PERFORCE change 163967 for review

Robert Watson rwatson at FreeBSD.org
Wed Jun 10 11:00:54 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=163967

Change 163967 by rwatson at rwatson_freebsd_capabilities on 2009/06/10 11:00:14

	Start also implementing an agent API, simplify host API a bit.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#3 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#3 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#5 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_agent.c#1 add
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_agent_api.h#1 add

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#3 (text+ko) ====

@@ -3,7 +3,8 @@
 LIB=	capability
 
 SRCS=				\
-	libcapability.c
+	libcapability.c		\
+	libcapability_agent.c
 
 INCS=	libcapability.h
 

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#3 (text+ko) ====

@@ -47,19 +47,27 @@
 .Ft int
 .Fn lc_limitfd "int fd" "cap_rights_t rights"
 .Ft int
-.Fn lch_agent_start "const char *agent" "struct lc_agent **lcap"
+.Fn lch_start "const char *agent" "struct lc_agent **lcap"
 .Ft void
-.Fn lch_agent_stop "struct lc_agent *lcap"
+.Fn lch_stop "struct lc_agent *lcap"
+.Ft int
+.Fn lch_getsock "struct lc_agent *lcap" "int *fdp"
+.Ft int
+.Fn lch_getpid "struct lc_agent *lcap" "pid_t *pidp"
 .Ft int
-.Fn lch_agent_getsock "struct lc_agent *lcap" "int *fdp"
+.Fn lch_getprocdesc "struct lc_agent *lcap" "int *fdp"
+.Ft ssize_t
+.Fn lch_recv "struct lc_agent *lcap, void *buf" "size_t len" "int flags"
+.Ft ssize_t
+.Fn lch_send "struct lc_agent *lcap" "const void *msg" "size_t len" "int flags"
 .Ft int
-.Fn lch_agent_getpid "struct lc_agent *lcap" "pid_t *pidp"
+.Fn lca_get "struct lc_host **lchpp"
 .Ft int
-.Fn lch_agent_getprocdesc "struct lc_agent *lcap" "int *fdp"
+.Fn lca_getsock "struct lc_host *lchp" "int *fdp"
 .Ft ssize_t
-.Fn lch_agent_recv "struct lc_agent *lcap, void *buf" "size_t len" "int flags"
+.Fn lca_recv "struct lc_host *lchp" "void *buf" "size_t len" "int flags"
 .Ft ssize_t
-.Fn lch_agent_send "struct lc_agent *lcap" "const void *msg" "size_t len" "int flags"
+.Fn lca_send "struct lc_host *lchp" "const void *msg" "size_t len" "int flags"
 .Sh DESCRIPTION
 The
 .Nm
@@ -76,26 +84,26 @@
 Each executing agent instance is described by an opaque
 .Dt "struct lc_agent" ,
 which is returned by
-.Fn lch_agent_start
+.Fn lch_start
 for successfully started agents, and passed into other APIs to indicate which
 agent should be acted on.
-.Fn lch_agent_start
+.Fn lch_start
 creates a new executing agent, given the name of the agent binary via
 .Va agent .
 Executing agents may be stopped (and state freed) using
-.Fn lch_agent_stop .
+.Fn lch_stop .
 .Pp
 Properties of the agent, such as the socket used to communicate with it,
 the proces descriptor for the agent process, and the pid, may be queried
 using
-.Fn lch_agent_getsock ,
-.Fn lch_agent_getprocdesc ,
+.Fn lch_getsock ,
+.Fn lch_getprocdesc ,
 and
-.Fn lch_agent_getpid .
+.Fn lch_getpid .
 .Pp
-.Fn lch_agent_recv
+.Fn lch_recv
 and
-.Fn lch_agent_send
+.Fn lch_send
 provide simple wrappers around
 .Xr recv 2
 and
@@ -108,6 +116,24 @@
 agent API allows agent processes to interact with their host process.
 Agent API functions can be identified by their function name prefix,
 .Dv lca_ .
+.Pp
+Each executing agent will have a single corresponding host instance,
+described by an opaque
+.Dt "struct lc_host" ,
+which is returned by
+.Fn lca_get .
+.Pp
+The socket for the host may be queried using
+.Fn lca_getsock .
+.Pp
+.Fn lca_recv
+and
+.Fn lca_send
+provide simple wrappers around
+.Xr recv 2
+and
+.Xr send 2
+to avoid agents having to query host socket file descriptors before use.
 .Sh SEE ALSO
 .Xr cap_enter 2
 .Xr cap_new 2

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#2 (text+ko) ====

@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#2 $
  */
 
 #include <sys/types.h>
@@ -47,6 +47,7 @@
 #include <unistd.h>
 
 #include "libcapability.h"
+#include "libcapability_agent_api.h"
 
 #define	LIBCAPABILITY_CAPMASK_DEVNULL	(CAP_EVENT | CAP_READ | CAP_WRITE)
 #define	LIBCAPABILITY_CAPMASK_SOCK	(CAP_EVENT | CAP_READ | CAP_WRITE)
@@ -143,7 +144,7 @@
 static void
 lch_agent(int fd_sock, int fd_agent, int fd_ldso, int fd_libc, int fd_libz)
 {
-	char *env_caplibindex;
+	char *env_caplibindex, *env_libcapability_agent_api;
 	int fd_array[8], fd_devnull;
 
 	fd_devnull = open(_PATH_DEVNULL, O_RDWR);
@@ -172,10 +173,27 @@
 	if (lch_installfds(7, fd_array) < 0)
 		return;
 
+	/*
+	 * Pass library list into rtld-elf-cap.
+	 */
 	if (asprintf(&env_caplibindex, "%d:%s,%d:%s", fd_libc, LIBC_SO,
 	    fd_libz, LIBZ_SO) == -1)
 		return;
-	setenv("LD_CAPLIBINDEX", env_caplibindex, 1);
+	if (setenv("LD_CAPLIBINDEX", env_caplibindex, 1) == -1)
+		return;
+	free(env_caplibindex);
+
+	/*
+	 * Make sure that libcapability in the sandbox knows that its API
+	 * assumptions hold.
+	 */
+	if (asprintf(&env_libcapability_agent_api, "%s:%d",
+	    LIBCAPABILITY_AGENT_API_SOCK, fd_sock) == -1)
+		return;
+	if (setenv(LIBCAPABILITY_AGENT_API_ENV, env_libcapability_agent_api,
+	    1) == -1)
+		return;
+	free(env_libcapability_agent_api);
 
 	if (cap_enter() < 0)
 		return;
@@ -184,7 +202,7 @@
 }
 
 int
-lch_agent_start(const char *agent, struct lc_agent **lcapp)
+lch_start(const char *agent, struct lc_agent **lcapp)
 {
 	struct lc_agent *lcap;
 	int fd_agent, fd_ldso, fd_libc, fd_libz, fd_procdesc, fd_sockpair[2];
@@ -270,7 +288,7 @@
 }
 
 void
-lch_agent_stop(struct lc_agent *lcap)
+lch_stop(struct lc_agent *lcap)
 {
 
 	close(lcap->lca_fd_sock);
@@ -281,7 +299,7 @@
 }
 
 int
-lch_agent_getsock(struct lc_agent *lcap, int *fdp)
+lch_getsock(struct lc_agent *lcap, int *fdp)
 {
 
 	*fdp = lcap->lca_fd_sock;
@@ -289,7 +307,7 @@
 }
 
 int
-lch_agent_getpid(struct lc_agent *lcap, pid_t *pidp)
+lch_getpid(struct lc_agent *lcap, pid_t *pidp)
 {
 
 	*pidp = lcap->lca_pid;
@@ -297,7 +315,7 @@
 }
 
 int
-lch_agent_getprocdesc(struct lc_agent *lcap, int *fdp)
+lch_getprocdesc(struct lc_agent *lcap, int *fdp)
 {
 
 	*fdp = lcap->lca_fd_procdesc;
@@ -309,7 +327,7 @@
  * on the worker should take place here.
  */
 ssize_t
-lch_agent_send(struct lc_agent *lcap, const void *msg, size_t len, int flags)
+lch_send(struct lc_agent *lcap, const void *msg, size_t len, int flags)
 {
 
 	if (lcap->lca_fd_sock == -1 ||
@@ -321,7 +339,7 @@
 }
 
 ssize_t
-lch_agent_recv(struct lc_agent *lcap, void *buf, size_t len, int flags)
+lch_recv(struct lc_agent *lcap, void *buf, size_t len, int flags)
 {
 
 	if (lcap->lca_fd_sock == -1 ||

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#5 (text+ko) ====

@@ -30,13 +30,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#4 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#5 $
  */
 
 #ifndef _LIBCAPABILITY_H_
 #define	_LIBCAPABILITY_H_
 
 struct lc_agent;
+struct lc_host;
 
 /*
  * Capability interfaces.
@@ -46,22 +47,30 @@
 /*
  * Interfaces to start and stop capability mode agents.
  */
-int	lch_agent_start(const char *agent, struct lc_agent **lcap);
-void	lch_agent_stop(struct lc_agent *lcap);
+int	lch_start(const char *agent, struct lc_agent **lcapp);
+void	lch_stop(struct lc_agent *lcap);
 
 /*
  * Interfaces to query state about capability mode agents.
  */
-int	lch_agent_getsock(struct lc_agent *lcap, int *fdp);
-int	lch_agent_getpid(struct lc_agent *lcap, pid_t *pidp);
-int	lch_agent_getprocdesc(struct lc_agent *lcap, int *fdp);
+int	lch_getsock(struct lc_agent *lcap, int *fdp);
+int	lch_getpid(struct lc_agent *lcap, pid_t *pidp);
+int	lch_getprocdesc(struct lc_agent *lcap, int *fdp);
 
 /*
  * I/O interfaces for capability mode agents.
  */
-ssize_t	lch_agent_recv(struct lc_agent *lcap, void *buf, size_t len,
+ssize_t	lch_recv(struct lc_agent *lcap, void *buf, size_t len, int flags);
+ssize_t	lch_send(struct lc_agent *lcap, const void *msg, size_t len,
 	    int flags);
-ssize_t	lch_agent_send(struct lc_agent *lcap, const void *msg, size_t len,
+
+/*
+ * Capability mode agent APIs.
+ */
+int	lca_get(struct lc_host **lchpp);
+int	lca_getsock(struct lc_host *lchp, int *fdp);
+ssize_t	lca_recv(struct lc_host *lchp, void *buf, size_t len, int flags);
+ssize_t	lca_send(struct lc_host *lchp, const void *msg, size_t len,
 	    int flags);
 
 #endif /* !_LIBCAPABILITY_H_ */

More information about the p4-projects mailing list