Add a way to restrict permissions on cap duplication.

2023-11-02 22:12:55 -07:00 · 2023-11-02 22:12:55 -07:00 · f31652b981
commit f31652b981
parent 7dd10a3e53
10 changed files with 15 additions and 15 deletions
--- a/zion/include/zcall.h
+++ b/zion/include/zcall.h
@ -55,7 +55,7 @@ SYS5(ReplyPortSend, z_cap_t, reply_port_cap, uint64_t, num_bytes, const void*,
 SYS5(ReplyPortRecv, z_cap_t, reply_port_cap, uint64_t*, num_bytes, void*, data,
     uint64_t*, num_caps, z_cap_t*, caps);

-SYS2(CapDuplicate, z_cap_t, cap_in, z_cap_t*, cap_out);
+SYS3(CapDuplicate, z_cap_t, cap_in, z_perm_t, perm_mask, z_cap_t*, cap_out);

 SYS1(MutexCreate, z_cap_t*, mutex_cap);
 SYS1(MutexLock, z_cap_t, mutex_cap);
--- a/zion/include/ztypes.h
+++ b/zion/include/ztypes.h
@ -67,6 +67,7 @@ const uint64_t kZionDebug = 0x1'0000;
 * ------------------------------*/

 typedef uint64_t z_cap_t;
+typedef uint64_t z_perm_t;

 const uint64_t kZionInvalidCapability = 0x0;

@ -87,6 +88,9 @@ const uint64_t kZionPerm_SpawnThread = 0x200;
 const uint64_t kZionPerm_Lock = 0x100;
 const uint64_t kZionPerm_Release = 0x200;

+const z_perm_t kZionPerm_None = 0;
+const z_perm_t kZionPerm_All = -1;
+
 /* ------------------------------
 * Process Init Types
 *
--- a/zion/syscall/capability.cpp
+++ b/zion/syscall/capability.cpp
@ -13,6 +13,8 @@ z_err_t CapDuplicate(ZCapDuplicateReq* req) {
  if (!(cap->permissions() & kZionPerm_Duplicate)) {
    return glcr::CAP_PERMISSION_DENIED;
  }
-  *req->cap_out = proc.AddExistingCapability(cap);
+
+  *req->cap_out = proc.AddNewCapability(cap->raw_obj(),
+                                        cap->permissions() & req->perm_mask);
  return glcr::OK;
 }