Add a way to restrict permissions on cap duplication.
This commit is contained in:
Drew Galbraith
parent
7dd10a3e53
commit
f31652b981
10 changed files with 15 additions and 15 deletions
|
|
@ -31,8 +31,7 @@ void DenaliServerBaseThreadBootstrap(void* server_base) {
|
|||
|
||||
glcr::ErrorOr<DenaliClient> DenaliServerBase::CreateClient() {
|
||||
uint64_t client_cap;
|
||||
// FIXME: Restrict permissions to send-only here.
|
||||
RET_ERR(ZCapDuplicate(endpoint_, &client_cap));
|
||||
RET_ERR(ZCapDuplicate(endpoint_, ~(kZionPerm_Read), &client_cap));
|
||||
return DenaliClient(client_cap);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,8 +31,7 @@ void VFSServerBaseThreadBootstrap(void* server_base) {
|
|||
|
||||
glcr::ErrorOr<VFSClient> VFSServerBase::CreateClient() {
|
||||
uint64_t client_cap;
|
||||
// FIXME: Restrict permissions to send-only here.
|
||||
RET_ERR(ZCapDuplicate(endpoint_, &client_cap));
|
||||
RET_ERR(ZCapDuplicate(endpoint_, ~(kZionPerm_Read), &client_cap));
|
||||
return VFSClient(client_cap);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,8 +31,7 @@ void YellowstoneServerBaseThreadBootstrap(void* server_base) {
|
|||
|
||||
glcr::ErrorOr<YellowstoneClient> YellowstoneServerBase::CreateClient() {
|
||||
uint64_t client_cap;
|
||||
// FIXME: Restrict permissions to send-only here.
|
||||
RET_ERR(ZCapDuplicate(endpoint_, &client_cap));
|
||||
RET_ERR(ZCapDuplicate(endpoint_, ~(kZionPerm_Read), &client_cap));
|
||||
return YellowstoneClient(client_cap);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ glcr::ErrorCode YellowstoneServer::HandleGetAhciInfo(const Empty&,
|
|||
glcr::ErrorCode YellowstoneServer::HandleGetDenali(const Empty&,
|
||||
DenaliInfo& info) {
|
||||
z_cap_t new_denali;
|
||||
check(ZCapDuplicate(denali_cap_, &new_denali));
|
||||
check(ZCapDuplicate(denali_cap_, kZionPerm_All, &new_denali));
|
||||
info.set_denali_endpoint(new_denali);
|
||||
info.set_device_id(device_id_);
|
||||
info.set_lba_offset(lba_offset_);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue