We use cookies to ensure you get the best experience on our website
Startsida Utforska Hjälp
Registrera dig Logga in
0ct0pu5
/
ladybird
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

Kernel: Move process pledge promises into protected data

Andreas Kling 4 år sedan
förälder
37ad880660
incheckning
de6c5128fd
4 ändrade filer med 31 tillägg och 31 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 6 13
      Kernel/Process.h
  2. 12 8
      Kernel/Syscalls/execve.cpp
  3. 4 4
      Kernel/Syscalls/fork.cpp
  4. 9 6
      Kernel/Syscalls/pledge.cpp

+ 6 - 13
Kernel/Process.h
Visa fil 

@@ -124,6 +124,10 @@ class Process
 
         gid_t sgid { 0 };
 
         gid_t sgid { 0 };
 
         Vector<gid_t> extra_gids;
 
         Vector<gid_t> extra_gids;
 
         bool dumpable { false };
 
         bool dumpable { false };
 
+        bool has_promises { false };
 
+        u32 promises { 0 };
 
+        bool has_execpromises { false };
 
+        u32 execpromises { 0 };
 
     };
 
     };
 
 
 
     // Helper class to temporarily unprotect a process's protected data so you can write to it.
 
     // Helper class to temporarily unprotect a process's protected data so you can write to it.
 
@@ -441,14 +445,8 @@ public:
 
     Custody& root_directory_relative_to_global_root();
 
     Custody& root_directory_relative_to_global_root();
 
     void set_root_directory(const Custody&);
 
     void set_root_directory(const Custody&);
 
 
 
-    bool has_promises() const
 
-    {
 
-        return m_has_promises;
 
-    }
 
-    bool has_promised(Pledge pledge) const
 
-    {
 
-        return m_promises & (1u << (u32)pledge);
 
-    }
 
+    bool has_promises() const { return protected_data().has_promises; }
 
+    bool has_promised(Pledge pledge) const { return protected_data().promises & (1u << (u32)pledge); }
 
 
 
     VeilState veil_state() const
 
     VeilState veil_state() const
 
     {
 
     {
 
@@ -600,11 +598,6 @@ private:
 
 
 
     RefPtr<Timer> m_alarm_timer;
 
     RefPtr<Timer> m_alarm_timer;
 
 
 
-    bool m_has_promises { false };
 
-    u32 m_promises { 0 };
 
-    bool m_has_execpromises { false };
 
-    u32 m_execpromises { 0 };
 
-
 
     VeilState m_veil_state { VeilState::None };
 
     VeilState m_veil_state { VeilState::None };
 
     UnveilNode m_unveiled_paths { "/", { .full_path = "/", .unveil_inherited_from_root = true } };
 
     UnveilNode m_unveiled_paths { "/", { .full_path = "/", .unveil_inherited_from_root = true } };

+ 12 - 8
Kernel/Syscalls/execve.cpp
Visa fil 

@@ -536,12 +536,6 @@ KResult Process::do_exec(NonnullRefPtr<FileDescription> main_program_description
 
     m_arguments = arguments;
 
     m_arguments = arguments;
 
     m_environment = environment;
 
     m_environment = environment;
 
 
 
-    m_promises = m_execpromises;
 
-    m_has_promises = m_has_execpromises;
 
-
 
-    m_execpromises = 0;
 
-    m_has_execpromises = false;
 
-
 
     m_veil_state = VeilState::None;
 
     m_veil_state = VeilState::None;
 
     m_unveiled_paths.clear();
 
     m_unveiled_paths.clear();
 
 
 
@@ -603,8 +597,18 @@ KResult Process::do_exec(NonnullRefPtr<FileDescription> main_program_description
 
     m_name = parts.take_last();
 
     m_name = parts.take_last();
 
     new_main_thread->set_name(m_name);
 
     new_main_thread->set_name(m_name);
 
 
 
-    // FIXME: PID/TID ISSUE
 
-    MutableProtectedData(*this)->pid = new_main_thread->tid().value();
 
+    {
 
+        MutableProtectedData protected_data { *this };
 
+        protected_data->promises = protected_data->execpromises;
 
+        protected_data->has_promises = protected_data->has_execpromises;
 
+
 
+        protected_data->execpromises = 0;
 
+        protected_data->has_execpromises = false;
 
+
 
+        // FIXME: PID/TID ISSUE
 
+        protected_data->pid = new_main_thread->tid().value();
 
+    }
 
+
 
     auto tsr_result = new_main_thread->make_thread_specific_region({});
 
     auto tsr_result = new_main_thread->make_thread_specific_region({});
 
     if (tsr_result.is_error()) {
 
     if (tsr_result.is_error()) {
 
         // FIXME: We cannot fail this late. Refactor this so the allocation happens before we commit to the new executable.
 
         // FIXME: We cannot fail this late. Refactor this so the allocation happens before we commit to the new executable.

+ 4 - 4
Kernel/Syscalls/fork.cpp
Visa fil 

@@ -41,10 +41,6 @@ KResultOr<pid_t> Process::sys$fork(RegisterState& regs)
 
         return ENOMEM;
 
         return ENOMEM;
 
     child->m_root_directory = m_root_directory;
 
     child->m_root_directory = m_root_directory;
 
     child->m_root_directory_relative_to_global_root = m_root_directory_relative_to_global_root;
 
     child->m_root_directory_relative_to_global_root = m_root_directory_relative_to_global_root;
 
-    child->m_promises = m_promises;
 
-    child->m_execpromises = m_execpromises;
 
-    child->m_has_promises = m_has_promises;
 
-    child->m_has_execpromises = m_has_execpromises;
 
     child->m_veil_state = m_veil_state;
 
     child->m_veil_state = m_veil_state;
 
     child->m_unveiled_paths = m_unveiled_paths.deep_copy();
 
     child->m_unveiled_paths = m_unveiled_paths.deep_copy();
 
     child->m_fds = m_fds;
 
     child->m_fds = m_fds;
 
@@ -54,6 +50,10 @@ KResultOr<pid_t> Process::sys$fork(RegisterState& regs)
 
 
 
     {
 
     {
 
         MutableProtectedData child_data { *child };
 
         MutableProtectedData child_data { *child };
 
+        child_data->promises = protected_data().promises;
 
+        child_data->execpromises = protected_data().execpromises;
 
+        child_data->has_promises = protected_data().has_promises;
 
+        child_data->has_execpromises = protected_data().has_execpromises;
 
         child_data->sid = this->sid();
 
         child_data->sid = this->sid();
 
         child_data->extra_gids = this->extra_gids();
 
         child_data->extra_gids = this->extra_gids();
 
     }
 
     }

+ 9 - 6
Kernel/Syscalls/pledge.cpp
Visa fil 

@@ -67,24 +67,27 @@ KResultOr<int> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*> u
 
         return true;
 
         return true;
 
     };
 
     };
 
 
 
+    MutableProtectedData mutable_protected_data { *this };
 
+
 
     if (!promises.is_null()) {
 
     if (!promises.is_null()) {
 
         u32 new_promises = 0;
 
         u32 new_promises = 0;
 
         if (!parse_pledge(promises, new_promises))
 
         if (!parse_pledge(promises, new_promises))
 
             return EINVAL;
 
             return EINVAL;
 
-        if (m_promises && (!new_promises || new_promises & ~m_promises))
 
+        if (protected_data().promises && (!new_promises || new_promises & ~protected_data().promises))
 
             return EPERM;
 
             return EPERM;
 
-        m_has_promises = true;
 
-        m_promises = new_promises;
 
+
 
+        mutable_protected_data->has_promises = true;
 
+        mutable_protected_data->promises = new_promises;
 
     }
 
     }
 
 
 
     if (!execpromises.is_null()) {
 
     if (!execpromises.is_null()) {
 
         u32 new_execpromises = 0;
 
         u32 new_execpromises = 0;
 
         if (!parse_pledge(execpromises, new_execpromises))
 
         if (!parse_pledge(execpromises, new_execpromises))
 
             return EINVAL;
 
             return EINVAL;
 
-        if (m_execpromises && (!new_execpromises || new_execpromises & ~m_execpromises))
 
+        if (protected_data().execpromises && (!new_execpromises || new_execpromises & ~protected_data().execpromises))
 
             return EPERM;
 
             return EPERM;
 
-        m_has_execpromises = true;
 
-        m_execpromises = new_execpromises;
 
+        mutable_protected_data->has_execpromises = true;
 
+        mutable_protected_data->execpromises = new_execpromises;
 
     }
 
     }
 
 
 
     return 0;
 
     return 0;

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5