ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-02-21 10:01:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

nova: fix usage of portal permission

Browse Source 
The commit
- fixes the syscall bindings for using portal permissions
- revokes PT_CTRL permission after pager in core set local badge name
- revokes PT_CTRL permission after server entrypoint code set local badge name

Fixes #1335
This commit is contained in:
Alexander Boettcher 2015-01-05 22:09:51 +01:00 committed by Christian Helmuth
parent 2cd902f09f
commit 1d920fa1b5
4 changed files with 44 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
repos/base-nova/include/cap_session/client.h
View File

@ -6,7 +6,7 @@
*/ */
/* /*
* Copyright (C) 2006-2013 Genode Labs GmbH * Copyright (C) 2006-2015 Genode Labs GmbH
* *
* This file is part of the Genode OS framework, which is distributed * This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU General Public License version 2. * under the terms of the GNU General Public License version 2.
@ -29,17 +29,7 @@ namespace Genode {
Native_capability alloc(Native_capability ep, addr_t entry = 0, Native_capability alloc(Native_capability ep, addr_t entry = 0,
addr_t flags = 0) addr_t flags = 0)
{ {
Native_capability cap = call<Rpc_alloc>(ep, entry, flags); return call<Rpc_alloc>(ep, entry, flags);
using namespace Nova;
/* set our local name */
if (NOVA_OK != pt_ctrl(cap.local_name(), cap.local_name()))
nova_die();
/* disable the feature for security reasons now */
revoke(Obj_crd(cap.local_name(), 0, Obj_crd::RIGHT_PT_CTRL));
return cap;
} }
void free(Native_capability cap) { call<Rpc_free>(cap); } void free(Native_capability cap) { call<Rpc_free>(cap); }

4
repos/base-nova/include/nova/syscall-generic.h
View File

@ -362,8 +362,8 @@ namespace Nova {
enum { enum {
RIGHT_EC_RECALL = 0x1U, RIGHT_EC_RECALL = 0x1U,
RIGHT_PT_CALL = 0x1U, RIGHT_PT_CALL = 0x2U,
RIGHT_PT_CTRL = 0x2U, RIGHT_PT_CTRL = 0x1U,
RIGHT_SM_UP = 0x1U, RIGHT_SM_UP = 0x1U,
RIGHT_SM_DOWN = 0x2U RIGHT_SM_DOWN = 0x2U
}; };

5
repos/base-nova/src/base/pager/pager.cc
View File

@ -7,7 +7,7 @@
*/ */
/* /*
* Copyright (C) 2010-2013 Genode Labs GmbH * Copyright (C) 2010-2015 Genode Labs GmbH
* *
* This file is part of the Genode OS framework, which is distributed * This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU General Public License version 2. * under the terms of the GNU General Public License version 2.
@ -466,6 +466,9 @@ Pager_capability Pager_entrypoint::manage(Pager_object *obj)
Native_capability cap_session = Native_capability cap_session =
_cap_session->alloc(pager_thread_cap, obj->handler_address()); _cap_session->alloc(pager_thread_cap, obj->handler_address());
/* disable PT_CTRL feature */
revoke(Obj_crd(cap_session.local_name(), 0, Obj_crd::RIGHT_PT_CTRL));
/* add server object to object pool */ /* add server object to object pool */
obj->Object_pool<Pager_object>::Entry::cap(cap_session); obj->Object_pool<Pager_object>::Entry::cap(cap_session);
insert(obj); insert(obj);

44
repos/base-nova/src/base/server/server.cc
View File

@ -7,7 +7,7 @@
*/ */
/* /*
* Copyright (C) 2010-2013 Genode Labs GmbH * Copyright (C) 2010-2015 Genode Labs GmbH
* *
* This file is part of the Genode OS framework, which is distributed * This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU General Public License version 2. * under the terms of the GNU General Public License version 2.
@ -25,6 +25,32 @@
using namespace Genode; using namespace Genode;
static Untyped_capability create_portal(Cap_session * cap_session,
Untyped_capability ec_cap,
addr_t entry)
{
Untyped_capability obj_cap;
obj_cap = cap_session->alloc(ec_cap, entry);
if (!obj_cap.valid())
return obj_cap;
using namespace Nova;
/* set local badge */
if (pt_ctrl(obj_cap.local_name(), obj_cap.local_name()) != NOVA_OK) {
cap_session->free(obj_cap);
return Untyped_capability();
}
/* disable PT_CTRL permission - feature for security reasons now */
revoke(Obj_crd(obj_cap.local_name(), 0, Obj_crd::RIGHT_PT_CTRL));
return obj_cap;
}
/*********************** /***********************
** Server entrypoint ** ** Server entrypoint **
***********************/ ***********************/
@ -33,7 +59,7 @@ Untyped_capability Rpc_entrypoint::_manage(Rpc_object_base *obj)
{ {
using namespace Nova; using namespace Nova;
Untyped_capability ec_cap, ep_cap; Untyped_capability ec_cap, obj_cap;
/* _ec_sel is invalid until thread gets started */ /* _ec_sel is invalid until thread gets started */
if (tid().ec_sel != Native_thread::INVALID_INDEX) if (tid().ec_sel != Native_thread::INVALID_INDEX)
@ -41,14 +67,16 @@ Untyped_capability Rpc_entrypoint::_manage(Rpc_object_base *obj)
else else
ec_cap = _thread_cap; ec_cap = _thread_cap;
ep_cap = _cap_session->alloc(ec_cap, (addr_t)_activation_entry); obj_cap = create_portal(_cap_session, ec_cap, (addr_t)_activation_entry);
if (!obj_cap.valid())
return obj_cap;
/* add server object to object pool */ /* add server object to object pool */
obj->cap(ep_cap); obj->cap(obj_cap);
insert(obj); insert(obj);
/* return entrypoint capability */ /* return object capability managed by entrypoint thread */
return ep_cap; return obj_cap;
} }
@ -218,8 +246,8 @@ Rpc_entrypoint::Rpc_entrypoint(Cap_session *cap_session, size_t stack_size,
Thread_base::start(); Thread_base::start();
/* create cleanup portal */ /* create cleanup portal */
_cap = _cap_session->alloc(Native_capability(_tid.ec_sel), _cap = create_portal(cap_session, Native_capability(_tid.ec_sel),
(addr_t)_activation_entry); (addr_t)_activation_entry);
if (!_cap.valid()) if (!_cap.valid())
throw Cpu_session::Thread_creation_failed(); throw Cpu_session::Thread_creation_failed();