A New Kernel Foundation for UNIX Development. USENIX Summer Conference 1986. Retrieved June 25, 2024.