drew
/
acadia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

[zion] Enfore Duplication permissions on capabilities.

This commit is contained in:
Drew Galbraith 2023-08-01 18:30:24 -07:00
parent 1364fbed9f
commit f0a27d30be
7 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
zion/object/channel.h
View File

@ -22,7 +22,7 @@ class Channel : public IpcObject {
public: public:
uint64_t TypeTag() override { return KernelObject::CHANNEL; } uint64_t TypeTag() override { return KernelObject::CHANNEL; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Read | kZionPerm_Write; return kZionPerm_Read | kZionPerm_Write | kZionPerm_Duplicate;
} }
static glcr::Pair<glcr::RefPtr<Channel>, glcr::RefPtr<Channel>> static glcr::Pair<glcr::RefPtr<Channel>, glcr::RefPtr<Channel>>

2
zion/object/endpoint.h
View File

@ -21,7 +21,7 @@ class Endpoint : public IpcObject {
public: public:
uint64_t TypeTag() override { return KernelObject::ENDPOINT; } uint64_t TypeTag() override { return KernelObject::ENDPOINT; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Read | kZionPerm_Write; return kZionPerm_Read | kZionPerm_Write | kZionPerm_Duplicate;
} }
static glcr::RefPtr<Endpoint> Create(); static glcr::RefPtr<Endpoint> Create();

2
zion/object/memory_object.h
View File

@ -23,7 +23,7 @@ class MemoryObject : public KernelObject {
public: public:
uint64_t TypeTag() override { return KernelObject::MEMORY_OBJECT; } uint64_t TypeTag() override { return KernelObject::MEMORY_OBJECT; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Write | kZionPerm_Read; return kZionPerm_Write | kZionPerm_Read | kZionPerm_Duplicate;
} }
MemoryObject(uint64_t size); MemoryObject(uint64_t size);

2
zion/object/port.h
View File

@ -22,7 +22,7 @@ class Port : public IpcObject {
public: public:
uint64_t TypeTag() override { return KernelObject::PORT; } uint64_t TypeTag() override { return KernelObject::PORT; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Write | kZionPerm_Read; return kZionPerm_Write | kZionPerm_Read | kZionPerm_Duplicate;
} }
Port() = default; Port() = default;

2
zion/object/process.h
View File

@ -24,7 +24,7 @@ class Process : public KernelObject {
uint64_t TypeTag() override { return KernelObject::PROCESS; } uint64_t TypeTag() override { return KernelObject::PROCESS; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Write | kZionPerm_Read | kZionPerm_SpawnThread | return kZionPerm_Write | kZionPerm_Read | kZionPerm_SpawnThread |
kZionPerm_SpawnProcess; kZionPerm_SpawnProcess | kZionPerm_Duplicate;
} }
enum State { enum State {

3
zion/syscall/capability.cpp
View File

@ -10,6 +10,9 @@ z_err_t CapDuplicate(ZCapDuplicateReq* req) {
if (!cap) { if (!cap) {
return glcr::CAP_NOT_FOUND; return glcr::CAP_NOT_FOUND;
} }
if (!(cap->permissions() & kZionPerm_Duplicate)) {
return glcr::CAP_PERMISSION_DENIED;
}
*req->cap_out = proc.AddExistingCapability(cap); *req->cap_out = proc.AddExistingCapability(cap);
return glcr::OK; return glcr::OK;
} }

2
zion/syscall/memory_object.cpp
View File

@ -34,7 +34,7 @@ z_err_t MemoryObjectDuplicate(ZMemoryObjectDuplicateReq* req) {
auto& curr_proc = gScheduler->CurrentProcess(); auto& curr_proc = gScheduler->CurrentProcess();
auto vmmo_cap = curr_proc.GetCapability(req->vmmo_cap); auto vmmo_cap = curr_proc.GetCapability(req->vmmo_cap);
// FIXME: Check a duplication permission here. // FIXME: Check a duplication permission here.
RET_ERR(ValidateCapability<MemoryObject>(vmmo_cap, kZionPerm_Write)); RET_ERR(ValidateCapability<MemoryObject>(vmmo_cap, kZionPerm_Duplicate));
ASSIGN_OR_RETURN( ASSIGN_OR_RETURN(
glcr::RefPtr<MemoryObject> new_vmmo, glcr::RefPtr<MemoryObject> new_vmmo,