Date: Sun, 14 Sep 2008 18:03:33 GMT From: Hans Petter Selasky <hselasky@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 149768 for review Message-ID: <200809141803.m8EI3XhD056885@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=149768 Change 149768 by hselasky@hselasky_laptop001 on 2008/09/14 18:02:52 Cleanup USB permissions code. Use "vaccess" instead of re-inventing the wheel. Affected files ... .. //depot/projects/usb/src/sys/dev/usb2/core/usb2_core.h#20 edit .. //depot/projects/usb/src/sys/dev/usb2/core/usb2_dev.c#32 edit Differences ... ==== //depot/projects/usb/src/sys/dev/usb2/core/usb2_core.h#20 (text+ko) ==== @@ -42,14 +42,6 @@ #define USB_USE_CONDVAR 0 #endif -#ifndef USB_TD_GET_RUID -#define USB_TD_GET_RUID(td) (td)->td_ucred->cr_ruid -#endif - -#ifndef USB_TD_GET_RGID -#define USB_TD_GET_RGID(td) (td)->td_ucred->cr_rgid -#endif - #ifndef USB_TD_GET_PROC #define USB_TD_GET_PROC(td) (td)->td_proc #endif ==== //depot/projects/usb/src/sys/dev/usb2/core/usb2_dev.c#32 (text+ko) ==== @@ -74,7 +74,7 @@ static uint32_t usb2_path_convert_one(const char **pp); static uint32_t usb2_path_convert(const char *path); -static uint8_t usb2_match_perm(struct usb2_perm *psystem, struct usb2_perm *puser); +static int usb2_check_access(int fflags, struct usb2_perm *puser); static int usb2_fifo_open(struct usb2_fifo *f, struct file *fp, struct thread *td, int fflags); static void usb2_fifo_close(struct usb2_fifo *f, struct thread *td, int fflags); static void usb2_dev_init(void *arg); @@ -421,37 +421,33 @@ } /*------------------------------------------------------------------------* - * usb2_match_perm + * usb2_check_access * - * This function will compare two permission structures and see if - * they are matching. + * This function will verify the given access information. * * Return values: - * 0: Permissions are not matching. - * Else: Permissions are matching. + * 0: Access granted. + * Else: No access granted. *------------------------------------------------------------------------*/ -static uint8_t -usb2_match_perm(struct usb2_perm *psystem, struct usb2_perm *puser) +static int +usb2_check_access(int fflags, struct usb2_perm *puser) { - uint16_t mode; + mode_t accmode; - if ((psystem->mode != 0) && (puser->mode != 0)) { + if ((fflags & (FWRITE | FREAD)) && (puser->mode != 0)) { /* continue */ } else { - return (0); /* no access */ + return (EPERM); /* no access */ } - /* get the mode differences with regard to the bits that are set */ - mode = ((psystem->mode ^ puser->mode) & puser->mode); + accmode = 0; + if (fflags & FWRITE) + accmode |= VWRITE; + if (fflags & FREAD) + accmode |= VREAD; - if ((psystem->uid == puser->uid) && ((mode & 0700) == 0)) { - return (1); /* allow access */ - } else if ((psystem->gid == puser->gid) && ((mode & 0070) == 0)) { - return (1); /* allow access */ - } else if ((mode & 0007) == 0) { - return (1); /* allow access */ - } - return (0); /* deny access */ + return (vaccess(VCHR, puser->mode, puser->uid, + puser->gid, accmode, curthread->td_ucred, NULL)); } /*------------------------------------------------------------------------* @@ -1117,7 +1113,6 @@ usb2_check_thread_perm(struct usb2_device *udev, struct thread *td, int fflags, uint8_t iface_index, uint8_t ep_index) { - struct usb2_perm perm; struct usb2_interface *iface; int err; @@ -1128,30 +1123,20 @@ if (iface->idesc == NULL) { return (EINVAL); } - /* set default value */ - bzero(&perm, sizeof(perm)); - - /* create a permissions mask */ - perm.uid = USB_TD_GET_RUID(td); - perm.uid = USB_TD_GET_RGID(td); - perm.mode = 0; - if (fflags & FREAD) - perm.mode |= 0444; - if (fflags & FWRITE) - perm.mode |= 0222; - /* scan down the permissions tree */ if ((ep_index != 0) && iface && - usb2_match_perm(&perm, &iface->perm)) { + (usb2_check_access(fflags, &iface->perm) == 0)) { /* we got access through the interface */ err = 0; - } else if (udev && usb2_match_perm(&perm, &udev->perm)) { + } else if (udev && + (usb2_check_access(fflags, &udev->perm) == 0)) { /* we got access through the device */ err = 0; - } else if (udev->bus && usb2_match_perm(&perm, &udev->bus->perm)) { + } else if (udev->bus && + (usb2_check_access(fflags, &udev->bus->perm) == 0)) { /* we got access through the USB bus */ err = 0; - } else if (usb2_match_perm(&perm, &usb2_perm)) { + } else if (usb2_check_access(fflags, &usb2_perm) == 0) { /* we got general access */ err = 0; } else { @@ -1409,9 +1394,14 @@ * Create a dummy device so that we are visible. This device * should never be opened. Therefore a space character is * appended after the USB device name. + * + * NOTE: The permissions of this device is 0777, because we + * check the permissions again in the open routine against the + * real USB permissions which are not 0777. Else USB access + * will be limited to one user and one group. */ usb2_dev = make_dev(&usb2_devsw, 0, UID_ROOT, GID_OPERATOR, - 0000, USB_DEVICE_NAME " "); + 0777, USB_DEVICE_NAME " "); if (usb2_dev == NULL) { DPRINTFN(0, "Could not create usb bus device!\n"); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809141803.m8EI3XhD056885>