drew/acadia
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

Add a way to restrict permissions on cap duplication.

Browse source
This commit is contained in:
Drew Galbraith 2023-11-02 22:12:55 -07:00
parent 7dd10a3e53
commit f31652b981
10 changed files with 15 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

4
zion/syscall/capability.cpp
View file

@ -13,6 +13,8 @@ z_err_t CapDuplicate(ZCapDuplicateReq* req) {
if (!(cap->permissions() & kZionPerm_Duplicate)) {
return glcr::CAP_PERMISSION_DENIED;
}
*req->cap_out = proc.AddExistingCapability(cap);
*req->cap_out = proc.AddNewCapability(cap->raw_obj(),
cap->permissions() & req->perm_mask);
return glcr::OK;
}