Subversion Repositories HelenOS-historic

Rev

Rev 1297 | Rev 1702 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
1174 jermar 1
/*
2
 * Copyright (C) 2006 Jakub Jermar
3
 * All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 *
9
 * - Redistributions of source code must retain the above copyright
10
 *   notice, this list of conditions and the following disclaimer.
11
 * - Redistributions in binary form must reproduce the above copyright
12
 *   notice, this list of conditions and the following disclaimer in the
13
 *   documentation and/or other materials provided with the distribution.
14
 * - The name of the author may not be used to endorse or promote products
15
 *   derived from this software without specific prior written permission.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
 */
28
 
1264 jermar 29
/**
30
 * @file	cap.c
31
 * @brief	Capabilities control.
32
 *
33
 * @see cap.h
34
 */
35
 
1174 jermar 36
#include <security/cap.h>
37
#include <proc/task.h>
38
#include <synch/spinlock.h>
1297 jermar 39
#include <syscall/sysarg64.h>
40
#include <syscall/copy.h>
1174 jermar 41
#include <arch.h>
42
#include <typedefs.h>
1297 jermar 43
#include <errno.h>
1174 jermar 44
 
45
/** Set capabilities.
46
 *
47
 * @param t Task whose capabilities are to be changed.
48
 * @param caps New set of capabilities.
49
 */
50
void cap_set(task_t *t, cap_t caps)
51
{
52
	ipl_t ipl;
53
 
54
	ipl = interrupts_disable();
55
	spinlock_lock(&t->lock);
56
 
57
	t->capabilities = caps;
58
 
59
	spinlock_unlock(&t->lock);
60
	interrupts_restore(ipl);
61
}
62
 
63
/** Get capabilities.
64
 *
65
 * @param t Task whose capabilities are to be returned.
66
 * @return Task's capabilities.
67
 */
68
cap_t cap_get(task_t *t)
69
{
70
	ipl_t ipl;
71
	cap_t caps;
72
 
73
	ipl = interrupts_disable();
74
	spinlock_lock(&t->lock);
75
 
76
	caps = t->capabilities;
77
 
78
	spinlock_unlock(&t->lock);
79
	interrupts_restore(ipl);
80
 
81
	return caps;
82
}
1297 jermar 83
 
84
/** Grant capabilities to a task.
85
 *
86
 * The calling task must have the CAP_CAP capability.
87
 *
88
 * @param uspace_taskid_arg Userspace structure holding destination task ID.
89
 * @param caps Capabilities to grant.
90
 *
91
 * @return Zero on success or an error code from @ref errno.h.
92
 */
93
__native sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps)
94
{
95
	sysarg64_t taskid_arg;
96
	task_t *t;
97
	ipl_t ipl;
98
	int rc;
99
 
100
	if (!(cap_get(TASK) & CAP_CAP))
101
		return (__native) EPERM;
102
 
103
	rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
104
	if (rc != 0)
105
		return (__native) rc;
106
 
107
	ipl = interrupts_disable();
108
	spinlock_lock(&tasks_lock);
109
	t = task_find_by_id((task_id_t) taskid_arg.value);
110
	if (!t) {
111
		spinlock_unlock(&tasks_lock);
112
		interrupts_restore(ipl);
113
		return (__native) ENOENT;
114
	}
115
 
1588 jermar 116
	spinlock_lock(&t->lock);
1297 jermar 117
	cap_set(t, cap_get(t) | caps);
1588 jermar 118
	spinlock_unlock(&t->lock);
1297 jermar 119
 
1588 jermar 120
	spinlock_unlock(&tasks_lock);
121
 
122
 
123
 
1297 jermar 124
	interrupts_restore(ipl);	
125
	return 0;
126
}
127
 
128
/** Revoke capabilities from a task.
129
 *
130
 * The calling task must have the CAP_CAP capability or the caller must
131
 * attempt to revoke capabilities from itself.
132
 *
133
 * @param uspace_taskid_arg Userspace structure holding destination task ID.
134
 * @param caps Capabilities to revoke.
135
 *
136
 * @return Zero on success or an error code from @ref errno.h.
137
 */
138
__native sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps)
139
{
140
	sysarg64_t taskid_arg;
141
	task_t *t;
142
	ipl_t ipl;
143
	int rc;
144
 
145
	rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
146
	if (rc != 0)
147
		return (__native) rc;
148
 
149
	ipl = interrupts_disable();
150
	spinlock_lock(&tasks_lock);	
151
	t = task_find_by_id((task_id_t) taskid_arg.value);
152
	if (!t) {
153
		spinlock_unlock(&tasks_lock);
154
		interrupts_restore(ipl);
155
		return (__native) ENOENT;
156
	}
157
 
158
	/*
159
	 * Revoking capabilities is different from granting them in that
160
	 * a task can revoke capabilities from itself even if it
161
	 * doesn't have CAP_CAP.
162
	 */
163
	if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) {
1588 jermar 164
		spinlock_unlock(&tasks_lock);
1297 jermar 165
		interrupts_restore(ipl);
166
		return (__native) EPERM;
167
	}
1588 jermar 168
 
169
	spinlock_lock(&t->lock);
170
	cap_set(t, cap_get(t) & ~caps);
171
	spinlock_unlock(&t->lock);
1297 jermar 172
 
1588 jermar 173
	spinlock_unlock(&tasks_lock);
174
 
1297 jermar 175
	interrupts_restore(ipl);
176
	return 0;
177
}