Changeset 719a208 in mainline

Timestamp:

2017-05-30T05:59:09Z (7 years ago)

Author:

Jakub Jermar <jakub@…>

Branches:

lfn, master, serial, ticket/834-toolchain-update, topic/msim-upgrade, topic/simplify-dev-export

Children:

f2460a50

Parents:

456c086

Message:

Rename SYS_CAP_GRANT/REVOKE to SYS_PERM_GRANT/REVOKE

Files:

• abi/include/abi/syscall.h (modified) (1 diff)
• kernel/Makefile (modified) (1 diff)
• kernel/generic/include/proc/task.h (modified) (3 diffs)
• kernel/generic/include/security/perm.h (moved) (moved from kernel/generic/include/security/cap.h ) (2 diffs)
• kernel/generic/src/ddi/ddi.c (modified) (7 diffs)
• kernel/generic/src/ipc/sysipc.c (modified) (3 diffs)
• kernel/generic/src/main/kinit.c (modified) (2 diffs)
• kernel/generic/src/proc/program.c (modified) (2 diffs)
• kernel/generic/src/proc/task.c (modified) (1 diff)
• kernel/generic/src/security/perm.c (moved) (moved from kernel/generic/src/security/cap.c ) (10 diffs)
• kernel/generic/src/syscall/syscall.c (modified) (2 diffs)
• uspace/app/trace/syscalls.c (modified) (1 diff)
• uspace/lib/c/Makefile (modified) (1 diff)
• uspace/lib/c/generic/perm.c (moved) (moved from uspace/lib/c/generic/cap.c ) (1 diff)
• uspace/lib/c/include/perm.h (moved) (moved from uspace/lib/c/include/cap.h ) (1 diff)

abi/include/abi/syscall.h

@@ -78 +78 @@
         SYS_IPC_EVENT_UNMASK,
         
-        SYS_CAP_GRANT,
-        SYS_CAP_REVOKE,
+        SYS_PERM_GRANT,
+        SYS_PERM_REVOKE,
         
         SYS_DEVICE_ASSIGN_DEVNO,

kernel/Makefile

@@ -286 +286 @@
         generic/src/ipc/irq.c \
         generic/src/ipc/event.c \
-        generic/src/security/cap.c \
+        generic/src/security/perm.c \
         generic/src/sysinfo/sysinfo.c \
         generic/src/sysinfo/stats.c

kernel/generic/include/proc/task.h

@@ -48 +48 @@
 #include <adt/cht.h>
 #include <adt/list.h>
-#include <security/cap.h>
+#include <security/perm.h>
 #include <arch/proc/task.h>
 #include <arch/proc/thread.h>
@@ -93 +93 @@
         atomic_t lifecount;
         
-        /** Task capabilities. */
-        cap_t capabilities;
+        /** Task permissions. */
+        perm_t perms;
         
         /* IPC stuff */
@@ -159 +159 @@
 extern void task_print_list(bool);
 
-extern void cap_set(task_t *, cap_t);
-extern cap_t cap_get(task_t *);
+extern void perm_set(task_t *, perm_t);
+extern perm_t perm_get(task_t *);
 
 #ifndef task_create_arch

kernel/generic/include/security/perm.h

@@ -35 +35 @@
 /**
  * @file
- * @brief Capabilities definitions.
+ * @brief Task permissions definitions.
  *
- * Capabilities represent virtual rights that entitle their
+ * Permissions represent virtual rights that entitle their
  * holder to perform certain security sensitive tasks.
  *
- * Each task can have arbitrary combination of the capabilities
+ * Each task can have arbitrary combination of the permissions 
  * defined in this file. Therefore, they are required to be powers
  * of two.
  */
 
-#ifndef __CAP_H__
-#define __CAP_H__
+#ifndef __PERM_H__
+#define __PERM_H__
 
 #include <typedefs.h>
 
 /**
- * CAP_CAP allows its holder to grant/revoke arbitrary
- * privilege to/from other tasks.
+ * PERM_PERM allows its holder to grant/revoke arbitrary permission to/from
+ * other tasks.
  */
-#define CAP_CAP  (1 << 0)
+#define PERM_PERM        (1 << 0)
 
 /**
- * CAP_MEM_MANAGER allows its holder to map physical memory
- * to other tasks.
+ * PERM_MEM_MANAGER allows its holder to map physical memory to other tasks.
  */
-#define CAP_MEM_MANAGER  (1 << 1)
+#define PERM_MEM_MANAGER (1 << 1)
 
 /**
- * CAP_IO_MANAGER allows its holder to access I/O space
- * to other tasks.
+ * PERM_IO_MANAGER allows its holder to access I/O space to other tasks.
  */
-#define CAP_IO_MANAGER  (1 << 2)
+#define PERM_IO_MANAGER  (1 << 2)
 
 /**
- * CAP_IRQ_REG entitles its holder to register IRQ handlers.
+ * PERM_IRQ_REG entitles its holder to register IRQ handlers.
  */
-#define CAP_IRQ_REG  (1 << 3)
+#define PERM_IRQ_REG     (1 << 3)
 
-typedef uint32_t cap_t;
+typedef uint32_t perm_t;
 
 #ifdef __32_BITS__
 
-extern sysarg_t sys_cap_grant(sysarg64_t *, cap_t);
-extern sysarg_t sys_cap_revoke(sysarg64_t *, cap_t);
+extern sysarg_t sys_perm_grant(sysarg64_t *, perm_t);
+extern sysarg_t sys_perm_revoke(sysarg64_t *, perm_t);
 
 #endif  /* __32_BITS__ */
@@ -84 +82 @@
 #ifdef __64_BITS__
 
-extern sysarg_t sys_cap_grant(sysarg_t, cap_t);
-extern sysarg_t sys_cap_revoke(sysarg_t, cap_t);
+extern sysarg_t sys_perm_grant(sysarg_t, perm_t);
+extern sysarg_t sys_perm_revoke(sysarg_t, perm_t);
 
 #endif  /* __64_BITS__ */

kernel/generic/src/ddi/ddi.c

@@ -42 +42 @@
 #include <ddi/ddi.h>
 #include <proc/task.h>
-#include <security/cap.h>
+#include <security/perm.h>
 #include <mm/frame.h>
 #include <mm/as.h>
@@ -96 +96 @@
  *
  * @return EOK on success.
- * @return EPERM if the caller lacks capabilities to use this syscall.
+ * @return EPERM if the caller lacks permissions to use this syscall.
  * @return EBADMEM if phys is not page aligned.
  * @return ENOENT if there is no task matching the specified ID or
@@ -116 +116 @@
          */
         bool priv =
-            ((cap_get(TASK) & CAP_MEM_MANAGER) == CAP_MEM_MANAGER);
+            ((perm_get(TASK) & PERM_MEM_MANAGER) == PERM_MEM_MANAGER);
         
         mem_backend_data_t backend_data;
@@ -260 +260 @@
  * @param size   Size of the enabled I/O space.
  *
- * @return 0 on success, EPERM if the caller lacks capabilities to use this
+ * @return 0 on success, EPERM if the caller lacks permissions to use this
  *           syscall, ENOENT if there is no task matching the specified ID.
  *
@@ -269 +269 @@
          * Make sure the caller is authorised to make this syscall.
          */
-        cap_t caps = cap_get(TASK);
-        if (!(caps & CAP_IO_MANAGER))
+        perm_t perms = perm_get(TASK);
+        if (!(perms & PERM_IO_MANAGER))
                 return EPERM;
         
@@ -301 +301 @@
  * @param size   Size of the enabled I/O space.
  *
- * @return 0 on success, EPERM if the caller lacks capabilities to use this
+ * @return 0 on success, EPERM if the caller lacks permissions to use this
  *           syscall, ENOENT if there is no task matching the specified ID.
  *
@@ -310 +310 @@
          * Make sure the caller is authorised to make this syscall.
          */
-        cap_t caps = cap_get(TASK);
-        if (!(caps & CAP_IO_MANAGER))
+        perm_t perms = perm_get(TASK);
+        if (!(perms & PERM_IO_MANAGER))
                 return EPERM;
         

kernel/generic/src/ipc/sysipc.c

@@ -48 +48 @@
 #include <arch/interrupt.h>
 #include <syscall/copy.h>
-#include <security/cap.h>
+#include <security/perm.h>
 #include <console/console.h>
 #include <print.h>
@@ -811 +811 @@
     irq_code_t *ucode)
 {
-        if (!(cap_get(TASK) & CAP_IRQ_REG))
+        if (!(perm_get(TASK) & PERM_IRQ_REG))
                 return EPERM;
         
@@ -827 +827 @@
 sysarg_t sys_ipc_irq_unsubscribe(inr_t inr, devno_t devno)
 {
-        if (!(cap_get(TASK) & CAP_IRQ_REG))
+        if (!(perm_get(TASK) & PERM_IRQ_REG))
                 return EPERM;
         

kernel/generic/src/main/kinit.c

@@ -64 +64 @@
 #include <interrupt.h>
 #include <console/kconsole.h>
-#include <security/cap.h>
+#include <security/perm.h>
 #include <lib/rd.h>
 #include <ipc/ipc.h>
@@ -259 +259 @@
                         if (programs[i].task != NULL) {
                                 /*
-                                 * Set capabilities to init userspace tasks.
+                                 * Set permissions to init userspace tasks.
                                  */
-                                cap_set(programs[i].task, CAP_CAP | CAP_MEM_MANAGER |
-                                    CAP_IO_MANAGER | CAP_IRQ_REG);
+                                perm_set(programs[i].task,
+                                    PERM_PERM | PERM_MEM_MANAGER |
+                                    PERM_IO_MANAGER | PERM_IRQ_REG);
                                 
                                 if (!ipc_phone_0) {

kernel/generic/src/proc/program.c

@@ -46 +46 @@
 #include <ipc/ipc.h>
 #include <ipc/ipcrsc.h>
-#include <security/cap.h>
+#include <security/perm.h>
 #include <lib/elf_load.h>
 #include <errno.h>
@@ -244 +244 @@
                 return rc;
         
-        // FIXME: control the capabilities
-        cap_set(prg.task, cap_get(TASK));
+        // FIXME: control the permissions 
+        perm_set(prg.task, perm_get(TASK));
         program_ready(&prg);
         

kernel/generic/src/proc/task.c

@@ -203 +203 @@
         
         task->container = CONTAINER;
-        task->capabilities = 0;
+        task->perms = 0;
         task->ucycles = 0;
         task->kcycles = 0;

kernel/generic/src/security/perm.c

@@ -32 +32 @@
 
 /**
- * @file cap.c
- * @brief Capabilities control.
- *
- * @see cap.h
- */
-
-#include <security/cap.h>
+ * @file perm.c
+ * @brief Task permissions control.
+ *
+ * @see perm.h
+ */
+
+#include <security/perm.h>
 #include <proc/task.h>
 #include <synch/spinlock.h>
@@ -45 +45 @@
 #include <errno.h>
 
-/** Set capabilities.
- *
- * @param task Task whose capabilities are to be changed.
- * @param caps New set of capabilities.
- *
- */
-void cap_set(task_t *task, cap_t caps)
+/** Set permissions.
+ *
+ * @param task  Task whose permissions are to be changed.
+ * @param perms New set of permissions.
+ *
+ */
+void perm_set(task_t *task, perm_t perms)
 {
         irq_spinlock_lock(&task->lock, true);
-        task->capabilities = caps;
+        task->perms = perms;
         irq_spinlock_unlock(&task->lock, true);
 }
 
-/** Get capabilities.
- *
- * @param task Task whose capabilities are to be returned.
- *
- * @return Task's capabilities.
- *
- */
-cap_t cap_get(task_t *task)
+/** Get permissions.
+ *
+ * @param task Task whose permissions are to be returned.
+ *
+ * @return Task's permissions.
+ *
+ */
+perm_t perm_get(task_t *task)
 {
         irq_spinlock_lock(&task->lock, true);
-        cap_t caps = task->capabilities;
+        perm_t perms = task->perms;
         irq_spinlock_unlock(&task->lock, true);
         
-        return caps;
-}
-
-/** Grant capabilities to a task.
- *
- * The calling task must have the CAP_CAP capability.
- *
- * @param taskid Destination task ID.
- * @param caps   Capabilities to grant.
- *
- * @return Zero on success or an error code from @ref errno.h.
- *
- */
-static sysarg_t cap_grant(task_id_t taskid, cap_t caps)
-{
-        if (!(cap_get(TASK) & CAP_CAP))
+        return perms;
+}
+
+/** Grant permissions to a task.
+ *
+ * The calling task must have the PERM_PERM permission.
+ *
+ * @param taskid Destination task ID.
+ * @param perms   Permissions to grant.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+static sysarg_t perm_grant(task_id_t taskid, perm_t perms)
+{
+        if (!(perm_get(TASK) & PERM_PERM))
                 return (sysarg_t) EPERM;
         
@@ -98 +98 @@
         
         irq_spinlock_lock(&task->lock, false);
-        task->capabilities |= caps;
+        task->perms |= perms;
         irq_spinlock_unlock(&task->lock, false);
         
@@ -105 +105 @@
 }
 
-/** Revoke capabilities from a task.
- *
- * The calling task must have the CAP_CAP capability or the caller must
- * attempt to revoke capabilities from itself.
- *
- * @param taskid Destination task ID.
- * @param caps   Capabilities to revoke.
- *
- * @return Zero on success or an error code from @ref errno.h.
- *
- */
-static sysarg_t cap_revoke(task_id_t taskid, cap_t caps)
+/** Revoke permissions from a task.
+ *
+ * The calling task must have the PERM_PERM permission or the caller must
+ * attempt to revoke permissions from itself.
+ *
+ * @param taskid Destination task ID.
+ * @param perms   Permissions to revoke.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+static sysarg_t perm_revoke(task_id_t taskid, perm_t perms)
 {
         irq_spinlock_lock(&tasks_lock, true);
@@ -127 +127 @@
         
         /*
-         * Revoking capabilities is different from granting them in that
-         * a task can revoke capabilities from itself even if it
-         * doesn't have CAP_CAP.
+         * Revoking permissions is different from granting them in that
+         * a task can revoke permissions from itself even if it
+         * doesn't have PERM_PERM.
          */
         irq_spinlock_unlock(&TASK->lock, false);
         
-        if ((!(TASK->capabilities & CAP_CAP)) || (task != TASK)) {
+        if ((!(TASK->perms & PERM_PERM)) || (task != TASK)) {
                 irq_spinlock_unlock(&TASK->lock, false);
                 irq_spinlock_unlock(&tasks_lock, true);
@@ -139 +139 @@
         }
         
-        task->capabilities &= ~caps;
+        task->perms &= ~perms;
         irq_spinlock_unlock(&TASK->lock, false);
         
@@ -148 +148 @@
 #ifdef __32_BITS__
 
-/** Grant capabilities to a task (32 bits)
- *
- * The calling task must have the CAP_CAP capability.
+/** Grant permissions to a task (32 bits)
+ *
+ * The calling task must have the PERM_PERM permission.
  *
  * @param uspace_taskid User-space pointer to destination task ID.
- * @param caps          Capabilities to grant.
- *
- * @return Zero on success or an error code from @ref errno.h.
- *
- */
-sysarg_t sys_cap_grant(sysarg64_t *uspace_taskid, cap_t caps)
+ * @param perms         Permissions to grant.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+sysarg_t sys_perm_grant(sysarg64_t *uspace_taskid, perm_t perms)
 {
         sysarg64_t taskid;
@@ -165 +165 @@
                 return (sysarg_t) rc;
         
-        return cap_grant((task_id_t) taskid, caps);
-}
-
-/** Revoke capabilities from a task (32 bits)
- *
- * The calling task must have the CAP_CAP capability or the caller must
- * attempt to revoke capabilities from itself.
+        return perm_grant((task_id_t) taskid, perms);
+}
+
+/** Revoke permissions from a task (32 bits)
+ *
+ * The calling task must have the PERM_PERM permission or the caller must
+ * attempt to revoke permissions from itself.
  *
  * @param uspace_taskid User-space pointer to destination task ID.
- * @param caps          Capabilities to revoke.
- *
- * @return Zero on success or an error code from @ref errno.h.
- *
- */
-sysarg_t sys_cap_revoke(sysarg64_t *uspace_taskid, cap_t caps)
+ * @param perms         Perms to revoke.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+sysarg_t sys_perm_revoke(sysarg64_t *uspace_taskid, perm_t perms)
 {
         sysarg64_t taskid;
@@ -186 +186 @@
                 return (sysarg_t) rc;
         
-        return cap_revoke((task_id_t) taskid, caps);
+        return perm_revoke((task_id_t) taskid, perms);
 }
 
@@ -193 +193 @@
 #ifdef __64_BITS__
 
-/** Grant capabilities to a task (64 bits)
- *
- * The calling task must have the CAP_CAP capability.
- *
- * @param taskid Destination task ID.
- * @param caps   Capabilities to grant.
- *
- * @return Zero on success or an error code from @ref errno.h.
- *
- */
-sysarg_t sys_cap_grant(sysarg_t taskid, cap_t caps)
-{
-        return cap_grant((task_id_t) taskid, caps);
-}
-
-/** Revoke capabilities from a task (64 bits)
- *
- * The calling task must have the CAP_CAP capability or the caller must
- * attempt to revoke capabilities from itself.
- *
- * @param taskid Destination task ID.
- * @param caps   Capabilities to revoke.
- *
- * @return Zero on success or an error code from @ref errno.h.
- *
- */
-sysarg_t sys_cap_revoke(sysarg_t taskid, cap_t caps)
-{
-        return cap_revoke((task_id_t) taskid, caps);
+/** Grant permissions to a task (64 bits)
+ *
+ * The calling task must have the PERM_PERM permission.
+ *
+ * @param taskid Destination task ID.
+ * @param perms  Permissions to grant.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+sysarg_t sys_perm_grant(sysarg_t taskid, perm_t perms)
+{
+        return perm_grant((task_id_t) taskid, perms);
+}
+
+/** Revoke permissions from a task (64 bits)
+ *
+ * The calling task must have the PERM_PERM permission or the caller must
+ * attempt to revoke permissions from itself.
+ *
+ * @param taskid Destination task ID.
+ * @param perms  Permissions to revoke.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+sysarg_t sys_perm_revoke(sysarg_t taskid, perm_t perms)
+{
+        return perm_revoke((task_id_t) taskid, perms);
 }
 

kernel/generic/src/syscall/syscall.c

@@ -53 +53 @@
 #include <ddi/ddi.h>
 #include <ipc/event.h>
-#include <security/cap.h>
+#include <security/perm.h>
 #include <sysinfo/sysinfo.h>
 #include <console/console.h>
@@ -171 +171 @@
         (syshandler_t) sys_ipc_event_unmask,
         
-        /* Capabilities related syscalls. */
-        (syshandler_t) sys_cap_grant,
-        (syshandler_t) sys_cap_revoke,
+        /* Permission related syscalls. */
+        (syshandler_t) sys_perm_grant,
+        (syshandler_t) sys_perm_revoke,
         
         /* DDI related syscalls. */

uspace/app/trace/syscalls.c

@@ -68 +68 @@
     [SYS_IPC_EVENT_UNMASK] = { "ipc_event_unmask",      1,      V_ERRNO },
 
-    [SYS_CAP_GRANT] = { "cap_grant",                    2,      V_ERRNO },
-    [SYS_CAP_REVOKE] = { "cap_revoke",                  2,      V_ERRNO },
+    [SYS_PERM_GRANT] = { "perm_grant",                  2,      V_ERRNO },
+    [SYS_PERM_REVOKE] = { "perm_revoke",                2,      V_ERRNO },
     [SYS_PHYSMEM_MAP] = { "physmem_map",                4,      V_ERRNO },
     [SYS_IOSPACE_ENABLE] = { "iospace_enable",          1,      V_ERRNO },

uspace/lib/c/Makefile

@@ -63 +63 @@
         generic/bd.c \
         generic/bd_srv.c \
-        generic/cap.c \
+        generic/perm.c \
         generic/clipboard.c \
         generic/config.c \

uspace/lib/c/generic/perm.c

@@ -31 +31 @@
  */
 /**
- * @file  cap.c
- * @brief Functions to grant/revoke capabilities to/from a task.
+ * @file  perm.c
+ * @brief Functions to grant/revoke permissions to/from a task.
  */
 
-#include <cap.h>
+#include <perm.h>
 #include <task.h>
 #include <libc.h>
 #include <libarch/types.h>
 
-/** Grant capabilities to a task.
+/** Grant permissions to a task.
  *
- * @param id   Destination task ID.
- * @param caps Capabilities to grant.
+ * @param id    Destination task ID.
+ * @param perms Permissions to grant.
  *
  * @return Zero on success or a value from @ref errno.h on failure.
  *
  */
-int cap_grant(task_id_t id, unsigned int caps)
+int perm_grant(task_id_t id, unsigned int perms)
 {
 #ifdef __32_BITS__
         sysarg64_t arg = (sysarg64_t) id;
-        return __SYSCALL2(SYS_CAP_GRANT, (sysarg_t) &arg, (sysarg_t) caps);
+        return __SYSCALL2(SYS_PERM_GRANT, (sysarg_t) &arg, (sysarg_t) perms);
 #endif
         
 #ifdef __64_BITS__
-        return __SYSCALL2(SYS_CAP_GRANT, (sysarg_t) id, (sysarg_t) caps);
+        return __SYSCALL2(SYS_PERM_GRANT, (sysarg_t) id, (sysarg_t) perms);
 #endif
 }
 
-/** Revoke capabilities from a task.
+/** Revoke permissions from a task.
  *
- * @param id   Destination task ID.
- * @param caps Capabilities to revoke.
+ * @param id    Destination task ID.
+ * @param perms Permissions to revoke.
  *
  * @return Zero on success or a value from @ref errno.h on failure.
  *
  */
-int cap_revoke(task_id_t id, unsigned int caps)
+int perm_revoke(task_id_t id, unsigned int perms)
 {
 #ifdef __32_BITS__
         sysarg64_t arg = (sysarg64_t) id;
-        return __SYSCALL2(SYS_CAP_REVOKE, (sysarg_t) &arg, (sysarg_t) caps);
+        return __SYSCALL2(SYS_PERM_REVOKE, (sysarg_t) &arg, (sysarg_t) perms);
 #endif
         
 #ifdef __64_BITS__
-        return __SYSCALL2(SYS_CAP_REVOKE, (sysarg_t) id, (sysarg_t) caps);
+        return __SYSCALL2(SYS_PERM_REVOKE, (sysarg_t) id, (sysarg_t) perms);
 #endif
 }

uspace/lib/c/include/perm.h

@@ -33 +33 @@
  */
 
-#ifndef LIB_CAP_H_
-#define LIB_CAP_H_
+#ifndef LIB_PERM_H_
+#define LIB_PERM_H_
 
 #include <task.h>
 
-extern int cap_grant(task_id_t id, unsigned int caps);
-extern int cap_revoke(task_id_t id, unsigned int caps);
+extern int perm_grant(task_id_t, unsigned int);
+extern int perm_revoke(task_id_t, unsigned int);
 
 #endif