From owner-p4-projects@FreeBSD.ORG Mon Apr 25 14:39:28 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id AD3C116A4D0; Mon, 25 Apr 2005 14:39:27 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BD0B16A4CE for ; Mon, 25 Apr 2005 14:39:27 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 388C843D39 for ; Mon, 25 Apr 2005 14:39:27 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3PEdRxv002271 for ; Mon, 25 Apr 2005 14:39:27 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3PEdQ0n002268 for perforce@freebsd.org; Mon, 25 Apr 2005 14:39:26 GMT (envelope-from areisse@nailabs.com) Date: Mon, 25 Apr 2005 14:39:26 GMT Message-Id: <200504251439.j3PEdQ0n002268@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 75946 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2005 14:39:28 -0000 http://perforce.freebsd.org/chv.cgi?CH=75946 Change 75946 by areisse@areisse_ibook on 2005/04/25 14:38:32 Support for automatic enforcement of protections (as specified in a msgh_av trailer) in the server stubs. To use this feature, put "checkaccess" between the routine name and argument list. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#3 (text+ko) ==== @@ -125,6 +125,7 @@ [Rr][Oo][Uu][Tt][Ii][Nn][Ee] RETURN(syRoutine); [Ss][Ii][Mm][Pp][Ll][Ee][Rr][Oo][Uu][Tt][Ii][Nn][Ee] RETURN(sySimpleRoutine); +[Cc][Hh][Ee][Cc][Kk][Aa][Cc][Cc][Ee][Ss][Ss] RETURN(syCheckAccess); [Ss][Uu][Bb][Ss][Yy][Ss][Tt][Ee][Mm] RETURN(sySubsystem); [Mm][Ss][Gg][Oo][Pp][Tt][Ii][Oo][Nn] RETURN(syMsgOption); [Mm][Ss][Gg][Ss][Ee][Qq][Nn][Oo] RETURN(syMsgSeqno); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#3 (text+ko) ==== @@ -50,6 +50,7 @@ %token sySkip %token syRoutine %token sySimpleRoutine +%token syCheckAccess %token sySubsystem %token syKernelUser @@ -154,6 +155,7 @@ %type Direction TrImplKeyword %type Argument Trailer Arguments ArgumentList %type IPCFlags +%type RoutineFlags %{ @@ -613,12 +615,18 @@ | SimpleRoutine { $$ = $1; } ; -Routine : syRoutine syIdentifier Arguments - { $$ = rtMakeRoutine($2, $3); } +Routine : syRoutine syIdentifier RoutineFlags Arguments + { $$ = rtMakeRoutine($2, $4, $3); } + ; + +SimpleRoutine : sySimpleRoutine syIdentifier RoutineFlags Arguments + { $$ = rtMakeSimpleRoutine($2, $4); } ; -SimpleRoutine : sySimpleRoutine syIdentifier Arguments - { $$ = rtMakeSimpleRoutine($2, $3); } +RoutineFlags : syCheckAccess + { $$ = 1; } + | + { $$ = 0; } ; Arguments : syLParen syRParen ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#3 (text+ko) ==== @@ -76,6 +76,7 @@ new->rtErrorName = strNULL; new->rtUserName = strNULL; new->rtServerName = strNULL; + new->rtCheckAccess = FALSE; return new; } @@ -135,15 +136,17 @@ } routine_t * -rtMakeRoutine(name, args) +rtMakeRoutine(name, args, flags) identifier_t name; argument_t *args; + int flags; { register routine_t *rt = rtAlloc(); rt->rtName = name; rt->rtKind = rkRoutine; rt->rtArgs = args; + rt->rtCheckAccess = flags; return rt; } @@ -1495,7 +1498,7 @@ boolean_t sectoken = FALSE; boolean_t audittoken = FALSE; boolean_t msglabels = FALSE; - boolean_t msgav = FALSE; + boolean_t msgav = rt->rtCheckAccess; for (arg = rt->rtArgs; arg != argNULL; arg = arg->argNext) if (akCheckAll(arg->argKind, akbReturn|akbUserImplicit)) { ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#3 (text+ko) ==== @@ -416,6 +416,7 @@ boolean_t rtSimpleRequest; boolean_t rtSimpleReply; + boolean_t rtCheckAccess; u_int rtNumRequestVar; /* number of variable/inline args in request */ u_int rtNumReplyVar; /* number of variable/inline args in reply */ ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#3 (text+ko) ==== @@ -1484,6 +1484,12 @@ ipc_type_t *it = arg->argType; boolean_t NeedClose = FALSE; + if (rt->rtCheckAccess) { + unsigned int ave = rt->rtNumber; + fprintf(file, "\tif (TrailerP->msgh_av.av[%d] & %d) {\n", + ave >> 5, 1 << (ave & 0x1f)); + } + fprintf(file, "\t"); if (akCheck(arg->argKind, akbVarNeeded)) fprintf(file, "%s = ", arg->argMsgField); @@ -1498,6 +1504,9 @@ if (NeedClose) fprintf(file, ")"); fprintf(file, ");\n"); + + if (rt->rtCheckAccess) + fprintf(file, "\t} else\n\t OutP->%s = KERN_NO_ACCESS;\n", arg->argMsgField); } static void