ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-01-02 20:16:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
de69ee2e66
genode/base-linux/include/base/local_interface.h
Norman Feske f33c7c73bd Delegate access to entrypoints via SCM rights 
This patch eliminates the thread ID portion of the 'Native_capability'
type. The access to entrypoints is now exclusively handled by passing
socket descripts over Unix domain sockets and by inheriting the socket
descriptor of the parent entrypoint at process-creation time.

Each entrypoint creates a socket pair. The server-side socket is bound
to a unique name defined by the server. The client-side socket is then
connected to the same name. Whereas the server-side socket is meant to
be exclusively used by the server to wait for incoming requests, the
client-side socket can be delegated to other processes as payload of RPC
messages (via SCM rights). Anyone who receives a capability over RPC
receives the client-side socket of the entrypoint to which the
capability refers. Given this socket descriptor, the unique name (as
defined by the server) can be requested using 'getpeername'. Using this
name, it is possible to compare socket descriptors, which is important
to avoid duplicates from polluting the limited socket-descriptor name
space.

Wheras this patch introduces capability-based delegation of access
rights to entrypoints, it does not cover the protection of the integrity
of RPC objects. RPC objects are still referenced by a global ID passed
as normal message payload.
2012-11-05 17:31:04 +01:00

91 lines
2.5 KiB
C++
Raw Blame History

/*
* \brief Support for process-local pseudo capabilities
* \author Norman Feske
* \date 2011-11-21
*
* Pseudo capabilities have a zero 'tid' and a non-zero 'local_name'. The local
* name is a pointer to the local object implementing the interface. Pseudo
* capabilties are valid only as arguments for local services that are prepared
* for it. I.e., the locally implemented RM service accepts pseudo dataspace
* capabilities that refer to managed dataspaces. Or the Linux-specific
* 'Rm_session_client' takes a pseudo capability to target RM-session
* invokations to the local implementation.
*
* Please note that this header file is not part of the official Genode API.
* It exists on no other platform than Linux and is meant for Genode-internal
* use only.
*/
/*
* Copyright (C) 2011-2012 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU General Public License version 2.
*/
#ifndef _INCLUDE__BASE__LOCAL_INTERFACE_H_
#define _INCLUDE__BASE__LOCAL_INTERFACE_H_
#include <base/capability.h>
#include <base/printf.h>
namespace Genode {
/**
* Common base class of local interface implementations
*/
struct Local_interface
{
virtual ~Local_interface() { }
/**
* Exception type
*/
class Non_local_capability { };
/**
* Convert pseudo capability to pointer to locally implemented session
*
* \param IF interface type
* \param cap pseudo capability
*
* \throw Non_local_capability if the argument does not refer to a
* locally implemented interface
*/
template <typename IF>
static IF *deref(Capability<IF> cap)
{
/* check if this is a pseudo capability */
if (cap.dst().socket != -1 || !cap.local_name())
throw Non_local_capability();
/*
* For a pseudo capability, the 'local_name' points to the local
* session object of the correct type.
*/
IF *interface = dynamic_cast<IF *>((Local_interface *)cap.local_name());
if (!interface)
throw Non_local_capability();
return interface;
}
/**
* Construct pseudo capability to process-local interface implementation
*
* \param IF interface type
* \param interface pointer to local interface implementation
* \return pseudo capability
*
*/
template <typename IF>
static Capability<IF> capability(IF *interface)
{
typedef Native_capability::Dst Dst;
return reinterpret_cap_cast<IF>(Native_capability(Dst(), (long)interface));
};
};
}
#endif /* _INCLUDE__BASE__LOCAL_INTERFACE_H_ */
Reference in New Issue View Git Blame Copy Permalink