svn commit: r224225 - in head/sys: kern sys

[Jonathan Anderson]

Author: jonathan
Date: Wed Jul 20 09:53:35 2011
New Revision: 224225
URL: http://svn.freebsd.org/changeset/base/224225

Log:
  Export capability information via sysctls.
  
  When reporting on a capability, flag the fact that it is a capability,
  but also unwrap to report all of the usual information about the
  underlying file.
  
  Approved by: re (kib), mentor (rwatson)
  Sponsored by: Google Inc

Modified:
  head/sys/kern/kern_descrip.c
  head/sys/sys/user.h

Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c	Wed Jul 20 05:59:28 2011	(r224224)
+++ head/sys/kern/kern_descrip.c	Wed Jul 20 09:53:35 2011	(r224225)
@@ -2946,6 +2946,22 @@ sysctl_kern_proc_ofiledesc(SYSCTL_HANDLE
 		so = NULL;
 		tp = NULL;
 		kif->kf_fd = i;
+
+#ifdef CAPABILITIES
+		/*
+		 * When reporting a capability, most fields will be from the
+		 * underlying object, but do mark as a capability. With
+		 * ofiledesc, we don't have a field to export the cap_rights_t,
+		 * but we do with the new filedesc.
+		 */
+		if (fp->f_type == DTYPE_CAPABILITY) {
+			kif->kf_flags |= KF_FLAG_CAPABILITY;
+			(void)cap_funwrap(fp, 0, &fp);
+		}
+#else
+		KASSERT(fp->f_type != DTYPE_CAPABILITY,
+		    ("sysctl_kern_proc_ofiledesc: saw capability"));
+#endif
 		switch (fp->f_type) {
 		case DTYPE_VNODE:
 			kif->kf_type = KF_TYPE_VNODE;
@@ -3262,6 +3278,22 @@ sysctl_kern_proc_filedesc(SYSCTL_HANDLER
 		if ((fp = fdp->fd_ofiles[i]) == NULL)
 			continue;
 		data = NULL;
+
+#ifdef CAPABILITIES
+		/*
+		 * When reporting a capability, most fields will be from the
+		 * underlying object, but do mark as a capability and export
+		 * the capability rights mask.
+		 */
+		if (fp->f_type == DTYPE_CAPABILITY) {
+			kif->kf_flags |= KF_FLAG_CAPABILITY;
+			kif->kf_cap_rights = cap_rights(fp);
+			(void)cap_funwrap(fp, 0, &fp);
+		}
+#else /* !CAPABILITIES */
+		KASSERT(fp->f_type != DTYPE_CAPABILITY,
+		    ("sysctl_kern_proc_filedesc: saw capability"));
+#endif
 		switch (fp->f_type) {
 		case DTYPE_VNODE:
 			type = KF_TYPE_VNODE;

Modified: head/sys/sys/user.h
==============================================================================
--- head/sys/sys/user.h	Wed Jul 20 05:59:28 2011	(r224224)
+++ head/sys/sys/user.h	Wed Jul 20 09:53:35 2011	(r224225)
@@ -251,6 +251,7 @@ struct user {
 #define	KF_TYPE_SHM	8
 #define	KF_TYPE_SEM	9
 #define	KF_TYPE_PTS	10
+/* no KF_TYPE_CAPABILITY (11), since capabilities wrap other file objects */
 #define	KF_TYPE_UNKNOWN	255
 
 #define	KF_VTYPE_VNON	0
@@ -286,6 +287,7 @@ struct user {
 #define	KF_FLAG_TRUNC		0x00001000
 #define	KF_FLAG_EXCL		0x00002000
 #define	KF_FLAG_EXEC		0x00004000
+#define	KF_FLAG_CAPABILITY	0x00008000
 
 /*
  * Old format.  Has variable hidden padding due to alignment.
@@ -378,7 +380,9 @@ struct kinfo_file {
 	} kf_un;
 	uint16_t	kf_status;		/* Status flags. */
 	uint16_t	kf_pad1;		/* Round to 32 bit alignment. */
-	int		_kf_ispare[7];		/* Space for more stuff. */
+	int		_kf_ispare0;		/* Space for more stuff. */
+	cap_rights_t	kf_cap_rights;		/* Capability rights. */
+	int		_kf_ispare[4];		/* Space for more stuff. */
 	/* Truncated before copyout in sysctl */
 	char		kf_path[PATH_MAX];	/* Path to file, if any. */
 };