source: mainline/kernel/generic/src/security/cap.c@ 8ccd2ea

lfn serial ticket/834-toolchain-update topic/msim-upgrade topic/simplify-dev-export
Last change on this file since 8ccd2ea was b3f8fb7, checked in by Martin Decky <martin@…>, 18 years ago

huge type system cleanup
remove cyclical type dependencies across multiple header files
many minor coding style fixes
  • Property mode set to 100644
File size: 4.6 KB
Line 
1/*
2 * Copyright (c) 2006 Jakub Jermar
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * - Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * - Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * - The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29/** @addtogroup generic
30 * @{
31 */
32
33/**
34 * @file cap.c
35 * @brief Capabilities control.
36 *
37 * @see cap.h
38 */
39
40#include <security/cap.h>
41#include <proc/task.h>
42#include <synch/spinlock.h>
43#include <syscall/sysarg64.h>
44#include <syscall/copy.h>
45#include <arch.h>
46#include <errno.h>
47
48/** Set capabilities.
49 *
50 * @param t Task whose capabilities are to be changed.
51 * @param caps New set of capabilities.
52 */
53void cap_set(task_t *t, cap_t caps)
54{
55 ipl_t ipl;
56
57 ipl = interrupts_disable();
58 spinlock_lock(&t->lock);
59
60 t->capabilities = caps;
61
62 spinlock_unlock(&t->lock);
63 interrupts_restore(ipl);
64}
65
66/** Get capabilities.
67 *
68 * @param t Task whose capabilities are to be returned.
69 * @return Task's capabilities.
70 */
71cap_t cap_get(task_t *t)
72{
73 ipl_t ipl;
74 cap_t caps;
75
76 ipl = interrupts_disable();
77 spinlock_lock(&t->lock);
78
79 caps = t->capabilities;
80
81 spinlock_unlock(&t->lock);
82 interrupts_restore(ipl);
83
84 return caps;
85}
86
87/** Grant capabilities to a task.
88 *
89 * The calling task must have the CAP_CAP capability.
90 *
91 * @param uspace_taskid_arg Userspace structure holding destination task ID.
92 * @param caps Capabilities to grant.
93 *
94 * @return Zero on success or an error code from @ref errno.h.
95 */
96unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps)
97{
98 sysarg64_t taskid_arg;
99 task_t *t;
100 ipl_t ipl;
101 int rc;
102
103 if (!(cap_get(TASK) & CAP_CAP))
104 return (unative_t) EPERM;
105
106 rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
107 if (rc != 0)
108 return (unative_t) rc;
109
110 ipl = interrupts_disable();
111 spinlock_lock(&tasks_lock);
112 t = task_find_by_id((task_id_t) taskid_arg.value);
113 if ((!t) || (!context_check(CONTEXT, t->context))) {
114 spinlock_unlock(&tasks_lock);
115 interrupts_restore(ipl);
116 return (unative_t) ENOENT;
117 }
118
119 spinlock_lock(&t->lock);
120 cap_set(t, cap_get(t) | caps);
121 spinlock_unlock(&t->lock);
122
123 spinlock_unlock(&tasks_lock);
124 interrupts_restore(ipl);
125 return 0;
126}
127
128/** Revoke capabilities from a task.
129 *
130 * The calling task must have the CAP_CAP capability or the caller must
131 * attempt to revoke capabilities from itself.
132 *
133 * @param uspace_taskid_arg Userspace structure holding destination task ID.
134 * @param caps Capabilities to revoke.
135 *
136 * @return Zero on success or an error code from @ref errno.h.
137 */
138unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps)
139{
140 sysarg64_t taskid_arg;
141 task_t *t;
142 ipl_t ipl;
143 int rc;
144
145 rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
146 if (rc != 0)
147 return (unative_t) rc;
148
149 ipl = interrupts_disable();
150 spinlock_lock(&tasks_lock);
151 t = task_find_by_id((task_id_t) taskid_arg.value);
152 if ((!t) || (!context_check(CONTEXT, t->context))) {
153 spinlock_unlock(&tasks_lock);
154 interrupts_restore(ipl);
155 return (unative_t) ENOENT;
156 }
157
158 /*
159 * Revoking capabilities is different from granting them in that
160 * a task can revoke capabilities from itself even if it
161 * doesn't have CAP_CAP.
162 */
163 if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) {
164 spinlock_unlock(&tasks_lock);
165 interrupts_restore(ipl);
166 return (unative_t) EPERM;
167 }
168
169 spinlock_lock(&t->lock);
170 cap_set(t, cap_get(t) & ~caps);
171 spinlock_unlock(&t->lock);
172
173 spinlock_unlock(&tasks_lock);
174
175 interrupts_restore(ipl);
176 return 0;
177}
178
179/** @}
180 */
181
Note: See TracBrowser for help on using the repository browser.