Subversion Repositories HelenOS

Rev

Rev 2071 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
1174 jermar 1
/*
2071 jermar 2
 * Copyright (c) 2006 Jakub Jermar
1174 jermar 3
 * All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 *
9
 * - Redistributions of source code must retain the above copyright
10
 *   notice, this list of conditions and the following disclaimer.
11
 * - Redistributions in binary form must reproduce the above copyright
12
 *   notice, this list of conditions and the following disclaimer in the
13
 *   documentation and/or other materials provided with the distribution.
14
 * - The name of the author may not be used to endorse or promote products
15
 *   derived from this software without specific prior written permission.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
 */
28
 
1888 jermar 29
/** @addtogroup generic
1702 cejka 30
 * @{
31
 */
32
 
1264 jermar 33
/**
34
 * @file    cap.c
35
 * @brief   Capabilities control.
36
 *
37
 * @see cap.h
38
 */
39
 
1174 jermar 40
#include <security/cap.h>
41
#include <proc/task.h>
42
#include <synch/spinlock.h>
1297 jermar 43
#include <syscall/sysarg64.h>
44
#include <syscall/copy.h>
1174 jermar 45
#include <arch.h>
1297 jermar 46
#include <errno.h>
1174 jermar 47
 
48
/** Set capabilities.
49
 *
50
 * @param t Task whose capabilities are to be changed.
51
 * @param caps New set of capabilities.
52
 */
53
void cap_set(task_t *t, cap_t caps)
54
{
55
    ipl_t ipl;
56
 
57
    ipl = interrupts_disable();
58
    spinlock_lock(&t->lock);
59
 
60
    t->capabilities = caps;
61
 
62
    spinlock_unlock(&t->lock);
63
    interrupts_restore(ipl);
64
}
65
 
66
/** Get capabilities.
67
 *
68
 * @param t Task whose capabilities are to be returned.
69
 * @return Task's capabilities.
70
 */
71
cap_t cap_get(task_t *t)
72
{
73
    ipl_t ipl;
74
    cap_t caps;
75
 
76
    ipl = interrupts_disable();
77
    spinlock_lock(&t->lock);
78
 
79
    caps = t->capabilities;
80
 
81
    spinlock_unlock(&t->lock);
82
    interrupts_restore(ipl);
83
 
84
    return caps;
85
}
1297 jermar 86
 
87
/** Grant capabilities to a task.
88
 *
89
 * The calling task must have the CAP_CAP capability.
90
 *
91
 * @param uspace_taskid_arg Userspace structure holding destination task ID.
92
 * @param caps Capabilities to grant.
93
 *
94
 * @return Zero on success or an error code from @ref errno.h.
95
 */
1780 jermar 96
unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps)
1297 jermar 97
{
98
    sysarg64_t taskid_arg;
99
    task_t *t;
100
    ipl_t ipl;
101
    int rc;
102
 
103
    if (!(cap_get(TASK) & CAP_CAP))
1780 jermar 104
        return (unative_t) EPERM;
1297 jermar 105
 
106
    rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
107
    if (rc != 0)
1780 jermar 108
        return (unative_t) rc;
1297 jermar 109
 
110
    ipl = interrupts_disable();
111
    spinlock_lock(&tasks_lock);
112
    t = task_find_by_id((task_id_t) taskid_arg.value);
1839 decky 113
    if ((!t) || (!context_check(CONTEXT, t->context))) {
1297 jermar 114
        spinlock_unlock(&tasks_lock);
115
        interrupts_restore(ipl);
1780 jermar 116
        return (unative_t) ENOENT;
1297 jermar 117
    }
118
 
1588 jermar 119
    spinlock_lock(&t->lock);
1297 jermar 120
    cap_set(t, cap_get(t) | caps);
1588 jermar 121
    spinlock_unlock(&t->lock);
1297 jermar 122
 
1588 jermar 123
    spinlock_unlock(&tasks_lock);
1297 jermar 124
    interrupts_restore(ipl);   
125
    return 0;
126
}
127
 
128
/** Revoke capabilities from a task.
129
 *
130
 * The calling task must have the CAP_CAP capability or the caller must
131
 * attempt to revoke capabilities from itself.
132
 *
133
 * @param uspace_taskid_arg Userspace structure holding destination task ID.
134
 * @param caps Capabilities to revoke.
135
 *
136
 * @return Zero on success or an error code from @ref errno.h.
137
 */
1780 jermar 138
unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps)
1297 jermar 139
{
140
    sysarg64_t taskid_arg;
141
    task_t *t;
142
    ipl_t ipl;
143
    int rc;
144
 
145
    rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
146
    if (rc != 0)
1780 jermar 147
        return (unative_t) rc;
1297 jermar 148
 
149
    ipl = interrupts_disable();
150
    spinlock_lock(&tasks_lock);
151
    t = task_find_by_id((task_id_t) taskid_arg.value);
1839 decky 152
    if ((!t) || (!context_check(CONTEXT, t->context))) {
1297 jermar 153
        spinlock_unlock(&tasks_lock);
154
        interrupts_restore(ipl);
1780 jermar 155
        return (unative_t) ENOENT;
1297 jermar 156
    }
157
 
158
    /*
159
     * Revoking capabilities is different from granting them in that
160
     * a task can revoke capabilities from itself even if it
161
     * doesn't have CAP_CAP.
162
     */
163
    if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) {
1588 jermar 164
        spinlock_unlock(&tasks_lock);
1297 jermar 165
        interrupts_restore(ipl);
1780 jermar 166
        return (unative_t) EPERM;
1297 jermar 167
    }
1588 jermar 168
 
169
    spinlock_lock(&t->lock);
170
    cap_set(t, cap_get(t) & ~caps);
171
    spinlock_unlock(&t->lock);
1297 jermar 172
 
1588 jermar 173
    spinlock_unlock(&tasks_lock);
174
 
1297 jermar 175
    interrupts_restore(ipl);
176
    return 0;
177
}
1702 cejka 178
 
1888 jermar 179
/** @}
1702 cejka 180
 */
181