MacOS: Difference between revisions
[unchecked revision] | [unchecked revision] |
(Minor fixes.) |
|||
Line 12: | Line 12: | ||
* POSIX system calls; |
* POSIX system calls; |
||
* some BSD extensions; |
* some BSD extensions; |
||
* Mandatory Access Control (MAC). |
* [[wikipedia:Mandatory_access_control|Mandatory Access Control (MAC)]]. |
||
But it is wrong to classify XNU as a BSD flavor like FreeBSD. XNU and OS X introduce a lot of specific features, including: |
But it is wrong to classify XNU as a BSD flavor like FreeBSD. XNU and OS X introduce a lot of specific features, including: |
||
Line 20: | Line 20: | ||
* OpenDirectory, an authentification system; |
* OpenDirectory, an authentification system; |
||
* SystemConfiguration, a modular configuration mechanism; |
* SystemConfiguration, a modular configuration mechanism; |
||
* [https://developer.apple.com/library/ios/documentation/System/Conceptual/ManPages_iPhoneOS/man3/asl.3.html Apple System Log (ASL)]; |
|||
* Apple System Log (ASL); |
|||
* [[wikipedia:AppleScript|AppleScript]]; |
|||
* Apple Script; |
|||
* notifyd and distnoted, notification (IPC) mechanisms; |
* notifyd and distnoted, notification ([[IPC]]) mechanisms; |
||
* launchd, an initialization system, network manager and other things all-in-one; |
* [[wikipedia:launchd|launchd]], an initialization system, network manager and other things all-in-one; |
||
* Mach APIs; |
* Mach APIs; |
||
* IOKit framework, which allows interfacing with kernel mode drivers for user space programs; |
* IOKit framework, which allows interfacing with kernel mode drivers for user space programs; |
Revision as of 14:50, 2 May 2015
XNU (acronym for "X is Not Unix") is a hybrid kernel based on Mach and BSD which is used in OS X. It was developed to replace the obsolete classic Mac OS (Mac OS 9 and older) kernel, which had poor memory protection and cooperative multitasking.
Mac OS X (or just "OS X") is an Apple's half-proprietary operating system for Macintosh computers, which is, in fact, able to be run on any modern x86-64 computer; it also has a mobile version, iOS.
Darwin is a distribution of core open source components of OS X and iOS.
Features
XNU inherits some BSD features:
- POSIX system calls;
- some BSD extensions;
- Mandatory Access Control (MAC).
But it is wrong to classify XNU as a BSD flavor like FreeBSD. XNU and OS X introduce a lot of specific features, including:
- own sandboxing system;
- own file system hierarchy (with FHS preserved);
- Apple Events and FSEvents;
- OpenDirectory, an authentification system;
- SystemConfiguration, a modular configuration mechanism;
- Apple System Log (ASL);
- AppleScript;
- notifyd and distnoted, notification (IPC) mechanisms;
- launchd, an initialization system, network manager and other things all-in-one;
- Mach APIs;
- IOKit framework, which allows interfacing with kernel mode drivers for user space programs;
- and more.
OS X is a certified UNIX system.
Security
Code signing
OS X and iOS support code signing. In OS X it can be disabled, but in iOS it is a heavy protection mechanism, which allows only reviewed apps to be run. However, Apple sells developer and enterprise certificates which can be used to distribute malware; a user only needs to install a profile. There also were a vulnerability which allowed to install outdated profiles by resetting the date. Apple can easily block certificates.
Entitlements
An entitlement is simply a permission written for a binary; even with root access it is not possible to override them. For example, running a program which uses task_for_pid Mach call under root without the required entitlements will result in an error. Of course, entitlements are signed.
Sandboxing
This feature is present in both OS X and iOS, but in iOS it is much harder. In fact, it is a jail, which places applications inside their own environment, from which they can only access their own root. More about app sandbox [[1]].
Hybrid Kernel Design
TODO
See Also
Articles
External Links
- http://opensource.apple.com - here you can obtain sources of all open source components.