Changes in kernel/generic/src/security/cap.c [da1bafb:b3f8fb7] in mainline
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
kernel/generic/src/security/cap.c
rda1bafb rb3f8fb7 27 27 */ 28 28 29 /** @addtogroup generic 29 /** @addtogroup generic 30 30 * @{ 31 31 */ 32 32 33 33 /** 34 * @file 35 * @brief 34 * @file cap.c 35 * @brief Capabilities control. 36 36 * 37 37 * @see cap.h 38 38 */ 39 39 40 40 #include <security/cap.h> 41 41 #include <proc/task.h> … … 48 48 /** Set capabilities. 49 49 * 50 * @param t askTask whose capabilities are to be changed.50 * @param t Task whose capabilities are to be changed. 51 51 * @param caps New set of capabilities. 52 *53 52 */ 54 void cap_set(task_t *t ask, cap_t caps)53 void cap_set(task_t *t, cap_t caps) 55 54 { 56 irq_spinlock_lock(&task->lock, true); 57 task->capabilities = caps; 58 irq_spinlock_unlock(&task->lock, true); 55 ipl_t ipl; 56 57 ipl = interrupts_disable(); 58 spinlock_lock(&t->lock); 59 60 t->capabilities = caps; 61 62 spinlock_unlock(&t->lock); 63 interrupts_restore(ipl); 59 64 } 60 65 61 66 /** Get capabilities. 62 67 * 63 * @param task Task whose capabilities are to be returned. 64 * 68 * @param t Task whose capabilities are to be returned. 65 69 * @return Task's capabilities. 66 *67 70 */ 68 cap_t cap_get(task_t *t ask)71 cap_t cap_get(task_t *t) 69 72 { 70 irq_spinlock_lock(&task->lock, true); 71 cap_t caps = task->capabilities; 72 irq_spinlock_unlock(&task->lock, true); 73 ipl_t ipl; 74 cap_t caps; 75 76 ipl = interrupts_disable(); 77 spinlock_lock(&t->lock); 78 79 caps = t->capabilities; 80 81 spinlock_unlock(&t->lock); 82 interrupts_restore(ipl); 73 83 74 84 return caps; … … 83 93 * 84 94 * @return Zero on success or an error code from @ref errno.h. 85 *86 95 */ 87 96 unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps) 88 97 { 98 sysarg64_t taskid_arg; 99 task_t *t; 100 ipl_t ipl; 101 int rc; 102 89 103 if (!(cap_get(TASK) & CAP_CAP)) 90 104 return (unative_t) EPERM; 91 105 92 sysarg64_t taskid_arg; 93 int rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); 106 rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); 94 107 if (rc != 0) 95 108 return (unative_t) rc; 96 97 irq_spinlock_lock(&tasks_lock, true); 98 task_t *task = task_find_by_id((task_id_t) taskid_arg.value); 99 100 if ((!task) || (!context_check(CONTEXT, task->context))) { 101 irq_spinlock_unlock(&tasks_lock, true); 109 110 ipl = interrupts_disable(); 111 spinlock_lock(&tasks_lock); 112 t = task_find_by_id((task_id_t) taskid_arg.value); 113 if ((!t) || (!context_check(CONTEXT, t->context))) { 114 spinlock_unlock(&tasks_lock); 115 interrupts_restore(ipl); 102 116 return (unative_t) ENOENT; 103 117 } 104 118 105 irq_spinlock_lock(&task->lock, false);106 task->capabilities |= caps;107 irq_spinlock_unlock(&task->lock, false);119 spinlock_lock(&t->lock); 120 cap_set(t, cap_get(t) | caps); 121 spinlock_unlock(&t->lock); 108 122 109 irq_spinlock_unlock(&tasks_lock, true); 123 spinlock_unlock(&tasks_lock); 124 interrupts_restore(ipl); 110 125 return 0; 111 126 } … … 120 135 * 121 136 * @return Zero on success or an error code from @ref errno.h. 122 *123 137 */ 124 138 unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps) 125 139 { 126 140 sysarg64_t taskid_arg; 127 int rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); 141 task_t *t; 142 ipl_t ipl; 143 int rc; 144 145 rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t)); 128 146 if (rc != 0) 129 147 return (unative_t) rc; 130 131 irq_spinlock_lock(&tasks_lock, true); 132 133 task_t *task = task_find_by_id((task_id_t) taskid_arg.value); 134 if ((!task) || (!context_check(CONTEXT, task->context))) { 135 irq_spinlock_unlock(&tasks_lock, true); 148 149 ipl = interrupts_disable(); 150 spinlock_lock(&tasks_lock); 151 t = task_find_by_id((task_id_t) taskid_arg.value); 152 if ((!t) || (!context_check(CONTEXT, t->context))) { 153 spinlock_unlock(&tasks_lock); 154 interrupts_restore(ipl); 136 155 return (unative_t) ENOENT; 137 156 } 138 157 139 158 /* 140 159 * Revoking capabilities is different from granting them in that … … 142 161 * doesn't have CAP_CAP. 143 162 */ 144 irq_spinlock_unlock(&TASK->lock, false); 145 146 if ((!(TASK->capabilities & CAP_CAP)) || (task != TASK)) { 147 irq_spinlock_unlock(&TASK->lock, false); 148 irq_spinlock_unlock(&tasks_lock, true); 163 if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) { 164 spinlock_unlock(&tasks_lock); 165 interrupts_restore(ipl); 149 166 return (unative_t) EPERM; 150 167 } 151 168 152 task->capabilities &= ~caps; 153 irq_spinlock_unlock(&TASK->lock, false); 154 155 irq_spinlock_unlock(&tasks_lock, true); 169 spinlock_lock(&t->lock); 170 cap_set(t, cap_get(t) & ~caps); 171 spinlock_unlock(&t->lock); 172 173 spinlock_unlock(&tasks_lock); 174 175 interrupts_restore(ipl); 156 176 return 0; 157 177 } … … 159 179 /** @} 160 180 */ 181
Note:
See TracChangeset
for help on using the changeset viewer.