MacOS

From OSDev.wiki
Revision as of 22:04, 9 July 2016 by Roman (talk | contribs) (Apple has renamed it)
Jump to navigation Jump to search
This page is a stub.
You can help the wiki by accurately adding more contents to it.

XNU (acronym for "X is Not Unix") is a hybrid kernel based on Mach and BSD which is used in OS X. It was developed to replace the obsolete classic Mac OS (Mac OS 9 and older) kernel, which had poor memory protection and cooperative multitasking.

macOS is an Apple's mostly proprietary operating system for Macintosh computers, which is, in fact, able to be run on any modern x86-64 computer; it also has a mobile version, iOS, and other specialised editions: tvOS and watchOS.

Darwin is a distribution of core open source components of OS X and iOS.

Features

XNU inherits some BSD features:

But it is wrong to classify XNU as a BSD flavor like FreeBSD. XNU and OS X introduce a lot of specific features, including:

  • own sandboxing system;
  • own file system hierarchy (with FHS preserved);
  • Apple Events and FSEvents;
  • OpenDirectory, an authentification system;
  • SystemConfiguration, a modular configuration mechanism;
  • Apple System Log (ASL);
  • AppleScript;
  • notifyd and distnoted, notification (IPC) mechanisms;
  • launchd, an initialization system, network manager and other things all-in-one;
  • Mach APIs;
  • IOKit framework, which allows interfacing with kernel mode drivers for user space programs;
  • and more.

OS X is a certified UNIX system.

Security

Code signing

OS X and iOS support code signing. In OS X it can be disabled, but in iOS it is a heavy protection mechanism, which allows only reviewed apps to be run. However, Apple sells developer and enterprise certificates which can be used to distribute malware; a user only needs to install a profile. There also were a vulnerability which allowed to install outdated profiles by resetting the date. Apple can easily block certificates.

Entitlements

An entitlement is simply a permission written for a binary; even with root access it is not possible to override them. For example, running a program which uses task_for_pid Mach call under root without the required entitlements will result in an error. Of course, entitlements are signed.

Sandboxing

This feature is present in both OS X and iOS, but in iOS it is much harder. In fact, it is a jail, which places applications inside their own environment, from which they can only access their own root. More about app sandbox here.

Hybrid Kernel Design

TODO

See Also

Articles

External Links

Retrieved from "https://osdev.wiki/wiki/MacOS?oldid=16847"