Author: ed
Date: Wed Jul 29 12:42:45 2015
New Revision: 286006
URL: https://svnweb.freebsd.org/changeset/base/286006
Log:
Split up Capsicum to CloudABI rights conversion into two separate routines.
CloudABI's openat() ensures that files are opened with the smallest set
of relevant rights. For example, when opening a FIFO, unrelated rights
like CAP_RECV are automatically removed. To remove unrelated rights, we
can just reuse the code for this that was already present in the rights
conversion function.
Modified:
head/sys/compat/cloudabi/cloudabi_fd.c
Modified: head/sys/compat/cloudabi/cloudabi_fd.c
==============================================================================
--- head/sys/compat/cloudabi/cloudabi_fd.c Wed Jul 29 11:22:19 2015
(r286005)
+++ head/sys/compat/cloudabi/cloudabi_fd.c Wed Jul 29 12:42:45 2015
(r286006)
@@ -266,24 +266,11 @@ cloudabi_convert_filetype(const struct f
}
}
-/*
- * Converts FreeBSD's Capsicum rights to CloudABI's set of rights.
- */
+/* Removes rights that conflict with the file descriptor type. */
static void
-convert_capabilities(const cap_rights_t *capabilities,
- cloudabi_filetype_t filetype, cloudabi_rights_t *base,
- cloudabi_rights_t *inheriting)
+cloudabi_remove_conflicting_rights(cloudabi_filetype_t filetype,
+ cloudabi_rights_t *base, cloudabi_rights_t *inheriting)
{
- cloudabi_rights_t rights;
-
- /* Convert FreeBSD bits to CloudABI bits. */
- rights = 0;
-#define MAPPING(cloudabi, ...) do { \
- if (cap_rights_is_set(capabilities, ##__VA_ARGS__)) \
- rights |= (cloudabi); \
-} while (0);
- RIGHTS_MAPPINGS
-#undef MAPPING
/*
* CloudABI has a small number of additional rights bits to
@@ -303,7 +290,7 @@ convert_capabilities(const cap_rights_t
*/
switch (filetype) {
case CLOUDABI_FILETYPE_DIRECTORY:
- *base = rights & (CLOUDABI_RIGHT_FD_STAT_PUT_FLAGS |
+ *base &= CLOUDABI_RIGHT_FD_STAT_PUT_FLAGS |
CLOUDABI_RIGHT_FD_SYNC | CLOUDABI_RIGHT_FILE_ADVISE |
CLOUDABI_RIGHT_FILE_CREATE_DIRECTORY |
CLOUDABI_RIGHT_FILE_CREATE_FILE |
@@ -323,29 +310,77 @@ convert_capabilities(const cap_rights_t
CLOUDABI_RIGHT_FILE_UNLINK |
CLOUDABI_RIGHT_POLL_FD_READWRITE |
CLOUDABI_RIGHT_SOCK_BIND_DIRECTORY |
- CLOUDABI_RIGHT_SOCK_CONNECT_DIRECTORY);
- *inheriting = rights;
+ CLOUDABI_RIGHT_SOCK_CONNECT_DIRECTORY;
+ *inheriting &= CLOUDABI_RIGHT_FD_DATASYNC |
+ CLOUDABI_RIGHT_FD_READ |
+ CLOUDABI_RIGHT_FD_SEEK |
+ CLOUDABI_RIGHT_FD_STAT_PUT_FLAGS |
+ CLOUDABI_RIGHT_FD_SYNC |
+ CLOUDABI_RIGHT_FD_TELL |
+ CLOUDABI_RIGHT_FD_WRITE |
+ CLOUDABI_RIGHT_FILE_ADVISE |
+ CLOUDABI_RIGHT_FILE_ALLOCATE |
+ CLOUDABI_RIGHT_FILE_CREATE_DIRECTORY |
+ CLOUDABI_RIGHT_FILE_CREATE_FILE |
+ CLOUDABI_RIGHT_FILE_CREATE_FIFO |
+ CLOUDABI_RIGHT_FILE_LINK_SOURCE |
+ CLOUDABI_RIGHT_FILE_LINK_TARGET |
+ CLOUDABI_RIGHT_FILE_OPEN |
+ CLOUDABI_RIGHT_FILE_READDIR |
+ CLOUDABI_RIGHT_FILE_READLINK |
+ CLOUDABI_RIGHT_FILE_RENAME_SOURCE |
+ CLOUDABI_RIGHT_FILE_RENAME_TARGET |
+ CLOUDABI_RIGHT_FILE_STAT_FGET |
+ CLOUDABI_RIGHT_FILE_STAT_FPUT_SIZE |
+ CLOUDABI_RIGHT_FILE_STAT_FPUT_TIMES |
+ CLOUDABI_RIGHT_FILE_STAT_GET |
+ CLOUDABI_RIGHT_FILE_STAT_PUT_TIMES |
+ CLOUDABI_RIGHT_FILE_SYMLINK |
+ CLOUDABI_RIGHT_FILE_UNLINK |
+ CLOUDABI_RIGHT_MEM_MAP |
+ CLOUDABI_RIGHT_MEM_MAP_EXEC |
+ CLOUDABI_RIGHT_POLL_FD_READWRITE |
+ CLOUDABI_RIGHT_PROC_EXEC |
+ CLOUDABI_RIGHT_SOCK_BIND_DIRECTORY |
+ CLOUDABI_RIGHT_SOCK_CONNECT_DIRECTORY;
break;
case CLOUDABI_FILETYPE_FIFO:
- *base = rights & ~(CLOUDABI_RIGHT_FILE_ADVISE |
- CLOUDABI_RIGHT_FILE_ALLOCATE |
- CLOUDABI_RIGHT_FILE_READDIR);
+ *base &= CLOUDABI_RIGHT_FD_READ |
+ CLOUDABI_RIGHT_FD_STAT_PUT_FLAGS |
+ CLOUDABI_RIGHT_FD_WRITE |
+ CLOUDABI_RIGHT_FILE_STAT_FGET |
+ CLOUDABI_RIGHT_POLL_FD_READWRITE;
*inheriting = 0;
break;
case CLOUDABI_FILETYPE_POLL:
- *base = rights & ~CLOUDABI_RIGHT_FILE_ADVISE;
+ *base &= ~CLOUDABI_RIGHT_FILE_ADVISE;
*inheriting = 0;
break;
case CLOUDABI_FILETYPE_PROCESS:
- *base = rights & ~CLOUDABI_RIGHT_FILE_ADVISE;
+ *base &= ~CLOUDABI_RIGHT_FILE_ADVISE;
*inheriting = 0;
break;
case CLOUDABI_FILETYPE_REGULAR_FILE:
- *base = rights & ~CLOUDABI_RIGHT_FILE_READDIR;
+ *base &= CLOUDABI_RIGHT_FD_DATASYNC |
+ CLOUDABI_RIGHT_FD_READ |
+ CLOUDABI_RIGHT_FD_SEEK |
+ CLOUDABI_RIGHT_FD_STAT_PUT_FLAGS |
+ CLOUDABI_RIGHT_FD_SYNC |
+ CLOUDABI_RIGHT_FD_TELL |
+ CLOUDABI_RIGHT_FD_WRITE |
+ CLOUDABI_RIGHT_FILE_ADVISE |
+ CLOUDABI_RIGHT_FILE_ALLOCATE |
+ CLOUDABI_RIGHT_FILE_STAT_FGET |
+ CLOUDABI_RIGHT_FILE_STAT_FPUT_SIZE |
+ CLOUDABI_RIGHT_FILE_STAT_FPUT_TIMES |
+ CLOUDABI_RIGHT_MEM_MAP |
+ CLOUDABI_RIGHT_MEM_MAP_EXEC |
+ CLOUDABI_RIGHT_POLL_FD_READWRITE |
+ CLOUDABI_RIGHT_PROC_EXEC;
*inheriting = 0;
break;
case CLOUDABI_FILETYPE_SHARED_MEMORY:
- *base = rights & ~(CLOUDABI_RIGHT_FD_SEEK |
+ *base &= ~(CLOUDABI_RIGHT_FD_SEEK |
CLOUDABI_RIGHT_FD_TELL |
CLOUDABI_RIGHT_FILE_ADVISE |
CLOUDABI_RIGHT_FILE_ALLOCATE |
@@ -355,7 +390,7 @@ convert_capabilities(const cap_rights_t
case CLOUDABI_FILETYPE_SOCKET_DGRAM:
case CLOUDABI_FILETYPE_SOCKET_SEQPACKET:
case CLOUDABI_FILETYPE_SOCKET_STREAM:
- *base = rights & (CLOUDABI_RIGHT_FD_READ |
+ *base &= CLOUDABI_RIGHT_FD_READ |
CLOUDABI_RIGHT_FD_STAT_PUT_FLAGS |
CLOUDABI_RIGHT_FD_WRITE |
CLOUDABI_RIGHT_FILE_STAT_FGET |
@@ -365,16 +400,36 @@ convert_capabilities(const cap_rights_t
CLOUDABI_RIGHT_SOCK_CONNECT_SOCKET |
CLOUDABI_RIGHT_SOCK_LISTEN |
CLOUDABI_RIGHT_SOCK_SHUTDOWN |
- CLOUDABI_RIGHT_SOCK_STAT_GET);
- *inheriting = rights;
+ CLOUDABI_RIGHT_SOCK_STAT_GET;
break;
default:
- *base = rights;
*inheriting = 0;
break;
}
}
+/* Converts FreeBSD's Capsicum rights to CloudABI's set of rights. */
+static void
+convert_capabilities(const cap_rights_t *capabilities,
+ cloudabi_filetype_t filetype, cloudabi_rights_t *base,
+ cloudabi_rights_t *inheriting)
+{
+ cloudabi_rights_t rights;
+
+ /* Convert FreeBSD bits to CloudABI bits. */
+ rights = 0;
+#define MAPPING(cloudabi, ...) do { \
+ if (cap_rights_is_set(capabilities, ##__VA_ARGS__)) \
+ rights |= (cloudabi); \
+} while (0);
+ RIGHTS_MAPPINGS
+#undef MAPPING
+
+ *base = rights;
+ *inheriting = rights;
+ cloudabi_remove_conflicting_rights(filetype, base, inheriting);
+}
+
int
cloudabi_sys_fd_stat_get(struct thread *td,
struct cloudabi_sys_fd_stat_get_args *uap)
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
