MacOS: Difference between revisions

From OSDev.wiki
Jump to navigation Jump to search
[unchecked revision][unchecked revision]
Content added Content deleted
(Improve the readability of the text; add some links to Wikipedia (in the text))
(Minor fixes.)
Line 1: Line 1:
{{stub}}
{{stub}}


XNU (acronym for "X is Not Unix") is a [[Hybrid Kernel]] based on [https://en.wikipedia.org/wiki/Mach_%28kernel%29 Mach] and [https://en.wikipedia.org/wiki/Berkeley_Software_Distribution BSD] which is used in OS X. It was developed to replace the obsolete classic Mac OS (Mac OS 9 and older) kernel, which had poor memory protection and cooperative multitasking.
XNU (acronym for "X is Not Unix") is a [[Hybrid Kernel|hybrid kernel]] based on [[wikipedia:Mach (kernel)|Mach]] and [[wikipedia:Berkeley_Software_Distribution|BSD]] which is used in OS X. It was developed to replace the obsolete classic Mac OS (Mac OS 9 and older) kernel, which had poor memory protection and cooperative multitasking.


Mac OS X (or just "OS X") is an Apple's half-proprietary operating system for Macintosh computers, which is, in fact, able to be run on any modern x86-64 computer; it also has a mobile version, iOS.
Mac OS X (or just "OS X") is an Apple's half-proprietary operating system for Macintosh computers, which is, in fact, able to be run on any modern x86-64 computer; it also has a mobile version, iOS.


Darwin is the core open source components of OS X and iOS.
Darwin is a distribution of core open source components of OS X and iOS.


== Features ==
== Features ==
Line 16: Line 16:
But it is wrong to classify XNU as a BSD flavor like FreeBSD. XNU and OS X introduce a lot of specific features, including:
But it is wrong to classify XNU as a BSD flavor like FreeBSD. XNU and OS X introduce a lot of specific features, including:
* own sandboxing system;
* own sandboxing system;
* own file system hierarchy (with [https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard FHS] preserved);
* own file system hierarchy (with [[wikipedia:Filesystem_Hierarchy_Standard|FHS]] preserved);
* Apple Events and FSEvents;
* Apple Events and FSEvents;
* OpenDirectory, an authentification system;
* OpenDirectory, an authentification system;

Revision as of 14:37, 2 May 2015

This page is a stub.
You can help the wiki by accurately adding more contents to it.

XNU (acronym for "X is Not Unix") is a hybrid kernel based on Mach and BSD which is used in OS X. It was developed to replace the obsolete classic Mac OS (Mac OS 9 and older) kernel, which had poor memory protection and cooperative multitasking.

Mac OS X (or just "OS X") is an Apple's half-proprietary operating system for Macintosh computers, which is, in fact, able to be run on any modern x86-64 computer; it also has a mobile version, iOS.

Darwin is a distribution of core open source components of OS X and iOS.

Features

XNU inherits some BSD features:

  • POSIX system calls;
  • some BSD extensions;
  • Mandatory Access Control (MAC).

But it is wrong to classify XNU as a BSD flavor like FreeBSD. XNU and OS X introduce a lot of specific features, including:

  • own sandboxing system;
  • own file system hierarchy (with FHS preserved);
  • Apple Events and FSEvents;
  • OpenDirectory, an authentification system;
  • SystemConfiguration, a modular configuration mechanism;
  • Apple System Log (ASL);
  • Apple Script;
  • notifyd and distnoted, notification (IPC) mechanisms;
  • launchd, an initialization system, network manager and other things all-in-one;
  • Mach APIs;
  • IOKit framework, which allows interfacing with kernel mode drivers for user space programs;
  • and more.

OS X is a certified UNIX system.

Security

Code signing

OS X and iOS support code signing. In OS X it can be disabled, but in iOS it is a heavy protection mechanism, which allows only reviewed apps to be run. However, Apple sells developer and enterprise certificates which can be used to distribute malware; a user only needs to install a profile. There also were a vulnerability which allowed to install outdated profiles by resetting the date. Apple can easily block certificates.

Entitlements

An entitlement is simply a permission written for a binary; even with root access it is not possible to override them. For example, running a program which uses task_for_pid Mach call under root without the required entitlements will result in an error. Of course, entitlements are signed.

Sandboxing

This feature is present in both OS X and iOS, but in iOS it is much harder. In fact, it is a jail, which places applications inside their own environment, from which they can only access their own root. More about app sandbox [[1]].

Hybrid Kernel Design

TODO

See Also

Articles

External Links