From owner-p4-projects@FreeBSD.ORG Mon Apr 18 16:52:40 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A9ED416A4D0; Mon, 18 Apr 2005 16:52:39 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E0B016A4CE for ; Mon, 18 Apr 2005 16:52:39 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3854643D45 for ; Mon, 18 Apr 2005 16:52:39 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3IGqdrM012575 for ; Mon, 18 Apr 2005 16:52:39 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3IGqctg012572 for perforce@freebsd.org; Mon, 18 Apr 2005 16:52:38 GMT (envelope-from areisse@nailabs.com) Date: Mon, 18 Apr 2005 16:52:38 GMT Message-Id: <200504181652.j3IGqctg012572@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 75501 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 16:52:40 -0000 http://perforce.freebsd.org/chv.cgi?CH=75501 Change 75501 by areisse@areisse_ibook on 2005/04/18 16:51:36 Support for reading the access control vector (mac_check_ipc_methods) from the message trailer. The bit corresponding to the current routine is extracted from the vector and supplied to the server implementation. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/lexxer.l#2 (text+ko) ==== @@ -141,6 +141,7 @@ [Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss] RETURN(syMsgLabels); [Ss][Ee][Rr][Vv][Ee][Rr][Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss] RETURN(syServerMsgLabels); [Uu][Ss][Ee][Rr][Mm][Ss][Gg][Ll][Aa][Bb][Ee][Ll][Ss] RETURN(syUserMsgLabels); +[Aa][Cc][Cc][Ee][Ss][Ss][Ff][Ll][Aa][Gg] RETURN(syServerAccessFlag); [Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn] RETURN(syAuditToken); [Ss][Ee][Rr][Vv][Ee][Rr][Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn] RETURN(syServerAuditToken); [Uu][Ss][Ee][Rr][Aa][Uu][Dd][Ii][Tt][Tt][Oo][Kk][Ee][Nn] RETURN(syUserAuditToken); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/parser.y#2 (text+ko) ==== @@ -107,6 +107,7 @@ %token syMsgLabels %token syUserMsgLabels %token syServerMsgLabels +%token syServerAccessFlag %token syAuditToken %token syUserAuditToken %token syServerAuditToken @@ -691,6 +692,7 @@ | syMsgLabels { $$ = akMsgLabels; } | syServerMsgLabels { $$ = akServerMsgLabels; } | syUserMsgLabels { $$ = akUserMsgLabels; } + | syServerAccessFlag { $$ = akServerAccessFlag; } | syAuditToken { $$ = akAuditToken; } | syServerAuditToken { $$ = akServerAuditToken; } | syUserAuditToken { $$ = akUserAuditToken; } ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.c#2 (text+ko) ==== @@ -220,6 +220,9 @@ case akeMsgLabels: printf("MsgLabels\t"); break; + case akeAccessFlag: + printf("AccessFlag\t"); + break; case akeAuditToken: printf("AuditToken\t"); break; @@ -1212,6 +1215,9 @@ if (akIdent(arg->argKind) == akeMsgLabels) itCheckMsgLabelsType(arg->argVarName, arg->argType); + if (akIdent(arg->argKind) == akeAccessFlag) + itCheckIntType(arg->argVarName, arg->argType); + if (akIdent(arg->argKind) == akeMsgSeqno) itCheckIntType(arg->argVarName, arg->argType); /* @@ -1489,6 +1495,7 @@ boolean_t sectoken = FALSE; boolean_t audittoken = FALSE; boolean_t msglabels = FALSE; + boolean_t msgav = FALSE; for (arg = rt->rtArgs; arg != argNULL; arg = arg->argNext) if (akCheckAll(arg->argKind, akbReturn|akbUserImplicit)) { @@ -1498,8 +1505,14 @@ audittoken = TRUE; else if (akIdent(arg->argKind) == akeMsgLabels) msglabels = TRUE; + else if (akIdent(arg->argKind) == akeAccessFlag) + msgav = TRUE; } + if (msgav == TRUE) + msgop->argVarName = strconcat(msgop->argVarName, + "|MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AV)"); + if (msglabels == TRUE) msgop->argVarName = strconcat(msgop->argVarName, "|MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_LABELS)"); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/routine.h#2 (text+ko) ==== @@ -78,7 +78,8 @@ #define akeSecToken (17) /* an argument from the trailer: the security token */ #define akeAuditToken (18) /* an argument from the trailer: the audit token */ #define akeMsgLabels (19) /* an argument from the trailer: message labels */ -#define akeSendTime (20) /* pointed at by rtWaitTime */ +#define akeAccessFlag (20) /* the bit for this routine from the access vector in the trailer */ +#define akeSendTime (21) /* pointed at by rtWaitTime */ #define akeBITS (0x0000003f) #define akbRequest (0x00000040) /* has a msg_type in request */ @@ -245,6 +246,8 @@ #define akMsgLabels akAddFeature(akeMsgLabels, \ akbServerArg|akbServerImplicit|akbSend|akbSendRcv| \ akbUserArg|akbUserImplicit|akbReturn|akbReturnRcv) +#define akServerAccessFlag akAddFeature(akeAccessFlag, \ + akbServerArg|akbServerImplicit|akbSend|akbSendRcv) #define akServerAuditToken akAddFeature(akeAuditToken, \ akbServerArg|akbServerImplicit|akbSend|akbSendRcv) ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/bootstrap_cmds/migcom.tproj/server.c#2 (text+ko) ==== @@ -1042,6 +1042,17 @@ char who[20] = {0}; /* + * Get the access control decision for this routine from the + * vector supplied in the trailer. + */ + if (akIdent(arg->argKind) == akeAccessFlag) { + unsigned int ave = arg->argRoutine->rtNumber; + sprintf(buffer, "(0 != (TrailerP->msgh_av.av[%d] & %d))", + ave >> 5, 1 << (ave & 0x1f)); + return buffer; + } + + /* * Inside the kernel, the request and reply port fields * really hold ipc_port_t values, not mach_port_t values. * Hence we must cast the values.