Rev 1264 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1264 | Rev 1297 | ||
|---|---|---|---|
| 1 | /* |
1 | /* |
| 2 | * Copyright (C) 2006 Jakub Jermar |
2 | * Copyright (C) 2006 Jakub Jermar |
| 3 | * All rights reserved. |
3 | * All rights reserved. |
| 4 | * |
4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions |
6 | * modification, are permitted provided that the following conditions |
| 7 | * are met: |
7 | * are met: |
| 8 | * |
8 | * |
| 9 | * - Redistributions of source code must retain the above copyright |
9 | * - Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. |
10 | * notice, this list of conditions and the following disclaimer. |
| 11 | * - Redistributions in binary form must reproduce the above copyright |
11 | * - Redistributions in binary form must reproduce the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer in the |
12 | * notice, this list of conditions and the following disclaimer in the |
| 13 | * documentation and/or other materials provided with the distribution. |
13 | * documentation and/or other materials provided with the distribution. |
| 14 | * - The name of the author may not be used to endorse or promote products |
14 | * - The name of the author may not be used to endorse or promote products |
| 15 | * derived from this software without specific prior written permission. |
15 | * derived from this software without specific prior written permission. |
| 16 | * |
16 | * |
| 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
27 | */ |
| 28 | 28 | ||
| 29 | /** |
29 | /** |
| 30 | * @file cap.c |
30 | * @file cap.c |
| 31 | * @brief Capabilities control. |
31 | * @brief Capabilities control. |
| 32 | * |
32 | * |
| 33 | * @see cap.h |
33 | * @see cap.h |
| 34 | */ |
34 | */ |
| 35 | 35 | ||
| 36 | #include <security/cap.h> |
36 | #include <security/cap.h> |
| 37 | #include <proc/task.h> |
37 | #include <proc/task.h> |
| 38 | #include <synch/spinlock.h> |
38 | #include <synch/spinlock.h> |
| - | 39 | #include <syscall/sysarg64.h> |
|
| - | 40 | #include <syscall/copy.h> |
|
| 39 | #include <arch.h> |
41 | #include <arch.h> |
| 40 | #include <typedefs.h> |
42 | #include <typedefs.h> |
| - | 43 | #include <errno.h> |
|
| 41 | 44 | ||
| 42 | /** Set capabilities. |
45 | /** Set capabilities. |
| 43 | * |
46 | * |
| 44 | * @param t Task whose capabilities are to be changed. |
47 | * @param t Task whose capabilities are to be changed. |
| 45 | * @param caps New set of capabilities. |
48 | * @param caps New set of capabilities. |
| 46 | */ |
49 | */ |
| 47 | void cap_set(task_t *t, cap_t caps) |
50 | void cap_set(task_t *t, cap_t caps) |
| 48 | { |
51 | { |
| 49 | ipl_t ipl; |
52 | ipl_t ipl; |
| 50 | 53 | ||
| 51 | ipl = interrupts_disable(); |
54 | ipl = interrupts_disable(); |
| 52 | spinlock_lock(&t->lock); |
55 | spinlock_lock(&t->lock); |
| 53 | 56 | ||
| 54 | t->capabilities = caps; |
57 | t->capabilities = caps; |
| 55 | 58 | ||
| 56 | spinlock_unlock(&t->lock); |
59 | spinlock_unlock(&t->lock); |
| 57 | interrupts_restore(ipl); |
60 | interrupts_restore(ipl); |
| 58 | } |
61 | } |
| 59 | 62 | ||
| 60 | /** Get capabilities. |
63 | /** Get capabilities. |
| 61 | * |
64 | * |
| 62 | * @param t Task whose capabilities are to be returned. |
65 | * @param t Task whose capabilities are to be returned. |
| 63 | * @return Task's capabilities. |
66 | * @return Task's capabilities. |
| 64 | */ |
67 | */ |
| 65 | cap_t cap_get(task_t *t) |
68 | cap_t cap_get(task_t *t) |
| 66 | { |
69 | { |
| 67 | ipl_t ipl; |
70 | ipl_t ipl; |
| 68 | cap_t caps; |
71 | cap_t caps; |
| 69 | 72 | ||
| 70 | ipl = interrupts_disable(); |
73 | ipl = interrupts_disable(); |
| 71 | spinlock_lock(&t->lock); |
74 | spinlock_lock(&t->lock); |
| 72 | 75 | ||
| 73 | caps = t->capabilities; |
76 | caps = t->capabilities; |
| 74 | 77 | ||
| 75 | spinlock_unlock(&t->lock); |
78 | spinlock_unlock(&t->lock); |
| 76 | interrupts_restore(ipl); |
79 | interrupts_restore(ipl); |
| 77 | 80 | ||
| 78 | return caps; |
81 | return caps; |
| 79 | } |
82 | } |
| - | 83 | ||
| - | 84 | /** Grant capabilities to a task. |
|
| - | 85 | * |
|
| - | 86 | * The calling task must have the CAP_CAP capability. |
|
| - | 87 | * |
|
| - | 88 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
|
| - | 89 | * @param caps Capabilities to grant. |
|
| - | 90 | * |
|
| - | 91 | * @return Zero on success or an error code from @ref errno.h. |
|
| - | 92 | */ |
|
| - | 93 | __native sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps) |
|
| - | 94 | { |
|
| - | 95 | sysarg64_t taskid_arg; |
|
| - | 96 | task_t *t; |
|
| - | 97 | ipl_t ipl; |
|
| - | 98 | int rc; |
|
| - | 99 | ||
| - | 100 | if (!(cap_get(TASK) & CAP_CAP)) |
|
| - | 101 | return (__native) EPERM; |
|
| - | 102 | ||
| - | 103 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
|
| - | 104 | if (rc != 0) |
|
| - | 105 | return (__native) rc; |
|
| - | 106 | ||
| - | 107 | ipl = interrupts_disable(); |
|
| - | 108 | spinlock_lock(&tasks_lock); |
|
| - | 109 | t = task_find_by_id((task_id_t) taskid_arg.value); |
|
| - | 110 | if (!t) { |
|
| - | 111 | spinlock_unlock(&tasks_lock); |
|
| - | 112 | interrupts_restore(ipl); |
|
| - | 113 | return (__native) ENOENT; |
|
| - | 114 | } |
|
| - | 115 | spinlock_unlock(&tasks_lock); |
|
| - | 116 | ||
| - | 117 | cap_set(t, cap_get(t) | caps); |
|
| - | 118 | ||
| - | 119 | interrupts_restore(ipl); |
|
| - | 120 | return 0; |
|
| - | 121 | } |
|
| - | 122 | ||
| - | 123 | /** Revoke capabilities from a task. |
|
| - | 124 | * |
|
| - | 125 | * The calling task must have the CAP_CAP capability or the caller must |
|
| - | 126 | * attempt to revoke capabilities from itself. |
|
| - | 127 | * |
|
| - | 128 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
|
| - | 129 | * @param caps Capabilities to revoke. |
|
| - | 130 | * |
|
| - | 131 | * @return Zero on success or an error code from @ref errno.h. |
|
| - | 132 | */ |
|
| - | 133 | __native sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps) |
|
| - | 134 | { |
|
| - | 135 | sysarg64_t taskid_arg; |
|
| - | 136 | task_t *t; |
|
| - | 137 | ipl_t ipl; |
|
| - | 138 | int rc; |
|
| - | 139 | ||
| - | 140 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
|
| - | 141 | if (rc != 0) |
|
| - | 142 | return (__native) rc; |
|
| - | 143 | ||
| - | 144 | ipl = interrupts_disable(); |
|
| - | 145 | spinlock_lock(&tasks_lock); |
|
| - | 146 | t = task_find_by_id((task_id_t) taskid_arg.value); |
|
| - | 147 | if (!t) { |
|
| - | 148 | spinlock_unlock(&tasks_lock); |
|
| - | 149 | interrupts_restore(ipl); |
|
| - | 150 | return (__native) ENOENT; |
|
| - | 151 | } |
|
| - | 152 | spinlock_unlock(&tasks_lock); |
|
| - | 153 | ||
| - | 154 | /* |
|
| - | 155 | * Revoking capabilities is different from granting them in that |
|
| - | 156 | * a task can revoke capabilities from itself even if it |
|
| - | 157 | * doesn't have CAP_CAP. |
|
| - | 158 | */ |
|
| - | 159 | if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) { |
|
| - | 160 | interrupts_restore(ipl); |
|
| - | 161 | return (__native) EPERM; |
|
| - | 162 | } |
|
| - | 163 | ||
| - | 164 | cap_set(t, cap_get(t) & ~caps); |
|
| - | 165 | ||
| - | 166 | interrupts_restore(ipl); |
|
| - | 167 | return 0; |
|
| - | 168 | } |
|
| 80 | 169 | ||