Add a way to restrict permissions on cap duplication.
This commit is contained in:
parent
7dd10a3e53
commit
f31652b981
|
@ -9,8 +9,7 @@ void EndpointServerThreadBootstrap(void* endpoint_server) {
|
|||
|
||||
glcr::ErrorOr<glcr::UniquePtr<EndpointClient>> EndpointServer::CreateClient() {
|
||||
uint64_t client_cap;
|
||||
// FIXME: Restrict permissions to send-only here.
|
||||
RET_ERR(ZCapDuplicate(endpoint_cap_, &client_cap));
|
||||
RET_ERR(ZCapDuplicate(endpoint_cap_, ~(kZionPerm_Read), &client_cap));
|
||||
return EndpointClient::AdoptEndpoint(client_cap);
|
||||
}
|
||||
|
||||
|
|
|
@ -13,9 +13,8 @@ PortServer PortServer::AdoptCap(z_cap_t cap) { return PortServer(cap); }
|
|||
PortServer::PortServer(z_cap_t port_cap) : port_cap_(port_cap) {}
|
||||
|
||||
glcr::ErrorOr<PortClient> PortServer::CreateClient() {
|
||||
// FIXME: Restrict permissions.
|
||||
z_cap_t new_port;
|
||||
RET_ERR(ZCapDuplicate(port_cap_, &new_port));
|
||||
RET_ERR(ZCapDuplicate(port_cap_, ~(kZionPerm_Read), &new_port));
|
||||
return PortClient::AdoptPort(new_port);
|
||||
}
|
||||
|
||||
|
|
|
@ -31,8 +31,7 @@ void DenaliServerBaseThreadBootstrap(void* server_base) {
|
|||
|
||||
glcr::ErrorOr<DenaliClient> DenaliServerBase::CreateClient() {
|
||||
uint64_t client_cap;
|
||||
// FIXME: Restrict permissions to send-only here.
|
||||
RET_ERR(ZCapDuplicate(endpoint_, &client_cap));
|
||||
RET_ERR(ZCapDuplicate(endpoint_, ~(kZionPerm_Read), &client_cap));
|
||||
return DenaliClient(client_cap);
|
||||
}
|
||||
|
||||
|
|
|
@ -31,8 +31,7 @@ void VFSServerBaseThreadBootstrap(void* server_base) {
|
|||
|
||||
glcr::ErrorOr<VFSClient> VFSServerBase::CreateClient() {
|
||||
uint64_t client_cap;
|
||||
// FIXME: Restrict permissions to send-only here.
|
||||
RET_ERR(ZCapDuplicate(endpoint_, &client_cap));
|
||||
RET_ERR(ZCapDuplicate(endpoint_, ~(kZionPerm_Read), &client_cap));
|
||||
return VFSClient(client_cap);
|
||||
}
|
||||
|
||||
|
|
|
@ -31,8 +31,7 @@ void YellowstoneServerBaseThreadBootstrap(void* server_base) {
|
|||
|
||||
glcr::ErrorOr<YellowstoneClient> YellowstoneServerBase::CreateClient() {
|
||||
uint64_t client_cap;
|
||||
// FIXME: Restrict permissions to send-only here.
|
||||
RET_ERR(ZCapDuplicate(endpoint_, &client_cap));
|
||||
RET_ERR(ZCapDuplicate(endpoint_, ~(kZionPerm_Read), &client_cap));
|
||||
return YellowstoneClient(client_cap);
|
||||
}
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ glcr::ErrorCode YellowstoneServer::HandleGetAhciInfo(const Empty&,
|
|||
glcr::ErrorCode YellowstoneServer::HandleGetDenali(const Empty&,
|
||||
DenaliInfo& info) {
|
||||
z_cap_t new_denali;
|
||||
check(ZCapDuplicate(denali_cap_, &new_denali));
|
||||
check(ZCapDuplicate(denali_cap_, kZionPerm_All, &new_denali));
|
||||
info.set_denali_endpoint(new_denali);
|
||||
info.set_device_id(device_id_);
|
||||
info.set_lba_offset(lba_offset_);
|
||||
|
|
|
@ -31,8 +31,7 @@ void {{interface.name}}ServerBaseThreadBootstrap(void* server_base) {
|
|||
|
||||
glcr::ErrorOr<{{interface.name}}Client> {{interface.name}}ServerBase::CreateClient() {
|
||||
uint64_t client_cap;
|
||||
// FIXME: Restrict permissions to send-only here.
|
||||
RET_ERR(ZCapDuplicate(endpoint_, &client_cap));
|
||||
RET_ERR(ZCapDuplicate(endpoint_, ~(kZionPerm_Read), &client_cap));
|
||||
return {{interface.name}}Client(client_cap);
|
||||
}
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ SYS5(ReplyPortSend, z_cap_t, reply_port_cap, uint64_t, num_bytes, const void*,
|
|||
SYS5(ReplyPortRecv, z_cap_t, reply_port_cap, uint64_t*, num_bytes, void*, data,
|
||||
uint64_t*, num_caps, z_cap_t*, caps);
|
||||
|
||||
SYS2(CapDuplicate, z_cap_t, cap_in, z_cap_t*, cap_out);
|
||||
SYS3(CapDuplicate, z_cap_t, cap_in, z_perm_t, perm_mask, z_cap_t*, cap_out);
|
||||
|
||||
SYS1(MutexCreate, z_cap_t*, mutex_cap);
|
||||
SYS1(MutexLock, z_cap_t, mutex_cap);
|
||||
|
|
|
@ -67,6 +67,7 @@ const uint64_t kZionDebug = 0x1'0000;
|
|||
* ------------------------------*/
|
||||
|
||||
typedef uint64_t z_cap_t;
|
||||
typedef uint64_t z_perm_t;
|
||||
|
||||
const uint64_t kZionInvalidCapability = 0x0;
|
||||
|
||||
|
@ -87,6 +88,9 @@ const uint64_t kZionPerm_SpawnThread = 0x200;
|
|||
const uint64_t kZionPerm_Lock = 0x100;
|
||||
const uint64_t kZionPerm_Release = 0x200;
|
||||
|
||||
const z_perm_t kZionPerm_None = 0;
|
||||
const z_perm_t kZionPerm_All = -1;
|
||||
|
||||
/* ------------------------------
|
||||
* Process Init Types
|
||||
*
|
||||
|
|
|
@ -13,6 +13,8 @@ z_err_t CapDuplicate(ZCapDuplicateReq* req) {
|
|||
if (!(cap->permissions() & kZionPerm_Duplicate)) {
|
||||
return glcr::CAP_PERMISSION_DENIED;
|
||||
}
|
||||
*req->cap_out = proc.AddExistingCapability(cap);
|
||||
|
||||
*req->cap_out = proc.AddNewCapability(cap->raw_obj(),
|
||||
cap->permissions() & req->perm_mask);
|
||||
return glcr::OK;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue