drew/acadia
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

[zion] Enfore Duplication permissions on capabilities.

Browse source
This commit is contained in:
Drew Galbraith 2023-08-01 18:30:24 -07:00
parent 1364fbed9f
commit f0a27d30be
7 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
zion/syscall/capability.cpp
View file

@ -10,6 +10,9 @@ z_err_t CapDuplicate(ZCapDuplicateReq* req) {
if (!cap) {
return glcr::CAP_NOT_FOUND;
}
if (!(cap->permissions() & kZionPerm_Duplicate)) {
return glcr::CAP_PERMISSION_DENIED;
}
*req->cap_out = proc.AddExistingCapability(cap);
return glcr::OK;
}

2
zion/syscall/memory_object.cpp
View file

@ -34,7 +34,7 @@ z_err_t MemoryObjectDuplicate(ZMemoryObjectDuplicateReq* req) {
auto& curr_proc = gScheduler->CurrentProcess();
auto vmmo_cap = curr_proc.GetCapability(req->vmmo_cap);
// FIXME: Check a duplication permission here.
RET_ERR(ValidateCapability<MemoryObject>(vmmo_cap, kZionPerm_Write));
RET_ERR(ValidateCapability<MemoryObject>(vmmo_cap, kZionPerm_Duplicate));
ASSIGN_OR_RETURN(
glcr::RefPtr<MemoryObject> new_vmmo,