Rev 2071 | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 2071 | Rev 2089 | ||
|---|---|---|---|
| 1 | /* |
1 | /* |
| 2 | * Copyright (c) 2006 Jakub Jermar |
2 | * Copyright (c) 2006 Jakub Jermar |
| 3 | * All rights reserved. |
3 | * All rights reserved. |
| 4 | * |
4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions |
6 | * modification, are permitted provided that the following conditions |
| 7 | * are met: |
7 | * are met: |
| 8 | * |
8 | * |
| 9 | * - Redistributions of source code must retain the above copyright |
9 | * - Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. |
10 | * notice, this list of conditions and the following disclaimer. |
| 11 | * - Redistributions in binary form must reproduce the above copyright |
11 | * - Redistributions in binary form must reproduce the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer in the |
12 | * notice, this list of conditions and the following disclaimer in the |
| 13 | * documentation and/or other materials provided with the distribution. |
13 | * documentation and/or other materials provided with the distribution. |
| 14 | * - The name of the author may not be used to endorse or promote products |
14 | * - The name of the author may not be used to endorse or promote products |
| 15 | * derived from this software without specific prior written permission. |
15 | * derived from this software without specific prior written permission. |
| 16 | * |
16 | * |
| 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
27 | */ |
| 28 | 28 | ||
| 29 | /** @addtogroup generic |
29 | /** @addtogroup generic |
| 30 | * @{ |
30 | * @{ |
| 31 | */ |
31 | */ |
| 32 | 32 | ||
| 33 | /** |
33 | /** |
| 34 | * @file cap.c |
34 | * @file cap.c |
| 35 | * @brief Capabilities control. |
35 | * @brief Capabilities control. |
| 36 | * |
36 | * |
| 37 | * @see cap.h |
37 | * @see cap.h |
| 38 | */ |
38 | */ |
| 39 | 39 | ||
| 40 | #include <security/cap.h> |
40 | #include <security/cap.h> |
| 41 | #include <proc/task.h> |
41 | #include <proc/task.h> |
| 42 | #include <synch/spinlock.h> |
42 | #include <synch/spinlock.h> |
| 43 | #include <syscall/sysarg64.h> |
43 | #include <syscall/sysarg64.h> |
| 44 | #include <syscall/copy.h> |
44 | #include <syscall/copy.h> |
| 45 | #include <arch.h> |
45 | #include <arch.h> |
| 46 | #include <typedefs.h> |
- | |
| 47 | #include <errno.h> |
46 | #include <errno.h> |
| 48 | 47 | ||
| 49 | /** Set capabilities. |
48 | /** Set capabilities. |
| 50 | * |
49 | * |
| 51 | * @param t Task whose capabilities are to be changed. |
50 | * @param t Task whose capabilities are to be changed. |
| 52 | * @param caps New set of capabilities. |
51 | * @param caps New set of capabilities. |
| 53 | */ |
52 | */ |
| 54 | void cap_set(task_t *t, cap_t caps) |
53 | void cap_set(task_t *t, cap_t caps) |
| 55 | { |
54 | { |
| 56 | ipl_t ipl; |
55 | ipl_t ipl; |
| 57 | 56 | ||
| 58 | ipl = interrupts_disable(); |
57 | ipl = interrupts_disable(); |
| 59 | spinlock_lock(&t->lock); |
58 | spinlock_lock(&t->lock); |
| 60 | 59 | ||
| 61 | t->capabilities = caps; |
60 | t->capabilities = caps; |
| 62 | 61 | ||
| 63 | spinlock_unlock(&t->lock); |
62 | spinlock_unlock(&t->lock); |
| 64 | interrupts_restore(ipl); |
63 | interrupts_restore(ipl); |
| 65 | } |
64 | } |
| 66 | 65 | ||
| 67 | /** Get capabilities. |
66 | /** Get capabilities. |
| 68 | * |
67 | * |
| 69 | * @param t Task whose capabilities are to be returned. |
68 | * @param t Task whose capabilities are to be returned. |
| 70 | * @return Task's capabilities. |
69 | * @return Task's capabilities. |
| 71 | */ |
70 | */ |
| 72 | cap_t cap_get(task_t *t) |
71 | cap_t cap_get(task_t *t) |
| 73 | { |
72 | { |
| 74 | ipl_t ipl; |
73 | ipl_t ipl; |
| 75 | cap_t caps; |
74 | cap_t caps; |
| 76 | 75 | ||
| 77 | ipl = interrupts_disable(); |
76 | ipl = interrupts_disable(); |
| 78 | spinlock_lock(&t->lock); |
77 | spinlock_lock(&t->lock); |
| 79 | 78 | ||
| 80 | caps = t->capabilities; |
79 | caps = t->capabilities; |
| 81 | 80 | ||
| 82 | spinlock_unlock(&t->lock); |
81 | spinlock_unlock(&t->lock); |
| 83 | interrupts_restore(ipl); |
82 | interrupts_restore(ipl); |
| 84 | 83 | ||
| 85 | return caps; |
84 | return caps; |
| 86 | } |
85 | } |
| 87 | 86 | ||
| 88 | /** Grant capabilities to a task. |
87 | /** Grant capabilities to a task. |
| 89 | * |
88 | * |
| 90 | * The calling task must have the CAP_CAP capability. |
89 | * The calling task must have the CAP_CAP capability. |
| 91 | * |
90 | * |
| 92 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
91 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
| 93 | * @param caps Capabilities to grant. |
92 | * @param caps Capabilities to grant. |
| 94 | * |
93 | * |
| 95 | * @return Zero on success or an error code from @ref errno.h. |
94 | * @return Zero on success or an error code from @ref errno.h. |
| 96 | */ |
95 | */ |
| 97 | unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps) |
96 | unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps) |
| 98 | { |
97 | { |
| 99 | sysarg64_t taskid_arg; |
98 | sysarg64_t taskid_arg; |
| 100 | task_t *t; |
99 | task_t *t; |
| 101 | ipl_t ipl; |
100 | ipl_t ipl; |
| 102 | int rc; |
101 | int rc; |
| 103 | 102 | ||
| 104 | if (!(cap_get(TASK) & CAP_CAP)) |
103 | if (!(cap_get(TASK) & CAP_CAP)) |
| 105 | return (unative_t) EPERM; |
104 | return (unative_t) EPERM; |
| 106 | 105 | ||
| 107 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
106 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
| 108 | if (rc != 0) |
107 | if (rc != 0) |
| 109 | return (unative_t) rc; |
108 | return (unative_t) rc; |
| 110 | 109 | ||
| 111 | ipl = interrupts_disable(); |
110 | ipl = interrupts_disable(); |
| 112 | spinlock_lock(&tasks_lock); |
111 | spinlock_lock(&tasks_lock); |
| 113 | t = task_find_by_id((task_id_t) taskid_arg.value); |
112 | t = task_find_by_id((task_id_t) taskid_arg.value); |
| 114 | if ((!t) || (!context_check(CONTEXT, t->context))) { |
113 | if ((!t) || (!context_check(CONTEXT, t->context))) { |
| 115 | spinlock_unlock(&tasks_lock); |
114 | spinlock_unlock(&tasks_lock); |
| 116 | interrupts_restore(ipl); |
115 | interrupts_restore(ipl); |
| 117 | return (unative_t) ENOENT; |
116 | return (unative_t) ENOENT; |
| 118 | } |
117 | } |
| 119 | 118 | ||
| 120 | spinlock_lock(&t->lock); |
119 | spinlock_lock(&t->lock); |
| 121 | cap_set(t, cap_get(t) | caps); |
120 | cap_set(t, cap_get(t) | caps); |
| 122 | spinlock_unlock(&t->lock); |
121 | spinlock_unlock(&t->lock); |
| 123 | 122 | ||
| 124 | spinlock_unlock(&tasks_lock); |
123 | spinlock_unlock(&tasks_lock); |
| 125 | interrupts_restore(ipl); |
124 | interrupts_restore(ipl); |
| 126 | return 0; |
125 | return 0; |
| 127 | } |
126 | } |
| 128 | 127 | ||
| 129 | /** Revoke capabilities from a task. |
128 | /** Revoke capabilities from a task. |
| 130 | * |
129 | * |
| 131 | * The calling task must have the CAP_CAP capability or the caller must |
130 | * The calling task must have the CAP_CAP capability or the caller must |
| 132 | * attempt to revoke capabilities from itself. |
131 | * attempt to revoke capabilities from itself. |
| 133 | * |
132 | * |
| 134 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
133 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
| 135 | * @param caps Capabilities to revoke. |
134 | * @param caps Capabilities to revoke. |
| 136 | * |
135 | * |
| 137 | * @return Zero on success or an error code from @ref errno.h. |
136 | * @return Zero on success or an error code from @ref errno.h. |
| 138 | */ |
137 | */ |
| 139 | unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps) |
138 | unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps) |
| 140 | { |
139 | { |
| 141 | sysarg64_t taskid_arg; |
140 | sysarg64_t taskid_arg; |
| 142 | task_t *t; |
141 | task_t *t; |
| 143 | ipl_t ipl; |
142 | ipl_t ipl; |
| 144 | int rc; |
143 | int rc; |
| 145 | 144 | ||
| 146 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
145 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
| 147 | if (rc != 0) |
146 | if (rc != 0) |
| 148 | return (unative_t) rc; |
147 | return (unative_t) rc; |
| 149 | 148 | ||
| 150 | ipl = interrupts_disable(); |
149 | ipl = interrupts_disable(); |
| 151 | spinlock_lock(&tasks_lock); |
150 | spinlock_lock(&tasks_lock); |
| 152 | t = task_find_by_id((task_id_t) taskid_arg.value); |
151 | t = task_find_by_id((task_id_t) taskid_arg.value); |
| 153 | if ((!t) || (!context_check(CONTEXT, t->context))) { |
152 | if ((!t) || (!context_check(CONTEXT, t->context))) { |
| 154 | spinlock_unlock(&tasks_lock); |
153 | spinlock_unlock(&tasks_lock); |
| 155 | interrupts_restore(ipl); |
154 | interrupts_restore(ipl); |
| 156 | return (unative_t) ENOENT; |
155 | return (unative_t) ENOENT; |
| 157 | } |
156 | } |
| 158 | 157 | ||
| 159 | /* |
158 | /* |
| 160 | * Revoking capabilities is different from granting them in that |
159 | * Revoking capabilities is different from granting them in that |
| 161 | * a task can revoke capabilities from itself even if it |
160 | * a task can revoke capabilities from itself even if it |
| 162 | * doesn't have CAP_CAP. |
161 | * doesn't have CAP_CAP. |
| 163 | */ |
162 | */ |
| 164 | if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) { |
163 | if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) { |
| 165 | spinlock_unlock(&tasks_lock); |
164 | spinlock_unlock(&tasks_lock); |
| 166 | interrupts_restore(ipl); |
165 | interrupts_restore(ipl); |
| 167 | return (unative_t) EPERM; |
166 | return (unative_t) EPERM; |
| 168 | } |
167 | } |
| 169 | 168 | ||
| 170 | spinlock_lock(&t->lock); |
169 | spinlock_lock(&t->lock); |
| 171 | cap_set(t, cap_get(t) & ~caps); |
170 | cap_set(t, cap_get(t) & ~caps); |
| 172 | spinlock_unlock(&t->lock); |
171 | spinlock_unlock(&t->lock); |
| 173 | 172 | ||
| 174 | spinlock_unlock(&tasks_lock); |
173 | spinlock_unlock(&tasks_lock); |
| 175 | 174 | ||
| 176 | interrupts_restore(ipl); |
175 | interrupts_restore(ipl); |
| 177 | return 0; |
176 | return 0; |
| 178 | } |
177 | } |
| 179 | 178 | ||
| 180 | /** @} |
179 | /** @} |
| 181 | */ |
180 | */ |
| 182 | 181 | ||
| 183 | 182 | ||