PERFORCE change 75501 for review

Mon Apr 18 16:52:38 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=75501

Change 75501 by areisse at areisse_ibook on 2005/04/18 16:51:36

	Support for reading the access control vector (mac_check_ipc_methods)
	from the message trailer. The bit corresponding to the current
	routine is extracted from the vector and supplied to the server
	implementation.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#2 (text+ko) ====

@@ -141,6 +141,7 @@
 <Normal>[Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss]	RETURN(syMsgLabels);
 <Normal>[Ss][Ee][Rr][Vv][Ee][Rr][Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss] RETURN(syServerMsgLabels);
 <Normal>[Uu][Ss][Ee][Rr][Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss]	RETURN(syUserMsgLabels);
+<Normal>[Aa][Cc][Cc][Ee][Ss][Ss][Ff][Ll][Aa][Gg]	RETURN(syServerAccessFlag);
 <Normal>[Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn]	RETURN(syAuditToken);
 <Normal>[Ss][Ee][Rr][Vv][Ee][Rr][Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn] RETURN(syServerAuditToken);
 <Normal>[Uu][Ss][Ee][Rr][Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn]	RETURN(syUserAuditToken);

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#2 (text+ko) ====

@@ -107,6 +107,7 @@
 %token	syMsgLabels
 %token	syUserMsgLabels
 %token	syServerMsgLabels
+%token	syServerAccessFlag
 %token	syAuditToken
 %token	syUserAuditToken
 %token	syServerAuditToken
@@ -691,6 +692,7 @@
 			|	syMsgLabels		{ $$ = akMsgLabels; }	
 			|	syServerMsgLabels	{ $$ = akServerMsgLabels; }	
 			|	syUserMsgLabels		{ $$ = akUserMsgLabels; }
+			|	syServerAccessFlag	{ $$ = akServerAccessFlag; }
 			|	syAuditToken		{ $$ = akAuditToken; }	
 			|	syServerAuditToken	{ $$ = akServerAuditToken; }	
 			|	syUserAuditToken	{ $$ = akUserAuditToken; }

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#2 (text+ko) ====

@@ -220,6 +220,9 @@
       case akeMsgLabels:
 	printf("MsgLabels\t");
 	break;
+      case akeAccessFlag:
+	printf("AccessFlag\t");
+	break;
       case akeAuditToken:
 	printf("AuditToken\t");
 	break;
@@ -1212,6 +1215,9 @@
     if (akIdent(arg->argKind) == akeMsgLabels) 
 	itCheckMsgLabelsType(arg->argVarName, arg->argType);
 
+    if (akIdent(arg->argKind) == akeAccessFlag) 
+	itCheckIntType(arg->argVarName, arg->argType);
+
     if (akIdent(arg->argKind) == akeMsgSeqno) 
 	itCheckIntType(arg->argVarName, arg->argType);
     /*
@@ -1489,6 +1495,7 @@
     boolean_t sectoken = FALSE;
     boolean_t audittoken = FALSE;
     boolean_t msglabels = FALSE;
+    boolean_t msgav = FALSE;
 
     for (arg = rt->rtArgs; arg != argNULL; arg = arg->argNext) 
         if (akCheckAll(arg->argKind, akbReturn|akbUserImplicit)) {
@@ -1498,8 +1505,14 @@
 		audittoken = TRUE;
             else if (akIdent(arg->argKind) == akeMsgLabels)
 	  	msglabels = TRUE;
+	    else if (akIdent(arg->argKind) == akeAccessFlag)
+		msgav = TRUE;
         }
 
+    if (msgav == TRUE)
+		msgop->argVarName = strconcat(msgop->argVarName,
+		  "|MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AV)");
+
     if (msglabels == TRUE)
 		msgop->argVarName = strconcat(msgop->argVarName,
 		  "|MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_LABELS)");

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#2 (text+ko) ====

@@ -78,7 +78,8 @@
 #define akeSecToken	(17)	/* an argument from the trailer: the security token */
 #define akeAuditToken	(18)	/* an argument from the trailer: the audit token */
 #define akeMsgLabels    (19)    /* an argument from the trailer: message labels */
-#define akeSendTime     (20)    /* pointed at by rtWaitTime */
+#define akeAccessFlag   (20)    /* the bit for this routine from the access vector in the trailer */
+#define akeSendTime     (21)    /* pointed at by rtWaitTime */
 
 #define	akeBITS		(0x0000003f)
 #define	akbRequest	(0x00000040)	/* has a msg_type in request */
@@ -245,6 +246,8 @@
 #define akMsgLabels akAddFeature(akeMsgLabels, \
         akbServerArg|akbServerImplicit|akbSend|akbSendRcv| \
         akbUserArg|akbUserImplicit|akbReturn|akbReturnRcv)
+#define akServerAccessFlag akAddFeature(akeAccessFlag, \
+	akbServerArg|akbServerImplicit|akbSend|akbSendRcv)
 
 #define akServerAuditToken akAddFeature(akeAuditToken, \
 	akbServerArg|akbServerImplicit|akbSend|akbSendRcv)

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#2 (text+ko) ====

@@ -1042,6 +1042,17 @@
     char who[20] = {0};
 
     /*
+     *  Get the access control decision for this routine from the
+     *  vector supplied in the trailer.
+     */
+    if (akIdent(arg->argKind) == akeAccessFlag) {
+	unsigned int ave = arg->argRoutine->rtNumber;
+	sprintf(buffer, "(0 != (TrailerP->msgh_av.av[%d] & %d))",
+		ave >> 5, 1 << (ave & 0x1f));
+	return buffer;
+    }
+
+    /*
      *	Inside the kernel, the request and reply port fields
      *	really hold ipc_port_t values, not mach_port_t values.
      *	Hence we must cast the values.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

