From owner-svn-src-all@FreeBSD.ORG  Fri Jul 15 18:26:19 2011
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9181C1065670;
	Fri, 15 Jul 2011 18:26:19 +0000 (UTC)
	(envelope-from jonathan@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 809228FC14;
	Fri, 15 Jul 2011 18:26:19 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p6FIQJKO090752;
	Fri, 15 Jul 2011 18:26:19 GMT
	(envelope-from jonathan@svn.freebsd.org)
Received: (from jonathan@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p6FIQJ15090747;
	Fri, 15 Jul 2011 18:26:19 GMT
	(envelope-from jonathan@svn.freebsd.org)
Message-Id: <201107151826.p6FIQJ15090747@svn.freebsd.org>
From: Jonathan Anderson <jonathan@FreeBSD.org>
Date: Fri, 15 Jul 2011 18:26:19 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r224066 - in head/sys: compat/freebsd32 kern sys
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2011 18:26:19 -0000

Author: jonathan
Date: Fri Jul 15 18:26:19 2011
New Revision: 224066
URL: http://svn.freebsd.org/changeset/base/224066

Log:
  Add cap_new() and cap_getrights() system calls.
  
  Implement two previously-reserved Capsicum system calls:
  - cap_new() creates a capability to wrap an existing file descriptor
  - cap_getrights() queries the rights mask of a capability.
  
  Approved by: mentor (rwatson), re (Capsicum blanket)
  Sponsored by: Google Inc

Modified:
  head/sys/compat/freebsd32/syscalls.master
  head/sys/kern/sys_capability.c
  head/sys/kern/syscalls.master
  head/sys/sys/capability.h

Modified: head/sys/compat/freebsd32/syscalls.master
==============================================================================
--- head/sys/compat/freebsd32/syscalls.master	Fri Jul 15 18:10:59 2011	(r224065)
+++ head/sys/compat/freebsd32/syscalls.master	Fri Jul 15 18:26:19 2011	(r224066)
@@ -957,8 +957,9 @@
 512	AUE_SHMCTL	NOSTD	{ int freebsd32_shmctl(int shmid, int cmd, \
 				    struct shmid_ds32 *buf); }
 513	AUE_LPATHCONF	NOPROTO	{ int lpathconf(char *path, int name); }
-514	AUE_CAP_NEW	UNIMPL	cap_new
-515	AUE_CAP_GETRIGHTS	UNIMPL	cap_getrights
+514	AUE_CAP_NEW	NOPROTO	{ int cap_new(int fd, u_int64_t rights); }
+515	AUE_CAP_GETRIGHTS	NOPROTO	{ int cap_getrights(int fd, \
+				    u_int64_t *rightsp); }
 516	AUE_CAP_ENTER	NOPROTO	{ int cap_enter(void); }
 517	AUE_CAP_GETMODE	NOPROTO	{ int cap_getmode(u_int *modep); }
 518	AUE_PDFORK	UNIMPL	pdfork

Modified: head/sys/kern/sys_capability.c
==============================================================================
--- head/sys/kern/sys_capability.c	Fri Jul 15 18:10:59 2011	(r224065)
+++ head/sys/kern/sys_capability.c	Fri Jul 15 18:26:19 2011	(r224066)
@@ -212,6 +212,59 @@ cap_rights(struct file *fp_cap)
 }
 
 /*
+ * System call to create a new capability reference to either an existing
+ * file object or an an existing capability.
+ */
+int
+cap_new(struct thread *td, struct cap_new_args *uap)
+{
+	int error, capfd;
+	int fd = uap->fd;
+	struct file *fp, *fcapp;
+	cap_rights_t rights = uap->rights;
+
+	AUDIT_ARG_FD(fd);
+#ifdef notyet	/* capability auditing will follow in a few commits */
+	AUDIT_ARG_RIGHTS(rights);
+#endif
+	error = fget(td, fd, &fp);
+	if (error)
+		return (error);
+	AUDIT_ARG_FILE(td->td_proc, fp);
+	error = kern_capwrap(td, fp, rights, &fcapp, &capfd);
+	if (error)
+		return (error);
+
+	/*
+	 * Release our reference to the file (kern_capwrap has held a reference
+	 * for the filedesc array).
+	 */
+	fdrop(fp, td);
+	td->td_retval[0] = capfd;
+	return (0);
+}
+
+/*
+ * System call to query the rights mask associated with a capability.
+ */
+int
+cap_getrights(struct thread *td, struct cap_getrights_args *uap)
+{
+	struct capability *cp;
+	struct file *fp;
+	int error;
+
+	AUDIT_ARG_FD(uap->fd);
+	error = fgetcap(td, uap->fd, &fp);
+	if (error)
+		return (error);
+	cp = fp->f_data;
+	error = copyout(&cp->cap_rights, uap->rightsp, sizeof(*uap->rightsp));
+	fdrop(fp, td);
+	return (error);
+}
+
+/*
  * Create a capability to wrap around an existing file.
  */
 int
@@ -423,6 +476,20 @@ capability_stat(struct file *fp, struct 
  * into the kernel.
  */
 int
+cap_new(struct thread *td, struct cap_new_args *uap)
+{
+
+	return (ENOSYS);
+}
+
+int
+cap_getrights(struct thread *td, struct cap_getrights_args *uap)
+{
+
+	return (ENOSYS);
+}
+
+int
 cap_funwrap(struct file *fp_cap, cap_rights_t rights, struct file **fpp)
 {
 

Modified: head/sys/kern/syscalls.master
==============================================================================
--- head/sys/kern/syscalls.master	Fri Jul 15 18:10:59 2011	(r224065)
+++ head/sys/kern/syscalls.master	Fri Jul 15 18:26:19 2011	(r224066)
@@ -914,8 +914,9 @@
 512	AUE_SHMCTL	NOSTD	{ int shmctl(int shmid, int cmd, \
 				    struct shmid_ds *buf); }
 513	AUE_LPATHCONF	STD	{ int lpathconf(char *path, int name); }
-514	AUE_CAP_NEW	UNIMPL	cap_new
-515	AUE_CAP_GETRIGHTS	UNIMPL	cap_getrights
+514	AUE_CAP_NEW	STD	{ int cap_new(int fd, u_int64_t rights); }
+515	AUE_CAP_GETRIGHTS	STD	{ int cap_getrights(int fd, \
+				    u_int64_t *rightsp); }
 516	AUE_CAP_ENTER	STD	{ int cap_enter(void); }
 517	AUE_CAP_GETMODE	STD	{ int cap_getmode(u_int *modep); }
 518	AUE_PDFORK	UNIMPL	pdfork

Modified: head/sys/sys/capability.h
==============================================================================
--- head/sys/sys/capability.h	Fri Jul 15 18:10:59 2011	(r224065)
+++ head/sys/sys/capability.h	Fri Jul 15 18:26:19 2011	(r224066)
@@ -110,6 +110,18 @@ int	cap_enter(void);
  */
 int	cap_getmode(u_int* modep);
 
+/*
+ * cap_new(): Create a new capability derived from an existing file
+ * descriptor with the specified rights.  If the existing file descriptor is
+ * a capability, then the new rights must be a subset of the existing rights.
+ */
+int	cap_new(int fd, cap_rights_t rights);
+
+/*
+ * cap_getrights(): Query the rights on a capability.
+ */
+int	cap_getrights(int fd, cap_rights_t *rightsp);
+
 __END_DECLS
 
 #endif /* !_KERNEL */