From owner-p4-projects@FreeBSD.ORG Thu Aug 21 13:25:34 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EC9FB1065677; Thu, 21 Aug 2008 13:25:33 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B01A21065682 for ; Thu, 21 Aug 2008 13:25:33 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 9D5208FC1A for ; Thu, 21 Aug 2008 13:25:33 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7LDPXbd035709 for ; Thu, 21 Aug 2008 13:25:33 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7LDPXet035707 for perforce@freebsd.org; Thu, 21 Aug 2008 13:25:33 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 21 Aug 2008 13:25:33 GMT Message-Id: <200808211325.m7LDPXet035707@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 147999 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2008 13:25:34 -0000 http://perforce.freebsd.org/chv.cgi?CH=147999 Change 147999 by rwatson@rwatson_freebsd_capabilities on 2008/08/21 13:24:46 Add capability rights for some new file descriptor methods introduced in 8.x in the last few months: CAP_LOOKUP Capability can be used as fd argument to foo_at(2) system calls. CAP_SEM_POST Capability can be used for ksem_post(2) system call. CAP_SEM_WAIT Capability can be used for ksem_wait(2) and variant system calls. CAP_SEM_GETVALUE Capability can be used for ksem_getvalue(2) system call. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_sem.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_lookup.c#4 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_sem.c#3 (text+ko) ==== @@ -38,6 +38,7 @@ #include "opt_posix.h" #include +#include #include #include #include @@ -116,7 +117,8 @@ semid_t *semidp, mode_t mode, unsigned int value, int flags); static void ksem_drop(struct ksem *ks); -static int ksem_get(struct thread *td, semid_t id, struct file **fpp); +static int ksem_get(struct thread *td, semid_t id, cap_rights_t rights, + struct file **fpp); static struct ksem *ksem_hold(struct ksem *ks); static void ksem_insert(char *path, Fnv32_t fnv, struct ksem *ks); static struct ksem *ksem_lookup(char *path, Fnv32_t fnv); @@ -498,13 +500,14 @@ } static int -ksem_get(struct thread *td, semid_t id, struct file **fpp) +ksem_get(struct thread *td, semid_t id, cap_rights_t rights, + struct file **fpp) { struct ksem *ks; struct file *fp; int error; - error = fget(td, id, &fp); + error = fget(td, id, rights, &fp); if (error) return (EINVAL); if (fp->f_type != DTYPE_SEM) { @@ -594,7 +597,8 @@ struct file *fp; int error; - error = ksem_get(td, uap->id, &fp); + /* XXXRW: No capability required here. */ + error = ksem_get(td, uap->id, 0, &fp); if (error) return (error); ks = fp->f_data; @@ -619,7 +623,7 @@ struct ksem *ks; int error; - error = ksem_get(td, uap->id, &fp); + error = ksem_get(td, uap->id, CAP_SEM_POST, &fp); if (error) return (error); ks = fp->f_data; @@ -709,7 +713,7 @@ int error; DP((">>> kern_sem_wait entered!\n")); - error = ksem_get(td, id, &fp); + error = ksem_get(td, id, CAP_SEM_WAIT, &fp); if (error) return (error); ks = fp->f_data; @@ -771,7 +775,7 @@ struct ksem *ks; int error, val; - error = ksem_get(td, uap->id, &fp); + error = ksem_get(td, uap->id, CAP_SEM_GETVALUE, &fp); if (error) return (error); ks = fp->f_data; @@ -805,7 +809,8 @@ struct ksem *ks; int error; - error = ksem_get(td, uap->id, &fp); + /* XXXRW: No capability required since basically a close wrapper? */ + error = ksem_get(td, uap->id, 0, &fp); if (error) return (error); ks = fp->f_data; ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_lookup.c#4 (text+ko) ==== @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include @@ -194,7 +195,7 @@ ndp->ni_topdir = fdp->fd_jdir; if (cnp->cn_pnbuf[0] != '/' && ndp->ni_dirfd != AT_FDCWD) { - error = fgetvp(td, ndp->ni_dirfd, &dp); + error = fgetvp(td, ndp->ni_dirfd, CAP_LOOKUP, &dp); FILEDESC_SUNLOCK(fdp); if (error == 0 && dp->v_type != VDIR) { vfslocked = VFS_LOCK_GIANT(dp->v_mount); ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 $ */ /* @@ -76,7 +76,11 @@ #define CAP_LISTEN 0x0000001000000000ULL /* listen */ #define CAP_SHUTDOWN 0x0000002000000000ULL /* shutdown */ #define CAP_PEELOFF 0x0000004000000000ULL /* sctp_peeloff */ -#define CAP_MASK_VALID 0x0000007fffffffffULL +#define CAP_LOOKUP 0x0000008000000000ULL /* _at(2) lookup */ +#define CAP_SEM_POST 0x0000010000000000ULL /* ksem_post */ +#define CAP_SEM_WAIT 0x0000020000000000ULL /* ksem_wait */ +#define CAP_SEM_GETVALUE 0x0000040000000000ULL /* ksem_getvalue */ +#define CAP_MASK_VALID 0x000007ffffffffffULL /* * Notes: