PERFORCE change 171323 for review

Thu Dec 3 12:54:01 UTC 2009

http://p4web.freebsd.org/chv.cgi?CH=171323

Change 171323 by jona at jona-capsicum-kent64 on 2009/12/03 12:53:02

	Refactored out fgetbase(), which will be used for other syscalls besides faccessat()

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_syscalls.c#20 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#27 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/filedesc.h#5 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_syscalls.c#20 (text+ko) ====

@@ -160,6 +160,40 @@
 }
 
 /*
+ * Get the "base" vnode defined by a user file descriptor.
+ *
+ * Several *at() system calls are now supported in capability mode. This function
+ * finds out what their "*at base" vnode, which is needed by namei(), should be:
+ *
+ * 1. In non-capability (and thus unconstrained) mode, base = 0.
+ * 2. In capability mode, base is the vnode given by the fd parameter, subject to
+ *    the condition that the supplied 'rights' parameter (OR'ed with CAP_LOOKUP
+ *    and CAP_ATBASE) is satisfied. The vnode is returned with a shared lock.
+ */
+int
+fgetbase(struct thread *td, int fd, cap_rights_t rights, struct vnode **base)
+{
+	if (!(td->td_ucred->cr_flags & CRED_FLAG_CAPMODE))
+		base = 0;
+
+	else {
+		int error;
+
+		error = fgetvp(td, fd, rights | CAP_LOOKUP | CAP_ATBASE, base);
+		if (error)
+			return (error);
+
+		if ((error = vn_lock(*base, LK_SHARED))) {
+			vrele(*base);
+			return (error);
+		}
+	}
+
+	return 0;
+}
+
+
+/*
  * Sync each mounted filesystem.
  */
 #ifndef _SYS_SYSPROTO_H_
@@ -2239,21 +2273,9 @@
 		cred = tmpcred = td->td_ucred;
 	AUDIT_ARG_VALUE(mode);
 
-	/*
-	 * if a relative base was specified and we're in capability mode, find
-	 * the vnode of the base so that namei() can restrict itself accordingly
-	 */
-	if ((cred->cr_flags & CRED_FLAG_CAPMODE) && (fd >= 0)) {
-
-		if ((error = fgetvp(td, fd, CAP_LOOKUP | CAP_ATBASE, &base)))
-			/* XXX: more CAP_FOO? */
-			return (error);
-
-		if ((error = vn_lock(base, LK_SHARED))) {
-			vrele (base);
-			return (error);
-		}
-	}
+	/* get *at base vnode for namei() */
+	if ((error = fgetbase(td, fd, CAP_FSTAT, &base)))
+		return (error);
 
 	NDINIT_ATBASE(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE |
 	    AUDITVNODE1, pathseg, path, fd, base, td);

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#27 (text+ko) ====

@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#26 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#27 $
  */
 
 /*
@@ -52,7 +52,7 @@
 #define	CAP_GETSOCKNAME		0x0000000000000010ULL	/* getsockname */
 #define	CAP_FCHFLAGS		0x0000000000000020ULL	/* fchflags */
 #define	CAP_IOCTL		0x0000000000000040ULL	/* ioctl */
-#define	CAP_FSTAT		0x0000000000000080ULL	/* fstat */
+#define	CAP_FSTAT		0x0000000000000080ULL	/* fstat, faccessat */
 #define	CAP_MMAP		0x0000000000000100ULL	/* mmap */
 #define	CAP_FCNTL		0x0000000000000200ULL	/* fcntl */
 #define	CAP_EVENT		0x0000000000000400ULL	/* select/poll */

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/filedesc.h#5 (text+ko) ====

@@ -130,6 +130,8 @@
 int	getvnode(struct filedesc *fdp, int fd, struct file **fpp);
 int	getvnode_cap(struct filedesc *fdp, int fd, cap_rights_t rights,
 	    struct file **fpp);
+int	fgetbase(struct thread *td, int fd, cap_rights_t rights,
+	    struct vnode **base);
 void	mountcheckdirs(struct vnode *olddp, struct vnode *newdp);
 void	setugidsafety(struct thread *td);
 
