Date: Thu, 21 Aug 2008 13:25:33 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 147999 for review Message-ID: <200808211325.m7LDPXet035707@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=147999 Change 147999 by rwatson@rwatson_freebsd_capabilities on 2008/08/21 13:24:46 Add capability rights for some new file descriptor methods introduced in 8.x in the last few months: CAP_LOOKUP Capability can be used as fd argument to foo_at(2) system calls. CAP_SEM_POST Capability can be used for ksem_post(2) system call. CAP_SEM_WAIT Capability can be used for ksem_wait(2) and variant system calls. CAP_SEM_GETVALUE Capability can be used for ksem_getvalue(2) system call. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_sem.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_lookup.c#4 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_sem.c#3 (text+ko) ==== @@ -38,6 +38,7 @@ #include "opt_posix.h" #include <sys/param.h> +#include <sys/capability.h> #include <sys/condvar.h> #include <sys/fcntl.h> #include <sys/file.h> @@ -116,7 +117,8 @@ semid_t *semidp, mode_t mode, unsigned int value, int flags); static void ksem_drop(struct ksem *ks); -static int ksem_get(struct thread *td, semid_t id, struct file **fpp); +static int ksem_get(struct thread *td, semid_t id, cap_rights_t rights, + struct file **fpp); static struct ksem *ksem_hold(struct ksem *ks); static void ksem_insert(char *path, Fnv32_t fnv, struct ksem *ks); static struct ksem *ksem_lookup(char *path, Fnv32_t fnv); @@ -498,13 +500,14 @@ } static int -ksem_get(struct thread *td, semid_t id, struct file **fpp) +ksem_get(struct thread *td, semid_t id, cap_rights_t rights, + struct file **fpp) { struct ksem *ks; struct file *fp; int error; - error = fget(td, id, &fp); + error = fget(td, id, rights, &fp); if (error) return (EINVAL); if (fp->f_type != DTYPE_SEM) { @@ -594,7 +597,8 @@ struct file *fp; int error; - error = ksem_get(td, uap->id, &fp); + /* XXXRW: No capability required here. */ + error = ksem_get(td, uap->id, 0, &fp); if (error) return (error); ks = fp->f_data; @@ -619,7 +623,7 @@ struct ksem *ks; int error; - error = ksem_get(td, uap->id, &fp); + error = ksem_get(td, uap->id, CAP_SEM_POST, &fp); if (error) return (error); ks = fp->f_data; @@ -709,7 +713,7 @@ int error; DP((">>> kern_sem_wait entered!\n")); - error = ksem_get(td, id, &fp); + error = ksem_get(td, id, CAP_SEM_WAIT, &fp); if (error) return (error); ks = fp->f_data; @@ -771,7 +775,7 @@ struct ksem *ks; int error, val; - error = ksem_get(td, uap->id, &fp); + error = ksem_get(td, uap->id, CAP_SEM_GETVALUE, &fp); if (error) return (error); ks = fp->f_data; @@ -805,7 +809,8 @@ struct ksem *ks; int error; - error = ksem_get(td, uap->id, &fp); + /* XXXRW: No capability required since basically a close wrapper? */ + error = ksem_get(td, uap->id, 0, &fp); if (error) return (error); ks = fp->f_data; ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_lookup.c#4 (text+ko) ==== @@ -44,6 +44,7 @@ #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> +#include <sys/capability.h> #include <sys/fcntl.h> #include <sys/lock.h> #include <sys/mutex.h> @@ -194,7 +195,7 @@ ndp->ni_topdir = fdp->fd_jdir; if (cnp->cn_pnbuf[0] != '/' && ndp->ni_dirfd != AT_FDCWD) { - error = fgetvp(td, ndp->ni_dirfd, &dp); + error = fgetvp(td, ndp->ni_dirfd, CAP_LOOKUP, &dp); FILEDESC_SUNLOCK(fdp); if (error == 0 && dp->v_type != VDIR) { vfslocked = VFS_LOCK_GIANT(dp->v_mount); ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 $ */ /* @@ -76,7 +76,11 @@ #define CAP_LISTEN 0x0000001000000000ULL /* listen */ #define CAP_SHUTDOWN 0x0000002000000000ULL /* shutdown */ #define CAP_PEELOFF 0x0000004000000000ULL /* sctp_peeloff */ -#define CAP_MASK_VALID 0x0000007fffffffffULL +#define CAP_LOOKUP 0x0000008000000000ULL /* _at(2) lookup */ +#define CAP_SEM_POST 0x0000010000000000ULL /* ksem_post */ +#define CAP_SEM_WAIT 0x0000020000000000ULL /* ksem_wait */ +#define CAP_SEM_GETVALUE 0x0000040000000000ULL /* ksem_getvalue */ +#define CAP_MASK_VALID 0x000007ffffffffffULL /* * Notes:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808211325.m7LDPXet035707>