OSX setgid system call - which API is the correct one

Question

I'd like to use the system call setgid, to change the group ID of the current process. Trying to lookup this function, the only implementation I've found is in kern_prot.c :

/*
 * setgid
 *
 * Description: Set group ID system call
 *
 * Parameters:  uap->gid            gid to set
 ...
 ..
 .
 */

 int
 setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)
 {
 ...
 ..
 .
 }

Notice that according to /usr/unistd.h, the API is completely different (int setgid(gid_t);).

1. does int setgid(gid_t); is a wrapper of int setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)
2. Where can I find the implementation of int setgid(gid_t);?
3. Is there any option to call the implementation of setgid from kern_prot.c ?

UPDATE:

After monitoring my program with dtruss to observe system calls, it seems that calling setgid(gid_t) trigger the system call with 3 parameters setgid(0x2, 0x7F9AA3803200, 0x1000) which matches the implementation in kern_prot.c. The question is, where can i find the wrapper source code, and what library does it belongs to (maybe glibc? )

thanks ,

Answer 1

What are you looking for is not opensourced. But if you open /usr/lib/system/libsystem_kernel.dylib in the IDA:

From xnu sources:

#define SYS_setgid         181

Here 181 = 0xB5

If you check unix_syscall64 function inside bsd/dev/i386/systemcalls.c (from xnu kernel sources):

code = regs->rax & SYSCALL_NUMBER_MASK;

where SYSCALL_NUMBER_MASK is ~0xFF000000 = 0xFFFFFF (code is 32bit value):

#define SYSCALL_CLASS_SHIFT 24
#define SYSCALL_CLASS_MASK  (0xFF << SYSCALL_CLASS_SHIFT)
#define SYSCALL_NUMBER_MASK (~SYSCALL_CLASS_MASK)

so 0x20000B5 & 0xFF000000 = 0xB5 (SYS_setgid)