/*
 * Copyright (C) 2006 Jakub Jermar
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * - Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 * - The name of the author may not be used to endorse or promote products
 *   derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/** @addtogroup generic	
 * @{
 */

/**
 * @file	cap.c
 * @brief	Capabilities control.
 *
 * @see cap.h
 */
 
#include <security/cap.h>
#include <proc/task.h>
#include <synch/spinlock.h>
#include <syscall/sysarg64.h>
#include <syscall/copy.h>
#include <arch.h>
#include <typedefs.h>
#include <errno.h>

/** Set capabilities.
 *
 * @param t Task whose capabilities are to be changed.
 * @param caps New set of capabilities.
 */
void cap_set(task_t *t, cap_t caps)
{
	ipl_t ipl;
	
	ipl = interrupts_disable();
	spinlock_lock(&t->lock);
	
	t->capabilities = caps;
	
	spinlock_unlock(&t->lock);
	interrupts_restore(ipl);
}

/** Get capabilities.
 *
 * @param t Task whose capabilities are to be returned.
 * @return Task's capabilities.
 */
cap_t cap_get(task_t *t)
{
	ipl_t ipl;
	cap_t caps;
	
	ipl = interrupts_disable();
	spinlock_lock(&t->lock);
	
	caps = t->capabilities;
	
	spinlock_unlock(&t->lock);
	interrupts_restore(ipl);
	
	return caps;
}

/** Grant capabilities to a task.
 *
 * The calling task must have the CAP_CAP capability.
 *
 * @param uspace_taskid_arg Userspace structure holding destination task ID.
 * @param caps Capabilities to grant.
 *
 * @return Zero on success or an error code from @ref errno.h.
 */
unative_t sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps)
{
	sysarg64_t taskid_arg;
	task_t *t;
	ipl_t ipl;
	int rc;
	
	if (!(cap_get(TASK) & CAP_CAP))
		return (unative_t) EPERM;
	
	rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
	if (rc != 0)
		return (unative_t) rc;
		
	ipl = interrupts_disable();
	spinlock_lock(&tasks_lock);
	t = task_find_by_id((task_id_t) taskid_arg.value);
	if ((!t) || (!context_check(CONTEXT, t->context))) {
		spinlock_unlock(&tasks_lock);
		interrupts_restore(ipl);
		return (unative_t) ENOENT;
	}
	
	spinlock_lock(&t->lock);
	cap_set(t, cap_get(t) | caps);
	spinlock_unlock(&t->lock);
	
	spinlock_unlock(&tasks_lock);
	interrupts_restore(ipl);	
	return 0;
}

/** Revoke capabilities from a task.
 *
 * The calling task must have the CAP_CAP capability or the caller must
 * attempt to revoke capabilities from itself.
 *
 * @param uspace_taskid_arg Userspace structure holding destination task ID.
 * @param caps Capabilities to revoke.
 *
 * @return Zero on success or an error code from @ref errno.h.
 */
unative_t sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps)
{
	sysarg64_t taskid_arg;
	task_t *t;
	ipl_t ipl;
	int rc;
	
	rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
	if (rc != 0)
		return (unative_t) rc;

	ipl = interrupts_disable();
	spinlock_lock(&tasks_lock);	
	t = task_find_by_id((task_id_t) taskid_arg.value);
	if ((!t) || (!context_check(CONTEXT, t->context))) {
		spinlock_unlock(&tasks_lock);
		interrupts_restore(ipl);
		return (unative_t) ENOENT;
	}

	/*
	 * Revoking capabilities is different from granting them in that
	 * a task can revoke capabilities from itself even if it
	 * doesn't have CAP_CAP.
	 */
	if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) {
		spinlock_unlock(&tasks_lock);
		interrupts_restore(ipl);
		return (unative_t) EPERM;
	}
	
	spinlock_lock(&t->lock);
	cap_set(t, cap_get(t) & ~caps);
	spinlock_unlock(&t->lock);

	spinlock_unlock(&tasks_lock);

	interrupts_restore(ipl);
	return 0;
}

/** @}
 */