Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/sys_capability.c
| Show First 20 Lines • Show All 148 Lines • ▼ Show 20 Lines | |||||
| #ifdef CAPABILITIES | #ifdef CAPABILITIES | ||||
| FEATURE(security_capabilities, "Capsicum Capabilities"); | FEATURE(security_capabilities, "Capsicum Capabilities"); | ||||
| MALLOC_DECLARE(M_FILECAPS); | MALLOC_DECLARE(M_FILECAPS); | ||||
| static inline int | static inline int | ||||
| _cap_check(const cap_rights_t *havep, const cap_rights_t *needp, | _cap_check(const cap_rights_t *havep, const cap_rights_t *needp, | ||||
| enum ktr_cap_fail_type type) | enum ktr_cap_violation type) | ||||
| { | { | ||||
| const cap_rights_t rights[] = { *needp, *havep }; | |||||
markj: Missing a newline after a variable definition. | |||||
| if (!cap_rights_contains(havep, needp)) { | if (!cap_rights_contains(havep, needp)) { | ||||
| #ifdef KTRACE | if (CAP_TRACING(curthread)) | ||||
| if (KTRPOINT(curthread, KTR_CAPFAIL)) | ktrcapfail(type, rights); | ||||
| ktrcapfail(type, needp, havep); | |||||
| #endif | |||||
| return (ENOTCAPABLE); | return (ENOTCAPABLE); | ||||
| } | } | ||||
| return (0); | return (0); | ||||
| } | } | ||||
| /* | /* | ||||
| * Test whether a capability grants the requested rights. | * Test whether a capability grants the requested rights. | ||||
| */ | */ | ||||
| int | int | ||||
| cap_check(const cap_rights_t *havep, const cap_rights_t *needp) | cap_check(const cap_rights_t *havep, const cap_rights_t *needp) | ||||
| { | { | ||||
| return (_cap_check(havep, needp, CAPFAIL_NOTCAPABLE)); | return (_cap_check(havep, needp, CAPFAIL_NOTCAPABLE)); | ||||
| } | } | ||||
| int | int | ||||
| cap_check_failed_notcapable(const cap_rights_t *havep, const cap_rights_t *needp) | cap_check_failed_notcapable(const cap_rights_t *havep, const cap_rights_t *needp) | ||||
| { | { | ||||
| const cap_rights_t rights[] = { *needp, *havep }; | |||||
| #ifdef KTRACE | if (CAP_TRACING(curthread)) | ||||
| if (KTRPOINT(curthread, KTR_CAPFAIL)) | ktrcapfail(CAPFAIL_NOTCAPABLE, rights); | ||||
Done Inline ActionsMissing a newline after a variable definition. markj: Missing a newline after a variable definition. | |||||
| ktrcapfail(CAPFAIL_NOTCAPABLE, needp, havep); | |||||
| #endif | |||||
| return (ENOTCAPABLE); | return (ENOTCAPABLE); | ||||
| } | } | ||||
| /* | /* | ||||
| * Convert capability rights into VM access flags. | * Convert capability rights into VM access flags. | ||||
| */ | */ | ||||
| vm_prot_t | vm_prot_t | ||||
| cap_rights_to_vmprot(const cap_rights_t *havep) | cap_rights_to_vmprot(const cap_rights_t *havep) | ||||
| ▲ Show 20 Lines • Show All 492 Lines • Show Last 20 Lines | |||||
Missing a newline after a variable definition.