Date: Mon, 18 Apr 2005 16:52:38 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 75501 for review Message-ID: <200504181652.j3IGqctg012572@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=75501 Change 75501 by areisse@areisse_ibook on 2005/04/18 16:51:36 Support for reading the access control vector (mac_check_ipc_methods) from the message trailer. The bit corresponding to the current routine is extracted from the vector and supplied to the server implementation. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#2 (text+ko) ==== @@ -141,6 +141,7 @@ <Normal>[Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss] RETURN(syMsgLabels); <Normal>[Ss][Ee][Rr][Vv][Ee][Rr][Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss] RETURN(syServerMsgLabels); <Normal>[Uu][Ss][Ee][Rr][Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss] RETURN(syUserMsgLabels); +<Normal>[Aa][Cc][Cc][Ee][Ss][Ss][Ff][Ll][Aa][Gg] RETURN(syServerAccessFlag); <Normal>[Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn] RETURN(syAuditToken); <Normal>[Ss][Ee][Rr][Vv][Ee][Rr][Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn] RETURN(syServerAuditToken); <Normal>[Uu][Ss][Ee][Rr][Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn] RETURN(syUserAuditToken); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#2 (text+ko) ==== @@ -107,6 +107,7 @@ %token syMsgLabels %token syUserMsgLabels %token syServerMsgLabels +%token syServerAccessFlag %token syAuditToken %token syUserAuditToken %token syServerAuditToken @@ -691,6 +692,7 @@ | syMsgLabels { $$ = akMsgLabels; } | syServerMsgLabels { $$ = akServerMsgLabels; } | syUserMsgLabels { $$ = akUserMsgLabels; } + | syServerAccessFlag { $$ = akServerAccessFlag; } | syAuditToken { $$ = akAuditToken; } | syServerAuditToken { $$ = akServerAuditToken; } | syUserAuditToken { $$ = akUserAuditToken; } ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#2 (text+ko) ==== @@ -220,6 +220,9 @@ case akeMsgLabels: printf("MsgLabels\t"); break; + case akeAccessFlag: + printf("AccessFlag\t"); + break; case akeAuditToken: printf("AuditToken\t"); break; @@ -1212,6 +1215,9 @@ if (akIdent(arg->argKind) == akeMsgLabels) itCheckMsgLabelsType(arg->argVarName, arg->argType); + if (akIdent(arg->argKind) == akeAccessFlag) + itCheckIntType(arg->argVarName, arg->argType); + if (akIdent(arg->argKind) == akeMsgSeqno) itCheckIntType(arg->argVarName, arg->argType); /* @@ -1489,6 +1495,7 @@ boolean_t sectoken = FALSE; boolean_t audittoken = FALSE; boolean_t msglabels = FALSE; + boolean_t msgav = FALSE; for (arg = rt->rtArgs; arg != argNULL; arg = arg->argNext) if (akCheckAll(arg->argKind, akbReturn|akbUserImplicit)) { @@ -1498,8 +1505,14 @@ audittoken = TRUE; else if (akIdent(arg->argKind) == akeMsgLabels) msglabels = TRUE; + else if (akIdent(arg->argKind) == akeAccessFlag) + msgav = TRUE; } + if (msgav == TRUE) + msgop->argVarName = strconcat(msgop->argVarName, + "|MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AV)"); + if (msglabels == TRUE) msgop->argVarName = strconcat(msgop->argVarName, "|MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_LABELS)"); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#2 (text+ko) ==== @@ -78,7 +78,8 @@ #define akeSecToken (17) /* an argument from the trailer: the security token */ #define akeAuditToken (18) /* an argument from the trailer: the audit token */ #define akeMsgLabels (19) /* an argument from the trailer: message labels */ -#define akeSendTime (20) /* pointed at by rtWaitTime */ +#define akeAccessFlag (20) /* the bit for this routine from the access vector in the trailer */ +#define akeSendTime (21) /* pointed at by rtWaitTime */ #define akeBITS (0x0000003f) #define akbRequest (0x00000040) /* has a msg_type in request */ @@ -245,6 +246,8 @@ #define akMsgLabels akAddFeature(akeMsgLabels, \ akbServerArg|akbServerImplicit|akbSend|akbSendRcv| \ akbUserArg|akbUserImplicit|akbReturn|akbReturnRcv) +#define akServerAccessFlag akAddFeature(akeAccessFlag, \ + akbServerArg|akbServerImplicit|akbSend|akbSendRcv) #define akServerAuditToken akAddFeature(akeAuditToken, \ akbServerArg|akbServerImplicit|akbSend|akbSendRcv) ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#2 (text+ko) ==== @@ -1042,6 +1042,17 @@ char who[20] = {0}; /* + * Get the access control decision for this routine from the + * vector supplied in the trailer. + */ + if (akIdent(arg->argKind) == akeAccessFlag) { + unsigned int ave = arg->argRoutine->rtNumber; + sprintf(buffer, "(0 != (TrailerP->msgh_av.av[%d] & %d))", + ave >> 5, 1 << (ave & 0x1f)); + return buffer; + } + + /* * Inside the kernel, the request and reply port fields * really hold ipc_port_t values, not mach_port_t values. * Hence we must cast the values.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504181652.j3IGqctg012572>