drew/acadia
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

[zion] Begin requiring capability transmit permission.

Browse source 
As a first pass require the permission when passing a capability to a
new process.
This commit is contained in:
Drew Galbraith 2023-08-01 18:37:17 -07:00
parent f0a27d30be
commit 4e9ad6a516
3 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
zion/syscall/process.cpp
View file

@ -26,12 +26,15 @@ z_err_t ProcessSpawn(ZProcessSpawnReq* req) {
*req->new_vmas_cap = curr_proc.AddNewCapability(proc->vmas());
if (req->bootstrap_cap != 0) {
auto cap = curr_proc.ReleaseCapability(req->bootstrap_cap);
auto cap = curr_proc.GetCapability(req->bootstrap_cap);
if (!cap) {
return glcr::CAP_NOT_FOUND;
}
// FIXME: Check permissions.
*req->new_bootstrap_cap = proc->AddExistingCapability(cap);
if (!(cap->HasPermissions(kZionPerm_Transmit))) {
return glcr::CAP_PERMISSION_DENIED;
}
*req->new_bootstrap_cap = proc->AddExistingCapability(
curr_proc.ReleaseCapability(req->bootstrap_cap));
}
return glcr::OK;