Date: Fri, 29 Apr 2005 14:48:13 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 76200 for review Message-ID: <200504291448.j3TEmDsh057689@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=76200 Change 76200 by areisse@areisse_ibook on 2005/04/29 14:48:09 Enable access checks on all bootstrap namespace methods. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.defs#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/Makefile#3 (text+ko) ==== @@ -33,7 +33,6 @@ DEBUG_LIBS = $(LIBS) PROF_LIBS = $(LIBS) - NEXTSTEP_PB_CFLAGS = -DMACH_USER_API WINDOWS_PB_CFLAGS = -DMACH_USER_API PDO_UNIX_PB_CFLAGS = -DMACH_USER_API @@ -57,3 +56,5 @@ -include Makefile.postamble -include Makefile.dependencies + +include ../../build/Mig.mk ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.c#3 (text+ko) ==== @@ -975,6 +975,7 @@ service_t *servicep; server_t *serverp; kern_return_t result; + mach_msg_mac_trailer_t *trailer = (mach_msg_mac_trailer_t *) (((char*)Request)+Request->msgh_size); mig_reply_error_t *reply; debug("received message on port %x\n", Request->msgh_local_port); @@ -1156,8 +1157,11 @@ else { /* must be a service request */ debug("Handled request."); - return bootstrap_server(Request, Reply); + boolean_t result = bootstrap_server(Request, Reply); + //mach_port_destroy(mach_task_self(), trailer->msgh_labels.sender); + return result; } + //mach_port_destroy(mach_task_self(), trailer->msgh_labels.sender); return TRUE; } @@ -1179,6 +1183,7 @@ bootstrapMaxRequestSize, bootstrap_port_set, MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_SENDER)| + MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AV)| MACH_RCV_TRAILER_TYPE(MACH_MSG_TRAILER_FORMAT_0)); if (mresult != MACH_MSG_SUCCESS) kern_error(mresult, "mach_msg_server"); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.defs#2 (text+ko) ==== @@ -135,7 +135,7 @@ * Errors: Returns appropriate kernel errors on rpc failure. * Returns BOOTSTRAP_NOT_PRIVILEGED, bootstrap or uid invalid. */ -routine bootstrap_create_server( +routine bootstrap_create_server checkaccess( bootstrap_port : mach_port_t; server_cmd : cmd_t; server_uid : integer_t; @@ -158,7 +158,7 @@ * children (or any offspring that it does not want to count as part * of the "server" for mach_init registration and re-launch purposes). */ -routine bootstrap_unprivileged( +routine bootstrap_unprivileged checkaccess ( bootstrap_port : mach_port_t; out unpriv_port : mach_port_t); @@ -183,7 +183,7 @@ * Returns BOOTSTRAP_SERVICE_ACTIVE, if service has already been * registered or checked-in. */ -routine bootstrap_check_in( +routine bootstrap_check_in checkaccess( bootstrap_port : mach_port_t; service_name : name_t; out service_port : mach_port_move_receive_t); @@ -210,7 +210,7 @@ * Returns BOOTSTRAP_NAME_IN_USE, if service has already been * register or checked-in. */ -routine bootstrap_register( +routine bootstrap_register checkaccess( bootstrap_port : mach_port_t; service_name : name_t; service_port : mach_port_t); @@ -228,7 +228,7 @@ * Errors: Returns appropriate kernel errors on rpc failure. * Returns BOOTSTRAP_UNKNOWN_SERVICE, if service does not exist. */ -routine bootstrap_look_up( +routine bootstrap_look_up checkaccess( bootstrap_port : mach_port_t; service_name : name_t; out service_port : mach_port_t); @@ -255,7 +255,7 @@ * If all services are known, all_services_known is true on * return, if any service is unknown, it's false. */ -routine bootstrap_look_up_array( +routine bootstrap_look_up_array checkaccess( bootstrap_port : mach_port_t; service_names : name_array_t; out service_ports : mach_port_array_t; @@ -275,7 +275,7 @@ * with an effective user id of root (as determined by the security * token in the message trailer). */ -routine bootstrap_parent( +routine bootstrap_parent checkaccess( bootstrap_port : mach_port_t; ServerSecToken token : security_token_t; out parent_port : mach_port_make_send_t); @@ -292,7 +292,7 @@ * Errors: Returns appropriate kernel errors on rpc failure. * Returns BOOTSTRAP_UNKNOWN_SERVICE, if service does not exist. */ -routine bootstrap_status( +routine bootstrap_status checkaccess( bootstrap_port : mach_port_t; service_name : name_t; out service_active : bootstrap_status_t); @@ -309,7 +309,7 @@ * * Errors: Returns appropriate kernel errors on rpc failure. */ -routine bootstrap_info( +routine bootstrap_info checkaccess( bootstrap_port : mach_port_t; out service_names : name_array_t, dealloc; out server_names : name_array_t, dealloc; @@ -335,7 +335,7 @@ * * Errors: Returns appropriate kernel errors on rpc failure. */ -routine bootstrap_subset( +routine bootstrap_subset checkaccess( bootstrap_port : mach_port_t; requestor_port : mach_port_t; out subset_port : mach_port_t); @@ -353,7 +353,7 @@ * Errors: Returns appropriate kernel errors on rpc failure. * Returns BOOTSTRAP_SERVICE_ACTIVE, if service already exists. */ -routine bootstrap_create_service( +routine bootstrap_create_service checkaccess( bootstrap_port : mach_port_t; service_name : name_t; out service_port : mach_port_t);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504291448.j3TEmDsh057689>