Subversion Repositories HelenOS

Rev

Rev 1787 | Rev 1888 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
1174 jermar 1
/*
2
 * Copyright (C) 2006 Jakub Jermar
3
 * All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 *
9
 * - Redistributions of source code must retain the above copyright
10
 *   notice, this list of conditions and the following disclaimer.
11
 * - Redistributions in binary form must reproduce the above copyright
12
 *   notice, this list of conditions and the following disclaimer in the
13
 *   documentation and/or other materials provided with the distribution.
14
 * - The name of the author may not be used to endorse or promote products
15
 *   derived from this software without specific prior written permission.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
 */
28
 
1702 cejka 29
 /** @addtogroup generic	
30
 * @{
31
 */
32
 
1264 jermar 33
/**
34
 * @file	cap.c
35
 * @brief	Capabilities control.
36
 *
37
 * @see cap.h
38
 */
39
 
1174 jermar 40
#include <security/cap.h>
41
#include <proc/task.h>
42
#include <synch/spinlock.h>
1297 jermar 43
#include <syscall/sysarg64.h>
44
#include <syscall/copy.h>
1174 jermar 45
#include <arch.h>
46
#include <typedefs.h>
1297 jermar 47
#include <errno.h>
1174 jermar 48
 
49
/** Set capabilities.
50
 *
51
 * @param t Task whose capabilities are to be changed.
52
 * @param caps New set of capabilities.
53
 */
54
void cap_set(task_t *t, cap_t caps)
55
{
56
	ipl_t ipl;
57
 
58
	ipl = interrupts_disable();
59
	spinlock_lock(&t->lock);
60
 
61
	t->capabilities = caps;
62
 
63
	spinlock_unlock(&t->lock);
64
	interrupts_restore(ipl);
65
}
66
 
67
/** Get capabilities.
68
 *
69
 * @param t Task whose capabilities are to be returned.
70
 * @return Task's capabilities.
71
 */
72
cap_t cap_get(task_t *t)
73
{
74
	ipl_t ipl;
75
	cap_t caps;
76
 
77
	ipl = interrupts_disable();
78
	spinlock_lock(&t->lock);
79
 
80
	caps = t->capabilities;
81
 
82
	spinlock_unlock(&t->lock);
83
	interrupts_restore(ipl);
84
 
85
	return caps;
86
}
1297 jermar 87
 
88
/** Grant capabilities to a task.
89
 *
90
 * The calling task must have the CAP_CAP capability.
91
 *
92
 * @param uspace_taskid_arg Userspace structure holding destination task ID.
93
 * @param caps Capabilities to grant.
94
 *
95
 * @return Zero on success or an error code from @ref errno.h.
96
 */
1780 jermar 97
unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps)
1297 jermar 98
{
99
	sysarg64_t taskid_arg;
100
	task_t *t;
101
	ipl_t ipl;
102
	int rc;
103
 
104
	if (!(cap_get(TASK) & CAP_CAP))
1780 jermar 105
		return (unative_t) EPERM;
1297 jermar 106
 
107
	rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
108
	if (rc != 0)
1780 jermar 109
		return (unative_t) rc;
1297 jermar 110
 
111
	ipl = interrupts_disable();
112
	spinlock_lock(&tasks_lock);
113
	t = task_find_by_id((task_id_t) taskid_arg.value);
1839 decky 114
	if ((!t) || (!context_check(CONTEXT, t->context))) {
1297 jermar 115
		spinlock_unlock(&tasks_lock);
116
		interrupts_restore(ipl);
1780 jermar 117
		return (unative_t) ENOENT;
1297 jermar 118
	}
119
 
1588 jermar 120
	spinlock_lock(&t->lock);
1297 jermar 121
	cap_set(t, cap_get(t) | caps);
1588 jermar 122
	spinlock_unlock(&t->lock);
1297 jermar 123
 
1588 jermar 124
	spinlock_unlock(&tasks_lock);
1297 jermar 125
	interrupts_restore(ipl);	
126
	return 0;
127
}
128
 
129
/** Revoke capabilities from a task.
130
 *
131
 * The calling task must have the CAP_CAP capability or the caller must
132
 * attempt to revoke capabilities from itself.
133
 *
134
 * @param uspace_taskid_arg Userspace structure holding destination task ID.
135
 * @param caps Capabilities to revoke.
136
 *
137
 * @return Zero on success or an error code from @ref errno.h.
138
 */
1780 jermar 139
unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps)
1297 jermar 140
{
141
	sysarg64_t taskid_arg;
142
	task_t *t;
143
	ipl_t ipl;
144
	int rc;
145
 
146
	rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
147
	if (rc != 0)
1780 jermar 148
		return (unative_t) rc;
1297 jermar 149
 
150
	ipl = interrupts_disable();
151
	spinlock_lock(&tasks_lock);	
152
	t = task_find_by_id((task_id_t) taskid_arg.value);
1839 decky 153
	if ((!t) || (!context_check(CONTEXT, t->context))) {
1297 jermar 154
		spinlock_unlock(&tasks_lock);
155
		interrupts_restore(ipl);
1780 jermar 156
		return (unative_t) ENOENT;
1297 jermar 157
	}
158
 
159
	/*
160
	 * Revoking capabilities is different from granting them in that
161
	 * a task can revoke capabilities from itself even if it
162
	 * doesn't have CAP_CAP.
163
	 */
164
	if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) {
1588 jermar 165
		spinlock_unlock(&tasks_lock);
1297 jermar 166
		interrupts_restore(ipl);
1780 jermar 167
		return (unative_t) EPERM;
1297 jermar 168
	}
1588 jermar 169
 
170
	spinlock_lock(&t->lock);
171
	cap_set(t, cap_get(t) & ~caps);
172
	spinlock_unlock(&t->lock);
1297 jermar 173
 
1588 jermar 174
	spinlock_unlock(&tasks_lock);
175
 
1297 jermar 176
	interrupts_restore(ipl);
177
	return 0;
178
}
1702 cejka 179
 
180
 /** @}
181
 */
182