PERFORCE change 149768 for review
Hans Petter Selasky
hselasky at FreeBSD.org
Sun Sep 14 18:03:34 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=149768
Change 149768 by hselasky at hselasky_laptop001 on 2008/09/14 18:02:52
Cleanup USB permissions code. Use "vaccess" instead of re-inventing the wheel.
Affected files ...
.. //depot/projects/usb/src/sys/dev/usb2/core/usb2_core.h#20 edit
.. //depot/projects/usb/src/sys/dev/usb2/core/usb2_dev.c#32 edit
Differences ...
==== //depot/projects/usb/src/sys/dev/usb2/core/usb2_core.h#20 (text+ko) ====
@@ -42,14 +42,6 @@
#define USB_USE_CONDVAR 0
#endif
-#ifndef USB_TD_GET_RUID
-#define USB_TD_GET_RUID(td) (td)->td_ucred->cr_ruid
-#endif
-
-#ifndef USB_TD_GET_RGID
-#define USB_TD_GET_RGID(td) (td)->td_ucred->cr_rgid
-#endif
-
#ifndef USB_TD_GET_PROC
#define USB_TD_GET_PROC(td) (td)->td_proc
#endif
==== //depot/projects/usb/src/sys/dev/usb2/core/usb2_dev.c#32 (text+ko) ====
@@ -74,7 +74,7 @@
static uint32_t usb2_path_convert_one(const char **pp);
static uint32_t usb2_path_convert(const char *path);
-static uint8_t usb2_match_perm(struct usb2_perm *psystem, struct usb2_perm *puser);
+static int usb2_check_access(int fflags, struct usb2_perm *puser);
static int usb2_fifo_open(struct usb2_fifo *f, struct file *fp, struct thread *td, int fflags);
static void usb2_fifo_close(struct usb2_fifo *f, struct thread *td, int fflags);
static void usb2_dev_init(void *arg);
@@ -421,37 +421,33 @@
}
/*------------------------------------------------------------------------*
- * usb2_match_perm
+ * usb2_check_access
*
- * This function will compare two permission structures and see if
- * they are matching.
+ * This function will verify the given access information.
*
* Return values:
- * 0: Permissions are not matching.
- * Else: Permissions are matching.
+ * 0: Access granted.
+ * Else: No access granted.
*------------------------------------------------------------------------*/
-static uint8_t
-usb2_match_perm(struct usb2_perm *psystem, struct usb2_perm *puser)
+static int
+usb2_check_access(int fflags, struct usb2_perm *puser)
{
- uint16_t mode;
+ mode_t accmode;
- if ((psystem->mode != 0) && (puser->mode != 0)) {
+ if ((fflags & (FWRITE | FREAD)) && (puser->mode != 0)) {
/* continue */
} else {
- return (0); /* no access */
+ return (EPERM); /* no access */
}
- /* get the mode differences with regard to the bits that are set */
- mode = ((psystem->mode ^ puser->mode) & puser->mode);
+ accmode = 0;
+ if (fflags & FWRITE)
+ accmode |= VWRITE;
+ if (fflags & FREAD)
+ accmode |= VREAD;
- if ((psystem->uid == puser->uid) && ((mode & 0700) == 0)) {
- return (1); /* allow access */
- } else if ((psystem->gid == puser->gid) && ((mode & 0070) == 0)) {
- return (1); /* allow access */
- } else if ((mode & 0007) == 0) {
- return (1); /* allow access */
- }
- return (0); /* deny access */
+ return (vaccess(VCHR, puser->mode, puser->uid,
+ puser->gid, accmode, curthread->td_ucred, NULL));
}
/*------------------------------------------------------------------------*
@@ -1117,7 +1113,6 @@
usb2_check_thread_perm(struct usb2_device *udev, struct thread *td,
int fflags, uint8_t iface_index, uint8_t ep_index)
{
- struct usb2_perm perm;
struct usb2_interface *iface;
int err;
@@ -1128,30 +1123,20 @@
if (iface->idesc == NULL) {
return (EINVAL);
}
- /* set default value */
- bzero(&perm, sizeof(perm));
-
- /* create a permissions mask */
- perm.uid = USB_TD_GET_RUID(td);
- perm.uid = USB_TD_GET_RGID(td);
- perm.mode = 0;
- if (fflags & FREAD)
- perm.mode |= 0444;
- if (fflags & FWRITE)
- perm.mode |= 0222;
-
/* scan down the permissions tree */
if ((ep_index != 0) && iface &&
- usb2_match_perm(&perm, &iface->perm)) {
+ (usb2_check_access(fflags, &iface->perm) == 0)) {
/* we got access through the interface */
err = 0;
- } else if (udev && usb2_match_perm(&perm, &udev->perm)) {
+ } else if (udev &&
+ (usb2_check_access(fflags, &udev->perm) == 0)) {
/* we got access through the device */
err = 0;
- } else if (udev->bus && usb2_match_perm(&perm, &udev->bus->perm)) {
+ } else if (udev->bus &&
+ (usb2_check_access(fflags, &udev->bus->perm) == 0)) {
/* we got access through the USB bus */
err = 0;
- } else if (usb2_match_perm(&perm, &usb2_perm)) {
+ } else if (usb2_check_access(fflags, &usb2_perm) == 0) {
/* we got general access */
err = 0;
} else {
@@ -1409,9 +1394,14 @@
* Create a dummy device so that we are visible. This device
* should never be opened. Therefore a space character is
* appended after the USB device name.
+ *
+ * NOTE: The permissions of this device is 0777, because we
+ * check the permissions again in the open routine against the
+ * real USB permissions which are not 0777. Else USB access
+ * will be limited to one user and one group.
*/
usb2_dev = make_dev(&usb2_devsw, 0, UID_ROOT, GID_OPERATOR,
- 0000, USB_DEVICE_NAME " ");
+ 0777, USB_DEVICE_NAME " ");
if (usb2_dev == NULL) {
DPRINTFN(0, "Could not create usb bus device!\n");
}
More information about the p4-projects
mailing list