drew
/
acadia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

[zion] Enforce cap transmit permissions in more places.

This commit is contained in:
Drew Galbraith 2023-08-01 18:43:48 -07:00
parent 4e9ad6a516
commit f0add6e0c3
7 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
zion/lib/message_queue.cpp
View File

@ -20,10 +20,17 @@ z_err_t UnboundedMessageQueue::PushBack(uint64_t num_bytes, const void* bytes,
for (uint64_t i = 0; i < num_caps; i++) { for (uint64_t i = 0; i < num_caps; i++) {
// FIXME: This would feel safer closer to the relevant syscall. // FIXME: This would feel safer closer to the relevant syscall.
auto cap = gScheduler->CurrentProcess().ReleaseCapability(caps[i]); // FIXME: Race conditions on get->check->release here. Would be better to
// have that as a single call on the process. (This pattern repeats other
// places too).
auto cap = gScheduler->CurrentProcess().GetCapability(caps[i]);
if (!cap) { if (!cap) {
return glcr::CAP_NOT_FOUND; return glcr::CAP_NOT_FOUND;
} }
if (!cap->HasPermissions(kZionPerm_Transmit)) {
return glcr::CAP_PERMISSION_DENIED;
}
cap = gScheduler->CurrentProcess().ReleaseCapability(caps[i]);
message->caps.PushBack(cap); message->caps.PushBack(cap);
} }
@ -109,10 +116,14 @@ glcr::ErrorCode SingleMessageQueue::PushBack(uint64_t num_bytes,
for (uint64_t i = 0; i < num_caps; i++) { for (uint64_t i = 0; i < num_caps; i++) {
// FIXME: This would feel safer closer to the relevant syscall. // FIXME: This would feel safer closer to the relevant syscall.
auto cap = gScheduler->CurrentProcess().ReleaseCapability(caps[i]); auto cap = gScheduler->CurrentProcess().GetCapability(caps[i]);
if (!cap) { if (!cap) {
return glcr::CAP_NOT_FOUND; return glcr::CAP_NOT_FOUND;
} }
if (!cap->HasPermissions(kZionPerm_Transmit)) {
return glcr::CAP_PERMISSION_DENIED;
}
cap = gScheduler->CurrentProcess().ReleaseCapability(caps[i]);
caps_.PushBack(cap); caps_.PushBack(cap);
} }

4
zion/object/address_space.h
View File

@ -37,7 +37,9 @@ class AddressSpace : public KernelObject {
public: public:
uint64_t TypeTag() override { return KernelObject::ADDRESS_SPACE; } uint64_t TypeTag() override { return KernelObject::ADDRESS_SPACE; }
static uint64_t DefaultPermissions() { return kZionPerm_Write; } static uint64_t DefaultPermissions() {
return kZionPerm_Write | kZionPerm_Transmit;
}
enum MemoryType { enum MemoryType {
UNSPECIFIED, UNSPECIFIED,

3
zion/object/channel.h
View File

@ -22,7 +22,8 @@ class Channel : public IpcObject {
public: public:
uint64_t TypeTag() override { return KernelObject::CHANNEL; } uint64_t TypeTag() override { return KernelObject::CHANNEL; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Read | kZionPerm_Write | kZionPerm_Duplicate; return kZionPerm_Read | kZionPerm_Write | kZionPerm_Duplicate |
kZionPerm_Transmit;
} }
static glcr::Pair<glcr::RefPtr<Channel>, glcr::RefPtr<Channel>> static glcr::Pair<glcr::RefPtr<Channel>, glcr::RefPtr<Channel>>

3
zion/object/endpoint.h
View File

@ -21,7 +21,8 @@ class Endpoint : public IpcObject {
public: public:
uint64_t TypeTag() override { return KernelObject::ENDPOINT; } uint64_t TypeTag() override { return KernelObject::ENDPOINT; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Read | kZionPerm_Write | kZionPerm_Duplicate; return kZionPerm_Read | kZionPerm_Write | kZionPerm_Duplicate |
kZionPerm_Transmit;
} }
static glcr::RefPtr<Endpoint> Create(); static glcr::RefPtr<Endpoint> Create();

3
zion/object/memory_object.h
View File

@ -23,7 +23,8 @@ class MemoryObject : public KernelObject {
public: public:
uint64_t TypeTag() override { return KernelObject::MEMORY_OBJECT; } uint64_t TypeTag() override { return KernelObject::MEMORY_OBJECT; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Write | kZionPerm_Read | kZionPerm_Duplicate; return kZionPerm_Write | kZionPerm_Read | kZionPerm_Duplicate |
kZionPerm_Transmit;
} }
MemoryObject(uint64_t size); MemoryObject(uint64_t size);

2
zion/object/process.h
View File

@ -24,7 +24,7 @@ class Process : public KernelObject {
uint64_t TypeTag() override { return KernelObject::PROCESS; } uint64_t TypeTag() override { return KernelObject::PROCESS; }
static uint64_t DefaultPermissions() { static uint64_t DefaultPermissions() {
return kZionPerm_Write | kZionPerm_Read | kZionPerm_SpawnThread | return kZionPerm_Write | kZionPerm_Read | kZionPerm_SpawnThread |
kZionPerm_SpawnProcess | kZionPerm_Duplicate; kZionPerm_SpawnProcess | kZionPerm_Duplicate | kZionPerm_Transmit;
} }
enum State { enum State {

2
zion/syscall/ipc.cpp
View File

@ -105,7 +105,7 @@ glcr::ErrorCode EndpointSend(ZEndpointSendReq* req) {
auto reply_port = ReplyPort::Create(); auto reply_port = ReplyPort::Create();
*req->reply_port_cap = proc.AddNewCapability(reply_port, kZionPerm_Read); *req->reply_port_cap = proc.AddNewCapability(reply_port, kZionPerm_Read);
uint64_t reply_port_cap_to_send = uint64_t reply_port_cap_to_send =
proc.AddNewCapability(reply_port, kZionPerm_Write); proc.AddNewCapability(reply_port, kZionPerm_Write | kZionPerm_Transmit);
return endpoint->Send(req->num_bytes, req->data, 1, &reply_port_cap_to_send); return endpoint->Send(req->num_bytes, req->data, 1, &reply_port_cap_to_send);
} }