Context Navigation

-              r456c086
+              r719a208
 /**
  * @file cap.c
  * @brief Capabilities control.
+ *
  * @see cap.h
  */
 #include <security/cap.h>
+ * @file perm.c
+ * @brief Task permissions control.
+ *
+ * @see perm.h
+ */
+#include <security/perm.h>
 #include <proc/task.h>
 #include <synch/spinlock.h>
 …
 #include <errno.h>
 /** Set capabilities.
+ *
  * @param task Task whose capabilities are to be changed.
  * @param caps New set of capabilities.
+ *
  */
 void cap_set(task_t *task, cap_t caps)
+/** Set permissions.
+ *
+ * @param task  Task whose permissions are to be changed.
+ * @param perms New set of permissions.
+ *
+ */
+void perm_set(task_t *task, perm_t perms)
+{
         irq_spinlock_lock(&task->lock, true);
         task->capabilities = caps;
+        task->perms = perms;
         irq_spinlock_unlock(&task->lock, true);
+}
 /** Get capabilities.
+ *
  * @param task Task whose capabilities are to be returned.
+ *
  * @return Task's capabilities.
+ *
  */
 cap_t cap_get(task_t *task)
+/** Get permissions.
+ *
+ * @param task Task whose permissions are to be returned.
+ *
+ * @return Task's permissions.
+ *
+ */
+perm_t perm_get(task_t *task)
+{
         irq_spinlock_lock(&task->lock, true);
         cap_t caps = task->capabilities;
+        perm_t perms = task->perms;
         irq_spinlock_unlock(&task->lock, true);
         return caps;
+}
 /** Grant capabilities to a task.
+ *
  * The calling task must have the CAP_CAP capability.
+ *
  * @param taskid Destination task ID.
  * @param caps   Capabilities to grant.
+ *
  * @return Zero on success or an error code from @ref errno.h.
+ *
  */
 static sysarg_t cap_grant(task_id_t taskid, cap_t caps)
+{
         if (!(cap_get(TASK) & CAP_CAP))
+        return perms;
+}
+/** Grant permissions to a task.
+ *
+ * The calling task must have the PERM_PERM permission.
+ *
+ * @param taskid Destination task ID.
+ * @param perms   Permissions to grant.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+static sysarg_t perm_grant(task_id_t taskid, perm_t perms)
+{
+        if (!(perm_get(TASK) & PERM_PERM))
                 return (sysarg_t) EPERM;
 …
         irq_spinlock_lock(&task->lock, false);
         task->capabilities |= caps;
+        task->perms |= perms;
         irq_spinlock_unlock(&task->lock, false);
 …
+}
 /** Revoke capabilities from a task.
+ *
  * The calling task must have the CAP_CAP capability or the caller must
  * attempt to revoke capabilities from itself.
+ *
  * @param taskid Destination task ID.
  * @param caps   Capabilities to revoke.
+ *
  * @return Zero on success or an error code from @ref errno.h.
+ *
  */
 static sysarg_t cap_revoke(task_id_t taskid, cap_t caps)
+/** Revoke permissions from a task.
+ *
+ * The calling task must have the PERM_PERM permission or the caller must
+ * attempt to revoke permissions from itself.
+ *
+ * @param taskid Destination task ID.
+ * @param perms   Permissions to revoke.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+static sysarg_t perm_revoke(task_id_t taskid, perm_t perms)
+{
         irq_spinlock_lock(&tasks_lock, true);
 …
         /*
          * Revoking capabilities is different from granting them in that
          * a task can revoke capabilities from itself even if it
          * doesn't have CAP_CAP.
+         * Revoking permissions is different from granting them in that
+         * a task can revoke permissions from itself even if it
+         * doesn't have PERM_PERM.
          */
         irq_spinlock_unlock(&TASK->lock, false);
         if ((!(TASK->capabilities & CAP_CAP)) || (task != TASK)) {
+        if ((!(TASK->perms & PERM_PERM)) || (task != TASK)) {
                 irq_spinlock_unlock(&TASK->lock, false);
                 irq_spinlock_unlock(&tasks_lock, true);
 …
+        }
         task->capabilities &= ~caps;
+        task->perms &= ~perms;
         irq_spinlock_unlock(&TASK->lock, false);
 …
 #ifdef __32_BITS__
 /** Grant capabilities to a task (32 bits)
+ *
  * The calling task must have the CAP_CAP capability.
+/** Grant permissions to a task (32 bits)
+ *
+ * The calling task must have the PERM_PERM permission.
+ *
  * @param uspace_taskid User-space pointer to destination task ID.
  * @param caps          Capabilities to grant.
+ *
  * @return Zero on success or an error code from @ref errno.h.
+ *
  */
 sysarg_t sys_cap_grant(sysarg64_t *uspace_taskid, cap_t caps)
+ * @param perms         Permissions to grant.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+sysarg_t sys_perm_grant(sysarg64_t *uspace_taskid, perm_t perms)
+{
         sysarg64_t taskid;
 …
                 return (sysarg_t) rc;
         return cap_grant((task_id_t) taskid, caps);
+}
 /** Revoke capabilities from a task (32 bits)
+ *
  * The calling task must have the CAP_CAP capability or the caller must
  * attempt to revoke capabilities from itself.
+        return perm_grant((task_id_t) taskid, perms);
+}
+/** Revoke permissions from a task (32 bits)
+ *
+ * The calling task must have the PERM_PERM permission or the caller must
+ * attempt to revoke permissions from itself.
+ *
  * @param uspace_taskid User-space pointer to destination task ID.
  * @param caps          Capabilities to revoke.
+ *
  * @return Zero on success or an error code from @ref errno.h.
+ *
  */
 sysarg_t sys_cap_revoke(sysarg64_t *uspace_taskid, cap_t caps)
+ * @param perms         Perms to revoke.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+sysarg_t sys_perm_revoke(sysarg64_t *uspace_taskid, perm_t perms)
+{
         sysarg64_t taskid;
 …
                 return (sysarg_t) rc;
         return cap_revoke((task_id_t) taskid, caps);
+        return perm_revoke((task_id_t) taskid, perms);
+}
 …
 #ifdef __64_BITS__
 /** Grant capabilities to a task (64 bits)
+ *
  * The calling task must have the CAP_CAP capability.
+ *
  * @param taskid Destination task ID.
  * @param caps   Capabilities to grant.
+ *
  * @return Zero on success or an error code from @ref errno.h.
+ *
  */
 sysarg_t sys_cap_grant(sysarg_t taskid, cap_t caps)
+{
         return cap_grant((task_id_t) taskid, caps);
+}
 /** Revoke capabilities from a task (64 bits)
+ *
  * The calling task must have the CAP_CAP capability or the caller must
  * attempt to revoke capabilities from itself.
+ *
  * @param taskid Destination task ID.
  * @param caps   Capabilities to revoke.
+ *
  * @return Zero on success or an error code from @ref errno.h.
+ *
  */
 sysarg_t sys_cap_revoke(sysarg_t taskid, cap_t caps)
+{
         return cap_revoke((task_id_t) taskid, caps);
+/** Grant permissions to a task (64 bits)
+ *
+ * The calling task must have the PERM_PERM permission.
+ *
+ * @param taskid Destination task ID.
+ * @param perms  Permissions to grant.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+sysarg_t sys_perm_grant(sysarg_t taskid, perm_t perms)
+{
+        return perm_grant((task_id_t) taskid, perms);
+}
+/** Revoke permissions from a task (64 bits)
+ *
+ * The calling task must have the PERM_PERM permission or the caller must
+ * attempt to revoke permissions from itself.
+ *
+ * @param taskid Destination task ID.
+ * @param perms  Permissions to revoke.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ *
+ */
+sysarg_t sys_perm_revoke(sysarg_t taskid, perm_t perms)
+{
+        return perm_revoke((task_id_t) taskid, perms);
+}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 719a208 in mainline for kernel/generic/src/security/perm.c

Legend:

kernel/generic/src/security/perm.c

Download in other formats: