PERFORCE change 75946 for review
Andrew Reisse
areisse at FreeBSD.org
Mon Apr 25 14:39:26 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=75946
Change 75946 by areisse at areisse_ibook on 2005/04/25 14:38:32
Support for automatic enforcement of protections (as specified in
a msgh_av trailer) in the server stubs. To use this feature,
put "checkaccess" between the routine name and argument list.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#3 (text+ko) ====
@@ -125,6 +125,7 @@
<Normal>[Rr][Oo][Uu][Tt][Ii][Nn][Ee] RETURN(syRoutine);
<Normal>[Ss][Ii][Mm][Pp][Ll][Ee][Rr][Oo][Uu][Tt][Ii][Nn][Ee] RETURN(sySimpleRoutine);
+<Normal>[Cc][Hh][Ee][Cc][Kk][Aa][Cc][Cc][Ee][Ss][Ss] RETURN(syCheckAccess);
<Normal>[Ss][Uu][Bb][Ss][Yy][Ss][Tt][Ee][Mm] RETURN(sySubsystem);
<Normal>[Mm][Ss][Gg][Oo][Pp][Tt][Ii][Oo][Nn] RETURN(syMsgOption);
<Normal>[Mm][Ss][Gg][Ss][Ee][Qq][Nn][Oo] RETURN(syMsgSeqno);
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#3 (text+ko) ====
@@ -50,6 +50,7 @@
%token sySkip
%token syRoutine
%token sySimpleRoutine
+%token syCheckAccess
%token sySubsystem
%token syKernelUser
@@ -154,6 +155,7 @@
%type <direction> Direction TrImplKeyword
%type <argument> Argument Trailer Arguments ArgumentList
%type <flag> IPCFlags
+%type <number> RoutineFlags
%{
@@ -613,12 +615,18 @@
| SimpleRoutine { $$ = $1; }
;
-Routine : syRoutine syIdentifier Arguments
- { $$ = rtMakeRoutine($2, $3); }
+Routine : syRoutine syIdentifier RoutineFlags Arguments
+ { $$ = rtMakeRoutine($2, $4, $3); }
+ ;
+
+SimpleRoutine : sySimpleRoutine syIdentifier RoutineFlags Arguments
+ { $$ = rtMakeSimpleRoutine($2, $4); }
;
-SimpleRoutine : sySimpleRoutine syIdentifier Arguments
- { $$ = rtMakeSimpleRoutine($2, $3); }
+RoutineFlags : syCheckAccess
+ { $$ = 1; }
+ |
+ { $$ = 0; }
;
Arguments : syLParen syRParen
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#3 (text+ko) ====
@@ -76,6 +76,7 @@
new->rtErrorName = strNULL;
new->rtUserName = strNULL;
new->rtServerName = strNULL;
+ new->rtCheckAccess = FALSE;
return new;
}
@@ -135,15 +136,17 @@
}
routine_t *
-rtMakeRoutine(name, args)
+rtMakeRoutine(name, args, flags)
identifier_t name;
argument_t *args;
+ int flags;
{
register routine_t *rt = rtAlloc();
rt->rtName = name;
rt->rtKind = rkRoutine;
rt->rtArgs = args;
+ rt->rtCheckAccess = flags;
return rt;
}
@@ -1495,7 +1498,7 @@
boolean_t sectoken = FALSE;
boolean_t audittoken = FALSE;
boolean_t msglabels = FALSE;
- boolean_t msgav = FALSE;
+ boolean_t msgav = rt->rtCheckAccess;
for (arg = rt->rtArgs; arg != argNULL; arg = arg->argNext)
if (akCheckAll(arg->argKind, akbReturn|akbUserImplicit)) {
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#3 (text+ko) ====
@@ -416,6 +416,7 @@
boolean_t rtSimpleRequest;
boolean_t rtSimpleReply;
+ boolean_t rtCheckAccess;
u_int rtNumRequestVar; /* number of variable/inline args in request */
u_int rtNumReplyVar; /* number of variable/inline args in reply */
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#3 (text+ko) ====
@@ -1484,6 +1484,12 @@
ipc_type_t *it = arg->argType;
boolean_t NeedClose = FALSE;
+ if (rt->rtCheckAccess) {
+ unsigned int ave = rt->rtNumber;
+ fprintf(file, "\tif (TrailerP->msgh_av.av[%d] & %d) {\n",
+ ave >> 5, 1 << (ave & 0x1f));
+ }
+
fprintf(file, "\t");
if (akCheck(arg->argKind, akbVarNeeded))
fprintf(file, "%s = ", arg->argMsgField);
@@ -1498,6 +1504,9 @@
if (NeedClose)
fprintf(file, ")");
fprintf(file, ");\n");
+
+ if (rt->rtCheckAccess)
+ fprintf(file, "\t} else\n\t OutP->%s = KERN_NO_ACCESS;\n", arg->argMsgField);
}
static void
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list