Export capability information via sysctls.
When reporting on a capability, flag the fact that it is a capability, but also unwrap to report all of the usual information about the underlying file. Approved by: re (kib), mentor (rwatson) Sponsored by: Google Inc
This commit is contained in:
parent
e1c30fa66e
commit
8bec41f41d
@ -2946,6 +2946,22 @@ sysctl_kern_proc_ofiledesc(SYSCTL_HANDLER_ARGS)
|
||||
so = NULL;
|
||||
tp = NULL;
|
||||
kif->kf_fd = i;
|
||||
|
||||
#ifdef CAPABILITIES
|
||||
/*
|
||||
* When reporting a capability, most fields will be from the
|
||||
* underlying object, but do mark as a capability. With
|
||||
* ofiledesc, we don't have a field to export the cap_rights_t,
|
||||
* but we do with the new filedesc.
|
||||
*/
|
||||
if (fp->f_type == DTYPE_CAPABILITY) {
|
||||
kif->kf_flags |= KF_FLAG_CAPABILITY;
|
||||
(void)cap_funwrap(fp, 0, &fp);
|
||||
}
|
||||
#else
|
||||
KASSERT(fp->f_type != DTYPE_CAPABILITY,
|
||||
("sysctl_kern_proc_ofiledesc: saw capability"));
|
||||
#endif
|
||||
switch (fp->f_type) {
|
||||
case DTYPE_VNODE:
|
||||
kif->kf_type = KF_TYPE_VNODE;
|
||||
@ -3262,6 +3278,22 @@ sysctl_kern_proc_filedesc(SYSCTL_HANDLER_ARGS)
|
||||
if ((fp = fdp->fd_ofiles[i]) == NULL)
|
||||
continue;
|
||||
data = NULL;
|
||||
|
||||
#ifdef CAPABILITIES
|
||||
/*
|
||||
* When reporting a capability, most fields will be from the
|
||||
* underlying object, but do mark as a capability and export
|
||||
* the capability rights mask.
|
||||
*/
|
||||
if (fp->f_type == DTYPE_CAPABILITY) {
|
||||
kif->kf_flags |= KF_FLAG_CAPABILITY;
|
||||
kif->kf_cap_rights = cap_rights(fp);
|
||||
(void)cap_funwrap(fp, 0, &fp);
|
||||
}
|
||||
#else /* !CAPABILITIES */
|
||||
KASSERT(fp->f_type != DTYPE_CAPABILITY,
|
||||
("sysctl_kern_proc_filedesc: saw capability"));
|
||||
#endif
|
||||
switch (fp->f_type) {
|
||||
case DTYPE_VNODE:
|
||||
type = KF_TYPE_VNODE;
|
||||
|
@ -251,6 +251,7 @@ struct user {
|
||||
#define KF_TYPE_SHM 8
|
||||
#define KF_TYPE_SEM 9
|
||||
#define KF_TYPE_PTS 10
|
||||
/* no KF_TYPE_CAPABILITY (11), since capabilities wrap other file objects */
|
||||
#define KF_TYPE_UNKNOWN 255
|
||||
|
||||
#define KF_VTYPE_VNON 0
|
||||
@ -286,6 +287,7 @@ struct user {
|
||||
#define KF_FLAG_TRUNC 0x00001000
|
||||
#define KF_FLAG_EXCL 0x00002000
|
||||
#define KF_FLAG_EXEC 0x00004000
|
||||
#define KF_FLAG_CAPABILITY 0x00008000
|
||||
|
||||
/*
|
||||
* Old format. Has variable hidden padding due to alignment.
|
||||
@ -378,7 +380,9 @@ struct kinfo_file {
|
||||
} kf_un;
|
||||
uint16_t kf_status; /* Status flags. */
|
||||
uint16_t kf_pad1; /* Round to 32 bit alignment. */
|
||||
int _kf_ispare[7]; /* Space for more stuff. */
|
||||
int _kf_ispare0; /* Space for more stuff. */
|
||||
cap_rights_t kf_cap_rights; /* Capability rights. */
|
||||
int _kf_ispare[4]; /* Space for more stuff. */
|
||||
/* Truncated before copyout in sysctl */
|
||||
char kf_path[PATH_MAX]; /* Path to file, if any. */
|
||||
};
|
||||
|
Loading…
x
Reference in New Issue
Block a user