diff --git a/zion/object/channel.h b/zion/object/channel.h index f3cfdbb..2990091 100644 --- a/zion/object/channel.h +++ b/zion/object/channel.h @@ -22,7 +22,7 @@ class Channel : public IpcObject { public: uint64_t TypeTag() override { return KernelObject::CHANNEL; } static uint64_t DefaultPermissions() { - return kZionPerm_Read | kZionPerm_Write; + return kZionPerm_Read | kZionPerm_Write | kZionPerm_Duplicate; } static glcr::Pair, glcr::RefPtr> diff --git a/zion/object/endpoint.h b/zion/object/endpoint.h index f5c465c..ab357f8 100644 --- a/zion/object/endpoint.h +++ b/zion/object/endpoint.h @@ -21,7 +21,7 @@ class Endpoint : public IpcObject { public: uint64_t TypeTag() override { return KernelObject::ENDPOINT; } static uint64_t DefaultPermissions() { - return kZionPerm_Read | kZionPerm_Write; + return kZionPerm_Read | kZionPerm_Write | kZionPerm_Duplicate; } static glcr::RefPtr Create(); diff --git a/zion/object/memory_object.h b/zion/object/memory_object.h index 590c3f4..03dcb48 100644 --- a/zion/object/memory_object.h +++ b/zion/object/memory_object.h @@ -23,7 +23,7 @@ class MemoryObject : public KernelObject { public: uint64_t TypeTag() override { return KernelObject::MEMORY_OBJECT; } static uint64_t DefaultPermissions() { - return kZionPerm_Write | kZionPerm_Read; + return kZionPerm_Write | kZionPerm_Read | kZionPerm_Duplicate; } MemoryObject(uint64_t size); diff --git a/zion/object/port.h b/zion/object/port.h index 01a501a..3b3ee80 100644 --- a/zion/object/port.h +++ b/zion/object/port.h @@ -22,7 +22,7 @@ class Port : public IpcObject { public: uint64_t TypeTag() override { return KernelObject::PORT; } static uint64_t DefaultPermissions() { - return kZionPerm_Write | kZionPerm_Read; + return kZionPerm_Write | kZionPerm_Read | kZionPerm_Duplicate; } Port() = default; diff --git a/zion/object/process.h b/zion/object/process.h index 3ec2fa7..eb273f1 100644 --- a/zion/object/process.h +++ b/zion/object/process.h @@ -24,7 +24,7 @@ class Process : public KernelObject { uint64_t TypeTag() override { return KernelObject::PROCESS; } static uint64_t DefaultPermissions() { return kZionPerm_Write | kZionPerm_Read | kZionPerm_SpawnThread | - kZionPerm_SpawnProcess; + kZionPerm_SpawnProcess | kZionPerm_Duplicate; } enum State { diff --git a/zion/syscall/capability.cpp b/zion/syscall/capability.cpp index 7634fdf..b386fcb 100644 --- a/zion/syscall/capability.cpp +++ b/zion/syscall/capability.cpp @@ -10,6 +10,9 @@ z_err_t CapDuplicate(ZCapDuplicateReq* req) { if (!cap) { return glcr::CAP_NOT_FOUND; } + if (!(cap->permissions() & kZionPerm_Duplicate)) { + return glcr::CAP_PERMISSION_DENIED; + } *req->cap_out = proc.AddExistingCapability(cap); return glcr::OK; } diff --git a/zion/syscall/memory_object.cpp b/zion/syscall/memory_object.cpp index 5d78ad3..ac602cb 100644 --- a/zion/syscall/memory_object.cpp +++ b/zion/syscall/memory_object.cpp @@ -34,7 +34,7 @@ z_err_t MemoryObjectDuplicate(ZMemoryObjectDuplicateReq* req) { auto& curr_proc = gScheduler->CurrentProcess(); auto vmmo_cap = curr_proc.GetCapability(req->vmmo_cap); // FIXME: Check a duplication permission here. - RET_ERR(ValidateCapability(vmmo_cap, kZionPerm_Write)); + RET_ERR(ValidateCapability(vmmo_cap, kZionPerm_Duplicate)); ASSIGN_OR_RETURN( glcr::RefPtr new_vmmo,