PERFORCE change 147999 for review

Robert Watson rwatson at FreeBSD.org
Thu Aug 21 13:25:34 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=147999

Change 147999 by rwatson at rwatson_freebsd_capabilities on 2008/08/21 13:24:46

	Add capability rights for some new file descriptor methods
	introduced in 8.x in the last few months:
	
	CAP_LOOKUP              Capability can be used as fd argument to
	                        foo_at(2) system calls.
	
	CAP_SEM_POST            Capability can be used for ksem_post(2)
	                        system call.
	
	CAP_SEM_WAIT            Capability can be used for ksem_wait(2) and
	                        variant system calls.
	
	CAP_SEM_GETVALUE        Capability can be used for ksem_getvalue(2)
	                        system call.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_sem.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_lookup.c#4 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_sem.c#3 (text+ko) ====

@@ -38,6 +38,7 @@
 #include "opt_posix.h"
 
 #include <sys/param.h>
+#include <sys/capability.h>
 #include <sys/condvar.h>
 #include <sys/fcntl.h>
 #include <sys/file.h>
@@ -116,7 +117,8 @@
 		    semid_t *semidp, mode_t mode, unsigned int value,
 		    int flags);
 static void	ksem_drop(struct ksem *ks);
-static int	ksem_get(struct thread *td, semid_t id, struct file **fpp);
+static int	ksem_get(struct thread *td, semid_t id, cap_rights_t rights,
+		    struct file **fpp);
 static struct ksem *ksem_hold(struct ksem *ks);
 static void	ksem_insert(char *path, Fnv32_t fnv, struct ksem *ks);
 static struct ksem *ksem_lookup(char *path, Fnv32_t fnv);
@@ -498,13 +500,14 @@
 }
 
 static int
-ksem_get(struct thread *td, semid_t id, struct file **fpp)
+ksem_get(struct thread *td, semid_t id, cap_rights_t rights,
+    struct file **fpp)
 {
 	struct ksem *ks;
 	struct file *fp;
 	int error;
 
-	error = fget(td, id, &fp);
+	error = fget(td, id, rights, &fp);
 	if (error)
 		return (EINVAL);
 	if (fp->f_type != DTYPE_SEM) {
@@ -594,7 +597,8 @@
 	struct file *fp;
 	int error;
 
-	error = ksem_get(td, uap->id, &fp);
+	/* XXXRW: No capability required here. */
+	error = ksem_get(td, uap->id, 0, &fp);
 	if (error)
 		return (error);
 	ks = fp->f_data;
@@ -619,7 +623,7 @@
 	struct ksem *ks;
 	int error;
 
-	error = ksem_get(td, uap->id, &fp);
+	error = ksem_get(td, uap->id, CAP_SEM_POST, &fp);
 	if (error)
 		return (error);
 	ks = fp->f_data;
@@ -709,7 +713,7 @@
 	int error;
 
 	DP((">>> kern_sem_wait entered!\n"));
-	error = ksem_get(td, id, &fp);
+	error = ksem_get(td, id, CAP_SEM_WAIT, &fp);
 	if (error)
 		return (error);
 	ks = fp->f_data;
@@ -771,7 +775,7 @@
 	struct ksem *ks;
 	int error, val;
 
-	error = ksem_get(td, uap->id, &fp);
+	error = ksem_get(td, uap->id, CAP_SEM_GETVALUE, &fp);
 	if (error)
 		return (error);
 	ks = fp->f_data;
@@ -805,7 +809,8 @@
 	struct ksem *ks;
 	int error;
 
-	error = ksem_get(td, uap->id, &fp);
+	/* XXXRW: No capability required since basically a close wrapper? */
+	error = ksem_get(td, uap->id, 0, &fp);
 	if (error)
 		return (error);
 	ks = fp->f_data;

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_lookup.c#4 (text+ko) ====

@@ -44,6 +44,7 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
+#include <sys/capability.h>
 #include <sys/fcntl.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
@@ -194,7 +195,7 @@
 	ndp->ni_topdir = fdp->fd_jdir;
 
 	if (cnp->cn_pnbuf[0] != '/' && ndp->ni_dirfd != AT_FDCWD) {
-		error = fgetvp(td, ndp->ni_dirfd, &dp);
+		error = fgetvp(td, ndp->ni_dirfd, CAP_LOOKUP, &dp);
 		FILEDESC_SUNLOCK(fdp);
 		if (error == 0 && dp->v_type != VDIR) {
 			vfslocked = VFS_LOCK_GIANT(dp->v_mount);

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 (text+ko) ====

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#15 $
  */
 
 /*
@@ -76,7 +76,11 @@
 #define	CAP_LISTEN		0x0000001000000000ULL	/* listen */
 #define	CAP_SHUTDOWN		0x0000002000000000ULL	/* shutdown */
 #define	CAP_PEELOFF		0x0000004000000000ULL	/* sctp_peeloff */
-#define	CAP_MASK_VALID		0x0000007fffffffffULL
+#define	CAP_LOOKUP		0x0000008000000000ULL	/* _at(2) lookup */
+#define	CAP_SEM_POST		0x0000010000000000ULL	/* ksem_post */
+#define	CAP_SEM_WAIT		0x0000020000000000ULL	/* ksem_wait */
+#define	CAP_SEM_GETVALUE	0x0000040000000000ULL	/* ksem_getvalue */
+#define	CAP_MASK_VALID		0x000007ffffffffffULL
 
 /*
  * Notes:

More information about the p4-projects mailing list