|
|||
Prex Home / Browse Source - Prex Version: 0.9.0 |
|||
root/usr/server/exec/exec_cap.c/* [<][>][^][v][top][bottom][index][help] */DEFINITIONSThis source file includes following definitions.1 /*- 2 * Copyright (c) 2008, Kohsuke Ohtani 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the author nor the names of any co-contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 /* 31 * exec_cap.c - file capability management routines. 32 */ 33 34 #include <sys/prex.h> 35 #include <sys/capability.h> 36 #include <string.h> 37 #include <errno.h> 38 39 #include "exec.h" 40 41 /* 42 * Bind capabilities for the known file. 43 */ 44 void 45 bind_cap(char *path, task_t task) 46 { 47 const struct cap_map *map; 48 cap_t cap = 0; 49 int error; 50 51 /* 52 * Set capabilities to the known applications. 53 */ 54 map = &cap_table[0]; 55 while (map->c_path != NULL) { 56 if (!strncmp(path, map->c_path, PATH_MAX)) { 57 cap = map->c_capset; 58 break; 59 } 60 map++; 61 } 62 if (cap != 0) { 63 DPRINTF(("exec: set capability:%08x to %s\n", cap, path)); 64 error = task_setcap(task, cap); 65 if (error) 66 sys_panic("exec: no SETPCAP capability"); 67 } 68 } 69 70 /* 71 * Bind capability for server 72 */ 73 int 74 exec_bindcap(struct bind_msg *msg) 75 { 76 task_t task; 77 int error; 78 79 task = msg->hdr.task; 80 81 if (msg->path == NULL) 82 return EFAULT; 83 84 /* 85 * Check capability of caller task. 86 */ 87 error = task_chkcap(task, CAP_PROTSERV); 88 if (error != 0) 89 return EPERM; 90 91 /* 92 * Set capability 93 */ 94 bind_cap(msg->path, task); 95 96 return 0; 97 } /* [<][>][^][v][top][bottom][index][help] */ | |||
|
Copyright© 2005-2009 Kohsuke Ohtani |
|||
