0,0 → 1,181 |
/* |
* Copyright (c) 2006 Jakub Jermar |
* All rights reserved. |
* |
* Redistribution and use in source and binary forms, with or without |
* modification, are permitted provided that the following conditions |
* are met: |
* |
* - Redistributions of source code must retain the above copyright |
* notice, this list of conditions and the following disclaimer. |
* - Redistributions in binary form must reproduce the above copyright |
* notice, this list of conditions and the following disclaimer in the |
* documentation and/or other materials provided with the distribution. |
* - The name of the author may not be used to endorse or promote products |
* derived from this software without specific prior written permission. |
* |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
*/ |
|
/** @addtogroup generic |
* @{ |
*/ |
|
/** |
* @file cap.c |
* @brief Capabilities control. |
* |
* @see cap.h |
*/ |
|
#include <security/cap.h> |
#include <proc/task.h> |
#include <synch/spinlock.h> |
#include <syscall/sysarg64.h> |
#include <syscall/copy.h> |
#include <arch.h> |
#include <errno.h> |
|
/** Set capabilities. |
* |
* @param t Task whose capabilities are to be changed. |
* @param caps New set of capabilities. |
*/ |
void cap_set(task_t *t, cap_t caps) |
{ |
ipl_t ipl; |
|
ipl = interrupts_disable(); |
spinlock_lock(&t->lock); |
|
t->capabilities = caps; |
|
spinlock_unlock(&t->lock); |
interrupts_restore(ipl); |
} |
|
/** Get capabilities. |
* |
* @param t Task whose capabilities are to be returned. |
* @return Task's capabilities. |
*/ |
cap_t cap_get(task_t *t) |
{ |
ipl_t ipl; |
cap_t caps; |
|
ipl = interrupts_disable(); |
spinlock_lock(&t->lock); |
|
caps = t->capabilities; |
|
spinlock_unlock(&t->lock); |
interrupts_restore(ipl); |
|
return caps; |
} |
|
/** Grant capabilities to a task. |
* |
* The calling task must have the CAP_CAP capability. |
* |
* @param uspace_taskid_arg Userspace structure holding destination task ID. |
* @param caps Capabilities to grant. |
* |
* @return Zero on success or an error code from @ref errno.h. |
*/ |
unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps) |
{ |
sysarg64_t taskid_arg; |
task_t *t; |
ipl_t ipl; |
int rc; |
|
if (!(cap_get(TASK) & CAP_CAP)) |
return (unative_t) EPERM; |
|
rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
if (rc != 0) |
return (unative_t) rc; |
|
ipl = interrupts_disable(); |
spinlock_lock(&tasks_lock); |
t = task_find_by_id((task_id_t) taskid_arg.value); |
if ((!t) || (!context_check(CONTEXT, t->context))) { |
spinlock_unlock(&tasks_lock); |
interrupts_restore(ipl); |
return (unative_t) ENOENT; |
} |
|
spinlock_lock(&t->lock); |
cap_set(t, cap_get(t) | caps); |
spinlock_unlock(&t->lock); |
|
spinlock_unlock(&tasks_lock); |
interrupts_restore(ipl); |
return 0; |
} |
|
/** Revoke capabilities from a task. |
* |
* The calling task must have the CAP_CAP capability or the caller must |
* attempt to revoke capabilities from itself. |
* |
* @param uspace_taskid_arg Userspace structure holding destination task ID. |
* @param caps Capabilities to revoke. |
* |
* @return Zero on success or an error code from @ref errno.h. |
*/ |
unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps) |
{ |
sysarg64_t taskid_arg; |
task_t *t; |
ipl_t ipl; |
int rc; |
|
rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
if (rc != 0) |
return (unative_t) rc; |
|
ipl = interrupts_disable(); |
spinlock_lock(&tasks_lock); |
t = task_find_by_id((task_id_t) taskid_arg.value); |
if ((!t) || (!context_check(CONTEXT, t->context))) { |
spinlock_unlock(&tasks_lock); |
interrupts_restore(ipl); |
return (unative_t) ENOENT; |
} |
|
/* |
* Revoking capabilities is different from granting them in that |
* a task can revoke capabilities from itself even if it |
* doesn't have CAP_CAP. |
*/ |
if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) { |
spinlock_unlock(&tasks_lock); |
interrupts_restore(ipl); |
return (unative_t) EPERM; |
} |
|
spinlock_lock(&t->lock); |
cap_set(t, cap_get(t) & ~caps); |
spinlock_unlock(&t->lock); |
|
spinlock_unlock(&tasks_lock); |
|
interrupts_restore(ipl); |
return 0; |
} |
|
/** @} |
*/ |
|