PERFORCE change 75946 for review

Andrew Reisse areisse at FreeBSD.org
Mon Apr 25 14:39:26 GMT 2005 

http://perforce.freebsd.org/chv.cgi?CH=75946

Change 75946 by areisse at areisse_ibook on 2005/04/25 14:38:32

	Support for automatic enforcement of protections (as specified in
	a msgh_av trailer) in the server stubs. To use this feature,
	put "checkaccess" between the routine name and argument list.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#3 (text+ko) ====

@@ -125,6 +125,7 @@
 
 <Normal>[Rr][Oo][Uu][Tt][Ii][Nn][Ee]		RETURN(syRoutine);
 <Normal>[Ss][Ii][Mm][Pp][Ll][Ee][Rr][Oo][Uu][Tt][Ii][Nn][Ee] RETURN(sySimpleRoutine);
+<Normal>[Cc][Hh][Ee][Cc][Kk][Aa][Cc][Cc][Ee][Ss][Ss]	RETURN(syCheckAccess);
 <Normal>[Ss][Uu][Bb][Ss][Yy][Ss][Tt][Ee][Mm]	RETURN(sySubsystem);
 <Normal>[Mm][Ss][Gg][Oo][Pp][Tt][Ii][Oo][Nn]	RETURN(syMsgOption);
 <Normal>[Mm][Ss][Gg][Ss][Ee][Qq][Nn][Oo]	RETURN(syMsgSeqno);

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#3 (text+ko) ====

@@ -50,6 +50,7 @@
 %token	sySkip
 %token	syRoutine
 %token	sySimpleRoutine
+%token  syCheckAccess
 
 %token	sySubsystem
 %token	syKernelUser
@@ -154,6 +155,7 @@
 %type	<direction> Direction TrImplKeyword
 %type	<argument> Argument Trailer Arguments ArgumentList
 %type	<flag> IPCFlags
+%type	<number> RoutineFlags
 
 %{
 
@@ -613,12 +615,18 @@
 			|	SimpleRoutine		{ $$ = $1; }
 			;
 
-Routine			:	syRoutine syIdentifier Arguments
-				{ $$ = rtMakeRoutine($2, $3); }
+Routine			:	syRoutine syIdentifier RoutineFlags Arguments
+				{ $$ = rtMakeRoutine($2, $4, $3); }
+			;
+
+SimpleRoutine		:	sySimpleRoutine syIdentifier RoutineFlags Arguments
+				{ $$ = rtMakeSimpleRoutine($2, $4); }
 			;
 
-SimpleRoutine		:	sySimpleRoutine syIdentifier Arguments
-				{ $$ = rtMakeSimpleRoutine($2, $3); }
+RoutineFlags		:	syCheckAccess
+				{ $$ = 1; }
+			|
+				{ $$ = 0; }
 			;
 
 Arguments		:	syLParen syRParen

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#3 (text+ko) ====

@@ -76,6 +76,7 @@
     new->rtErrorName = strNULL;
     new->rtUserName = strNULL;
     new->rtServerName = strNULL;
+    new->rtCheckAccess = FALSE;
 
     return new;
 }
@@ -135,15 +136,17 @@
 }
 
 routine_t *
-rtMakeRoutine(name, args)
+rtMakeRoutine(name, args, flags)
     identifier_t name;
     argument_t *args;
+    int flags;
 {
     register routine_t *rt = rtAlloc();
 
     rt->rtName = name;
     rt->rtKind = rkRoutine;
     rt->rtArgs = args;
+    rt->rtCheckAccess = flags;
 
     return rt;
 }
@@ -1495,7 +1498,7 @@
     boolean_t sectoken = FALSE;
     boolean_t audittoken = FALSE;
     boolean_t msglabels = FALSE;
-    boolean_t msgav = FALSE;
+    boolean_t msgav = rt->rtCheckAccess;
 
     for (arg = rt->rtArgs; arg != argNULL; arg = arg->argNext) 
         if (akCheckAll(arg->argKind, akbReturn|akbUserImplicit)) {

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#3 (text+ko) ====

@@ -416,6 +416,7 @@
 
     boolean_t rtSimpleRequest;
     boolean_t rtSimpleReply;	
+    boolean_t rtCheckAccess;
 
     u_int rtNumRequestVar;	/* number of variable/inline args in request */
     u_int rtNumReplyVar;	/* number of variable/inline args in reply */

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#3 (text+ko) ====

@@ -1484,6 +1484,12 @@
     ipc_type_t *it = arg->argType;
     boolean_t NeedClose = FALSE;
 
+    if (rt->rtCheckAccess) {
+	unsigned int ave = rt->rtNumber;
+	fprintf(file, "\tif (TrailerP->msgh_av.av[%d] & %d) {\n",
+		ave >> 5, 1 << (ave & 0x1f));
+    }
+
     fprintf(file, "\t");
     if (akCheck(arg->argKind, akbVarNeeded))
 	fprintf(file, "%s = ", arg->argMsgField);
@@ -1498,6 +1504,9 @@
     if (NeedClose)
 	fprintf(file, ")");
     fprintf(file, ");\n");
+
+    if (rt->rtCheckAccess)
+	fprintf(file, "\t} else\n\t  OutP->%s = KERN_NO_ACCESS;\n", arg->argMsgField);
 }
 
 static void
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list