From owner-p4-projects@FreeBSD.ORG  Mon Jan 19 14:56:32 2009
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6C5B11065756; Mon, 19 Jan 2009 14:56:32 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 09201106574A
	for <perforce@freebsd.org>; Mon, 19 Jan 2009 14:56:32 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id E9AC98FC19
	for <perforce@freebsd.org>; Mon, 19 Jan 2009 14:56:31 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n0JEuVZv081219
	for <perforce@freebsd.org>; Mon, 19 Jan 2009 14:56:31 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n0JEuVHc081217
	for perforce@freebsd.org; Mon, 19 Jan 2009 14:56:31 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 19 Jan 2009 14:56:31 GMT
Message-Id: <200901191456.n0JEuVHc081217@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 156386 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jan 2009 14:56:34 -0000

http://perforce.freebsd.org/chv.cgi?CH=156386

Change 156386 by rwatson@rwatson_freebsd_capabilities on 2009/01/19 14:55:40

	Add kf_cap_rights to struct kinfo_filedesc, although need to
	check alignment.  Add utility function cap_rights(), which the
	filedesc sysctl will use to export capability rights.
	
	Add utility function procdesc_pid(), which the filedesc sysctl
	will now use to export capability rights, instead of reaching
	inside struct procdesc.
	
	Rename fp to fp_procdesc for procdesc_new to make it clear what
	the file pointer is for in the prototype.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#15 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#21 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_procdesc.c#9 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#21 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/procdesc.h#4 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/user.h#10 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#15 (text+ko) ====

@@ -2980,11 +2980,12 @@
 
 		case DTYPE_CAPABILITY:
 			kif->kf_type = KF_TYPE_CAPABILITY;
+			kif->kf_cap_rights = cap_rights(fp);
 			break;
 
 		case DTYPE_PROCDESC:
 			kif->kf_type = KF_TYPE_PROCDESC;
-			kif->kf_pid = ((struct procdesc *)fp->f_data)->pd_pid;
+			kif->kf_pid = procdesc_pid(fp);
 			break;
 
 		default:

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#21 (text+ko) ====

@@ -50,7 +50,7 @@
 #include "opt_capabilities.h"
 
 #include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#20 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#21 $");
 
 #include <sys/param.h>
 #include <sys/capability.h>
@@ -184,6 +184,23 @@
 }
 
 /*
+ * Extract rights from a capability for monitoring purposes -- not for use in
+ * any other way, as we want to keep all capability permission evaluation in
+ * this one file.
+ */
+cap_rights_t
+cap_rights(struct file *fp_cap)
+{
+	struct capability *c;
+
+	KASSERT(fp_cap->f_type == DTYPE_CAPABILITY,
+	    ("cap_rights: !capability"));
+
+	c = fp_cap->f_data;
+	return (c->cap_rights);
+}
+
+/*
  * System call to enter capability mode for the process.
  */
 int

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_procdesc.c#9 (text+ko) ====

@@ -170,6 +170,22 @@
 }
 
 /*
+ * Function to be used by procstat(1) sysctls when returning procdesc
+ * information.
+ */
+pid_t
+procdesc_pid(struct file *fp_procdesc)
+{
+	struct procdesc *pd;
+
+	KASSERT(fp_procdesc->f_type == DTYPE_PROCDESC,
+	   ("procdesc_pid: !procdesc"));
+
+	pd = fp_procdesc->f_data;
+	return (pd->pd_pid);
+}
+
+/*
  * System call to return the pid of a process given its process descriptor.
  */
 int
@@ -203,7 +219,7 @@
  * point, so procdesc_new() must succeed.
  */
 void
-procdesc_new(struct proc *p, struct file *fp)
+procdesc_new(struct proc *p, struct file *fp_procdesc)
 {
 	struct procdesc *pd;
 
@@ -220,7 +236,8 @@
 	refcount_init(&pd->pd_refcount, 2);
 
 	/* XXXRW: Why these flags? */
-	finit(fp, FREAD | FWRITE, DTYPE_PROCDESC, pd, &procdesc_ops);
+	finit(fp_procdesc, FREAD | FWRITE, DTYPE_PROCDESC, pd,
+	    &procdesc_ops);
 }
 
 static void

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#21 (text+ko) ====

@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#20 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#21 $
  */
 
 /*
@@ -143,6 +143,14 @@
 int	cap_fextract(struct file *fp_cap, cap_rights_t rights,
 	    struct file **fpp);
 
+/*
+ * For the purposes of procstat(1) and similar tools, allow kern_descrip.c to
+ * extract the rights from a capability.  However, this should not be used by
+ * kernel code generally, instead cap_fextract() should be used in order to
+ * keep all access control in one place.
+ */
+cap_rights_t	cap_rights(struct file *fp_cap);
+
 #else /* !_KERNEL */
 
 /*

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/procdesc.h#4 (text+ko) ====

@@ -95,8 +95,9 @@
 int	 procdesc_exit(struct proc *p);
 int	 procdesc_find(struct thread *td, int fd, cap_rights_t rights,
 	    struct proc **p);
-void	 procdesc_new(struct proc *p, struct file *fp);
-void	procdesc_reap(struct proc *p);
+void	 procdesc_new(struct proc *p, struct file *fp_procdesc);
+pid_t	 procdesc_pid(struct file *fp_procdesc);
+void	 procdesc_reap(struct proc *p);
 
 #else /* !_KERNEL */
 

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/user.h#10 (text+ko) ====

@@ -327,7 +327,8 @@
 	struct sockaddr_storage kf_sa_local;	/* Socket address. */
 	struct sockaddr_storage	kf_sa_peer;	/* Peer address. */
 	pid_t	kf_pid;				/* Process identifier. */
-	int	_kf_ispare[15];			/* Space for more stuff. */
+	cap_rights_t	kf_cap_rights;		/* Capabiity rights. */
+	int	_kf_ispare[13];			/* Space for more stuff. */
 	/* Truncated before copyout in sysctl */
 	char	kf_path[PATH_MAX];		/* Path to file, if any. */
 };