Rev 1588 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1588 | Rev 1702 | ||
|---|---|---|---|
| 1 | /* |
1 | /* |
| 2 | * Copyright (C) 2006 Jakub Jermar |
2 | * Copyright (C) 2006 Jakub Jermar |
| 3 | * All rights reserved. |
3 | * All rights reserved. |
| 4 | * |
4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions |
6 | * modification, are permitted provided that the following conditions |
| 7 | * are met: |
7 | * are met: |
| 8 | * |
8 | * |
| 9 | * - Redistributions of source code must retain the above copyright |
9 | * - Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. |
10 | * notice, this list of conditions and the following disclaimer. |
| 11 | * - Redistributions in binary form must reproduce the above copyright |
11 | * - Redistributions in binary form must reproduce the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer in the |
12 | * notice, this list of conditions and the following disclaimer in the |
| 13 | * documentation and/or other materials provided with the distribution. |
13 | * documentation and/or other materials provided with the distribution. |
| 14 | * - The name of the author may not be used to endorse or promote products |
14 | * - The name of the author may not be used to endorse or promote products |
| 15 | * derived from this software without specific prior written permission. |
15 | * derived from this software without specific prior written permission. |
| 16 | * |
16 | * |
| 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
27 | */ |
| 28 | 28 | ||
| - | 29 | /** @addtogroup generic |
|
| - | 30 | * @{ |
|
| - | 31 | */ |
|
| - | 32 | ||
| 29 | /** |
33 | /** |
| 30 | * @file cap.c |
34 | * @file cap.c |
| 31 | * @brief Capabilities control. |
35 | * @brief Capabilities control. |
| 32 | * |
36 | * |
| 33 | * @see cap.h |
37 | * @see cap.h |
| 34 | */ |
38 | */ |
| 35 | 39 | ||
| 36 | #include <security/cap.h> |
40 | #include <security/cap.h> |
| 37 | #include <proc/task.h> |
41 | #include <proc/task.h> |
| 38 | #include <synch/spinlock.h> |
42 | #include <synch/spinlock.h> |
| 39 | #include <syscall/sysarg64.h> |
43 | #include <syscall/sysarg64.h> |
| 40 | #include <syscall/copy.h> |
44 | #include <syscall/copy.h> |
| 41 | #include <arch.h> |
45 | #include <arch.h> |
| 42 | #include <typedefs.h> |
46 | #include <typedefs.h> |
| 43 | #include <errno.h> |
47 | #include <errno.h> |
| 44 | 48 | ||
| 45 | /** Set capabilities. |
49 | /** Set capabilities. |
| 46 | * |
50 | * |
| 47 | * @param t Task whose capabilities are to be changed. |
51 | * @param t Task whose capabilities are to be changed. |
| 48 | * @param caps New set of capabilities. |
52 | * @param caps New set of capabilities. |
| 49 | */ |
53 | */ |
| 50 | void cap_set(task_t *t, cap_t caps) |
54 | void cap_set(task_t *t, cap_t caps) |
| 51 | { |
55 | { |
| 52 | ipl_t ipl; |
56 | ipl_t ipl; |
| 53 | 57 | ||
| 54 | ipl = interrupts_disable(); |
58 | ipl = interrupts_disable(); |
| 55 | spinlock_lock(&t->lock); |
59 | spinlock_lock(&t->lock); |
| 56 | 60 | ||
| 57 | t->capabilities = caps; |
61 | t->capabilities = caps; |
| 58 | 62 | ||
| 59 | spinlock_unlock(&t->lock); |
63 | spinlock_unlock(&t->lock); |
| 60 | interrupts_restore(ipl); |
64 | interrupts_restore(ipl); |
| 61 | } |
65 | } |
| 62 | 66 | ||
| 63 | /** Get capabilities. |
67 | /** Get capabilities. |
| 64 | * |
68 | * |
| 65 | * @param t Task whose capabilities are to be returned. |
69 | * @param t Task whose capabilities are to be returned. |
| 66 | * @return Task's capabilities. |
70 | * @return Task's capabilities. |
| 67 | */ |
71 | */ |
| 68 | cap_t cap_get(task_t *t) |
72 | cap_t cap_get(task_t *t) |
| 69 | { |
73 | { |
| 70 | ipl_t ipl; |
74 | ipl_t ipl; |
| 71 | cap_t caps; |
75 | cap_t caps; |
| 72 | 76 | ||
| 73 | ipl = interrupts_disable(); |
77 | ipl = interrupts_disable(); |
| 74 | spinlock_lock(&t->lock); |
78 | spinlock_lock(&t->lock); |
| 75 | 79 | ||
| 76 | caps = t->capabilities; |
80 | caps = t->capabilities; |
| 77 | 81 | ||
| 78 | spinlock_unlock(&t->lock); |
82 | spinlock_unlock(&t->lock); |
| 79 | interrupts_restore(ipl); |
83 | interrupts_restore(ipl); |
| 80 | 84 | ||
| 81 | return caps; |
85 | return caps; |
| 82 | } |
86 | } |
| 83 | 87 | ||
| 84 | /** Grant capabilities to a task. |
88 | /** Grant capabilities to a task. |
| 85 | * |
89 | * |
| 86 | * The calling task must have the CAP_CAP capability. |
90 | * The calling task must have the CAP_CAP capability. |
| 87 | * |
91 | * |
| 88 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
92 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
| 89 | * @param caps Capabilities to grant. |
93 | * @param caps Capabilities to grant. |
| 90 | * |
94 | * |
| 91 | * @return Zero on success or an error code from @ref errno.h. |
95 | * @return Zero on success or an error code from @ref errno.h. |
| 92 | */ |
96 | */ |
| 93 | __native sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps) |
97 | __native sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps) |
| 94 | { |
98 | { |
| 95 | sysarg64_t taskid_arg; |
99 | sysarg64_t taskid_arg; |
| 96 | task_t *t; |
100 | task_t *t; |
| 97 | ipl_t ipl; |
101 | ipl_t ipl; |
| 98 | int rc; |
102 | int rc; |
| 99 | 103 | ||
| 100 | if (!(cap_get(TASK) & CAP_CAP)) |
104 | if (!(cap_get(TASK) & CAP_CAP)) |
| 101 | return (__native) EPERM; |
105 | return (__native) EPERM; |
| 102 | 106 | ||
| 103 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
107 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
| 104 | if (rc != 0) |
108 | if (rc != 0) |
| 105 | return (__native) rc; |
109 | return (__native) rc; |
| 106 | 110 | ||
| 107 | ipl = interrupts_disable(); |
111 | ipl = interrupts_disable(); |
| 108 | spinlock_lock(&tasks_lock); |
112 | spinlock_lock(&tasks_lock); |
| 109 | t = task_find_by_id((task_id_t) taskid_arg.value); |
113 | t = task_find_by_id((task_id_t) taskid_arg.value); |
| 110 | if (!t) { |
114 | if (!t) { |
| 111 | spinlock_unlock(&tasks_lock); |
115 | spinlock_unlock(&tasks_lock); |
| 112 | interrupts_restore(ipl); |
116 | interrupts_restore(ipl); |
| 113 | return (__native) ENOENT; |
117 | return (__native) ENOENT; |
| 114 | } |
118 | } |
| 115 | 119 | ||
| 116 | spinlock_lock(&t->lock); |
120 | spinlock_lock(&t->lock); |
| 117 | cap_set(t, cap_get(t) | caps); |
121 | cap_set(t, cap_get(t) | caps); |
| 118 | spinlock_unlock(&t->lock); |
122 | spinlock_unlock(&t->lock); |
| 119 | 123 | ||
| 120 | spinlock_unlock(&tasks_lock); |
124 | spinlock_unlock(&tasks_lock); |
| 121 | 125 | ||
| 122 | 126 | ||
| 123 | 127 | ||
| 124 | interrupts_restore(ipl); |
128 | interrupts_restore(ipl); |
| 125 | return 0; |
129 | return 0; |
| 126 | } |
130 | } |
| 127 | 131 | ||
| 128 | /** Revoke capabilities from a task. |
132 | /** Revoke capabilities from a task. |
| 129 | * |
133 | * |
| 130 | * The calling task must have the CAP_CAP capability or the caller must |
134 | * The calling task must have the CAP_CAP capability or the caller must |
| 131 | * attempt to revoke capabilities from itself. |
135 | * attempt to revoke capabilities from itself. |
| 132 | * |
136 | * |
| 133 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
137 | * @param uspace_taskid_arg Userspace structure holding destination task ID. |
| 134 | * @param caps Capabilities to revoke. |
138 | * @param caps Capabilities to revoke. |
| 135 | * |
139 | * |
| 136 | * @return Zero on success or an error code from @ref errno.h. |
140 | * @return Zero on success or an error code from @ref errno.h. |
| 137 | */ |
141 | */ |
| 138 | __native sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps) |
142 | __native sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps) |
| 139 | { |
143 | { |
| 140 | sysarg64_t taskid_arg; |
144 | sysarg64_t taskid_arg; |
| 141 | task_t *t; |
145 | task_t *t; |
| 142 | ipl_t ipl; |
146 | ipl_t ipl; |
| 143 | int rc; |
147 | int rc; |
| 144 | 148 | ||
| 145 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
149 | rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); |
| 146 | if (rc != 0) |
150 | if (rc != 0) |
| 147 | return (__native) rc; |
151 | return (__native) rc; |
| 148 | 152 | ||
| 149 | ipl = interrupts_disable(); |
153 | ipl = interrupts_disable(); |
| 150 | spinlock_lock(&tasks_lock); |
154 | spinlock_lock(&tasks_lock); |
| 151 | t = task_find_by_id((task_id_t) taskid_arg.value); |
155 | t = task_find_by_id((task_id_t) taskid_arg.value); |
| 152 | if (!t) { |
156 | if (!t) { |
| 153 | spinlock_unlock(&tasks_lock); |
157 | spinlock_unlock(&tasks_lock); |
| 154 | interrupts_restore(ipl); |
158 | interrupts_restore(ipl); |
| 155 | return (__native) ENOENT; |
159 | return (__native) ENOENT; |
| 156 | } |
160 | } |
| 157 | 161 | ||
| 158 | /* |
162 | /* |
| 159 | * Revoking capabilities is different from granting them in that |
163 | * Revoking capabilities is different from granting them in that |
| 160 | * a task can revoke capabilities from itself even if it |
164 | * a task can revoke capabilities from itself even if it |
| 161 | * doesn't have CAP_CAP. |
165 | * doesn't have CAP_CAP. |
| 162 | */ |
166 | */ |
| 163 | if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) { |
167 | if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) { |
| 164 | spinlock_unlock(&tasks_lock); |
168 | spinlock_unlock(&tasks_lock); |
| 165 | interrupts_restore(ipl); |
169 | interrupts_restore(ipl); |
| 166 | return (__native) EPERM; |
170 | return (__native) EPERM; |
| 167 | } |
171 | } |
| 168 | 172 | ||
| 169 | spinlock_lock(&t->lock); |
173 | spinlock_lock(&t->lock); |
| 170 | cap_set(t, cap_get(t) & ~caps); |
174 | cap_set(t, cap_get(t) & ~caps); |
| 171 | spinlock_unlock(&t->lock); |
175 | spinlock_unlock(&t->lock); |
| 172 | 176 | ||
| 173 | spinlock_unlock(&tasks_lock); |
177 | spinlock_unlock(&tasks_lock); |
| 174 | 178 | ||
| 175 | interrupts_restore(ipl); |
179 | interrupts_restore(ipl); |
| 176 | return 0; |
180 | return 0; |
| 177 | } |
181 | } |
| - | 182 | ||
| - | 183 | /** @} |
|
| - | 184 | */ |
|
| - | 185 | ||
| 178 | 186 | ||