PERFORCE change 156386 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jan 19 06:56:34 PST 2009
http://perforce.freebsd.org/chv.cgi?CH=156386
Change 156386 by rwatson at rwatson_freebsd_capabilities on 2009/01/19 14:55:40
Add kf_cap_rights to struct kinfo_filedesc, although need to
check alignment. Add utility function cap_rights(), which the
filedesc sysctl will use to export capability rights.
Add utility function procdesc_pid(), which the filedesc sysctl
will now use to export capability rights, instead of reaching
inside struct procdesc.
Rename fp to fp_procdesc for procdesc_new to make it clear what
the file pointer is for in the prototype.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#15 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#21 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_procdesc.c#9 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#21 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/procdesc.h#4 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/user.h#10 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#15 (text+ko) ====
@@ -2980,11 +2980,12 @@
case DTYPE_CAPABILITY:
kif->kf_type = KF_TYPE_CAPABILITY;
+ kif->kf_cap_rights = cap_rights(fp);
break;
case DTYPE_PROCDESC:
kif->kf_type = KF_TYPE_PROCDESC;
- kif->kf_pid = ((struct procdesc *)fp->f_data)->pd_pid;
+ kif->kf_pid = procdesc_pid(fp);
break;
default:
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#21 (text+ko) ====
@@ -50,7 +50,7 @@
#include "opt_capabilities.h"
#include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#20 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#21 $");
#include <sys/param.h>
#include <sys/capability.h>
@@ -184,6 +184,23 @@
}
/*
+ * Extract rights from a capability for monitoring purposes -- not for use in
+ * any other way, as we want to keep all capability permission evaluation in
+ * this one file.
+ */
+cap_rights_t
+cap_rights(struct file *fp_cap)
+{
+ struct capability *c;
+
+ KASSERT(fp_cap->f_type == DTYPE_CAPABILITY,
+ ("cap_rights: !capability"));
+
+ c = fp_cap->f_data;
+ return (c->cap_rights);
+}
+
+/*
* System call to enter capability mode for the process.
*/
int
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_procdesc.c#9 (text+ko) ====
@@ -170,6 +170,22 @@
}
/*
+ * Function to be used by procstat(1) sysctls when returning procdesc
+ * information.
+ */
+pid_t
+procdesc_pid(struct file *fp_procdesc)
+{
+ struct procdesc *pd;
+
+ KASSERT(fp_procdesc->f_type == DTYPE_PROCDESC,
+ ("procdesc_pid: !procdesc"));
+
+ pd = fp_procdesc->f_data;
+ return (pd->pd_pid);
+}
+
+/*
* System call to return the pid of a process given its process descriptor.
*/
int
@@ -203,7 +219,7 @@
* point, so procdesc_new() must succeed.
*/
void
-procdesc_new(struct proc *p, struct file *fp)
+procdesc_new(struct proc *p, struct file *fp_procdesc)
{
struct procdesc *pd;
@@ -220,7 +236,8 @@
refcount_init(&pd->pd_refcount, 2);
/* XXXRW: Why these flags? */
- finit(fp, FREAD | FWRITE, DTYPE_PROCDESC, pd, &procdesc_ops);
+ finit(fp_procdesc, FREAD | FWRITE, DTYPE_PROCDESC, pd,
+ &procdesc_ops);
}
static void
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#21 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#20 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#21 $
*/
/*
@@ -143,6 +143,14 @@
int cap_fextract(struct file *fp_cap, cap_rights_t rights,
struct file **fpp);
+/*
+ * For the purposes of procstat(1) and similar tools, allow kern_descrip.c to
+ * extract the rights from a capability. However, this should not be used by
+ * kernel code generally, instead cap_fextract() should be used in order to
+ * keep all access control in one place.
+ */
+cap_rights_t cap_rights(struct file *fp_cap);
+
#else /* !_KERNEL */
/*
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/procdesc.h#4 (text+ko) ====
@@ -95,8 +95,9 @@
int procdesc_exit(struct proc *p);
int procdesc_find(struct thread *td, int fd, cap_rights_t rights,
struct proc **p);
-void procdesc_new(struct proc *p, struct file *fp);
-void procdesc_reap(struct proc *p);
+void procdesc_new(struct proc *p, struct file *fp_procdesc);
+pid_t procdesc_pid(struct file *fp_procdesc);
+void procdesc_reap(struct proc *p);
#else /* !_KERNEL */
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/user.h#10 (text+ko) ====
@@ -327,7 +327,8 @@
struct sockaddr_storage kf_sa_local; /* Socket address. */
struct sockaddr_storage kf_sa_peer; /* Peer address. */
pid_t kf_pid; /* Process identifier. */
- int _kf_ispare[15]; /* Space for more stuff. */
+ cap_rights_t kf_cap_rights; /* Capabiity rights. */
+ int _kf_ispare[13]; /* Space for more stuff. */
/* Truncated before copyout in sysctl */
char kf_path[PATH_MAX]; /* Path to file, if any. */
};
More information about the p4-projects
mailing list