vinzenz/redox
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add permissions to the filesystem, preliminary permissions to the syscalls

Browse source
This commit is contained in:
Jeremy Soller 2016-10-05 14:24:08 -06:00
parent 478bc20b85
commit f4a1d06f07
19 changed files with 142 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Makefile
View file

@ -276,15 +276,18 @@ $(BUILD)/filesystem.bin: \
extrautils \
schemes \
filesystem/bin/getty \
filesystem/bin/id \
filesystem/bin/ion \
filesystem/bin/login \
filesystem/bin/smith
rm -rf $@ $(BUILD)/filesystem/
echo exit | cargo run --manifest-path schemes/redoxfs/Cargo.toml --bin redoxfs-utility $@
echo exit | cargo run --manifest-path schemes/redoxfs/Cargo.toml --bin redoxfs-utility $@ 8
mkdir -p $(BUILD)/filesystem/
cargo run --manifest-path schemes/redoxfs/Cargo.toml --bin redoxfs-fuse $@ $(BUILD)/filesystem/ &
sleep 2
-cp -RL filesystem/* $(BUILD)/filesystem/
-chown -R 0:0 $(BUILD)/filesystem/
-chown -R 1000:1000 $(BUILD)/filesystem/home/user/
sync
-fusermount -u $(BUILD)/filesystem/
rm -rf $(BUILD)/filesystem/

3
drivers/vesad/src/main.rs
View file

@ -258,6 +258,9 @@ fn main() {
if ! scheme.input.borrow().is_empty() && *scheme.requested.borrow() & EVENT_READ == EVENT_READ {
let event_packet = Packet {
id: 0,
pid: 0,
uid: 0,
gid: 0,
a: syscall::number::SYS_FEVENT,
b: 0,
c: EVENT_READ,

9
kernel/context/context.rs
View file

@ -22,6 +22,10 @@ pub struct Context {
pub id: usize,
/// The ID of the parent context
pub ppid: usize,
/// The user id
pub uid: u32,
/// The group id
pub gid: u32,
/// Status of context
pub status: Status,
/// Context running or not
@ -58,6 +62,8 @@ impl Context {
Context {
id: id,
ppid: 0,
uid: 0,
gid: 0,
status: Status::Blocked,
running: false,
vfork: false,
@ -87,6 +93,9 @@ impl Context {
.to_vec()
} else if path.starts_with(b"./") {
let mut canon = cwd.clone();
if ! canon.ends_with(b"/") {
canon.push(b'/');
}
canon.extend_from_slice(&path[2..]);
canon
} else if path.starts_with(b"../") {

1
kernel/lib.rs
View file

@ -70,6 +70,7 @@
#![feature(const_fn)]
#![feature(drop_types_in_const)]
#![feature(heap_api)]
#![feature(integer_atomics)]
#![feature(question_mark)]
#![feature(never_type)]
#![feature(thread_local)]

18
kernel/scheme/user.rs
View file

@ -1,6 +1,6 @@
use alloc::arc::Weak;
use collections::{BTreeMap, VecDeque};
use core::sync::atomic::{AtomicUsize, Ordering};
use core::sync::atomic::{AtomicUsize, AtomicU64, Ordering};
use core::{mem, usize};
use spin::{Mutex, RwLock};
@ -16,17 +16,17 @@ use syscall::scheme::Scheme;
pub struct UserInner {
pub scheme_id: AtomicUsize,
next_id: AtomicUsize,
next_id: AtomicU64,
context: Weak<RwLock<Context>>,
todo: Mutex<VecDeque<Packet>>,
done: Mutex<BTreeMap<usize, usize>>
done: Mutex<BTreeMap<u64, usize>>
}
impl UserInner {
pub fn new(context: Weak<RwLock<Context>>) -> UserInner {
UserInner {
scheme_id: AtomicUsize::new(0),
next_id: AtomicUsize::new(1),
next_id: AtomicU64::new(1),
context: context,
todo: Mutex::new(VecDeque::new()),
done: Mutex::new(BTreeMap::new())
@ -34,10 +34,20 @@ impl UserInner {
}
pub fn call(&self, a: usize, b: usize, c: usize, d: usize) -> Result<usize> {
let (pid, uid, gid) = {
let contexts = context::contexts();
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
let context = context_lock.read();
(context.id, context.uid, context.gid)
};
let id = self.next_id.fetch_add(1, Ordering::SeqCst);
let packet = Packet {
id: id,
pid: pid,
uid: uid,
gid: gid,
a: a,
b: b,
c: c,

4
kernel/syscall/mod.rs
View file

@ -48,6 +48,10 @@ pub extern fn syscall(a: usize, b: usize, c: usize, d: usize, e: usize, f: usize
SYS_CLONE => clone(b, stack),
SYS_YIELD => sched_yield(),
SYS_GETCWD => getcwd(validate_slice_mut(b as *mut u8, c)?),
SYS_GETUID => getuid(),
SYS_GETGID => getgid(),
SYS_SETUID => setuid(b as u32),
SYS_SETGID => setgid(b as u32),
SYS_FEVENT => fevent(b, c),
SYS_FPATH => fpath(b, validate_slice_mut(c as *mut u8, d)?),
SYS_PHYSALLOC => physalloc(b),

50
kernel/syscall/process.rs
View file

@ -58,6 +58,8 @@ pub fn clone(flags: usize, stack_base: usize) -> Result<usize> {
let ppid;
let pid;
{
let uid;
let gid;
let arch;
let vfork;
let mut kfx_option = None;
@ -78,6 +80,8 @@ pub fn clone(flags: usize, stack_base: usize) -> Result<usize> {
let context = context_lock.read();
ppid = context.id;
uid = context.uid;
gid = context.gid;
arch = context.arch.clone();
@ -249,6 +253,8 @@ pub fn clone(flags: usize, stack_base: usize) -> Result<usize> {
pid = context.id;
context.ppid = ppid;
context.uid = uid;
context.gid = gid;
context.status = context::Status::Runnable;
@ -452,6 +458,7 @@ pub fn exec(path: &[u8], arg_ptrs: &[[usize; 2]]) -> Result<usize> {
drop(context.stack.take());
context.grants = Arc::new(Mutex::new(Vec::new()));
// Map and copy new segments
for segment in elf.segments() {
if segment.p_type == program_header::PT_LOAD {
let mut memory = context::memory::Memory::new(
@ -488,6 +495,7 @@ pub fn exec(path: &[u8], arg_ptrs: &[[usize; 2]]) -> Result<usize> {
}
}
// Map heap
context.heap = Some(context::memory::Memory::new(
VirtualAddress::new(arch::USER_HEAP_OFFSET),
0,
@ -572,6 +580,13 @@ pub fn exec(path: &[u8], arg_ptrs: &[[usize; 2]]) -> Result<usize> {
unsafe { usermode(entry, sp); }
}
pub fn getgid() -> Result<usize> {
let contexts = context::contexts();
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
let context = context_lock.read();
Ok(context.gid as usize)
}
pub fn getpid() -> Result<usize> {
let contexts = context::contexts();
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
@ -579,6 +594,13 @@ pub fn getpid() -> Result<usize> {
Ok(context.id)
}
pub fn getuid() -> Result<usize> {
let contexts = context::contexts();
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
let context = context_lock.read();
Ok(context.uid as usize)
}
pub fn iopl(_level: usize) -> Result<usize> {
//TODO
Ok(0)
@ -676,6 +698,34 @@ pub fn sched_yield() -> Result<usize> {
Ok(0)
}
pub fn setgid(gid: u32) -> Result<usize> {
let contexts = context::contexts();
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
let mut context = context_lock.write();
if context.gid == 0 {
context.gid = gid;
Ok(0)
} else if context.gid == gid {
Ok(0)
} else {
Err(Error::new(EPERM))
}
}
pub fn setuid(uid: u32) -> Result<usize> {
let contexts = context::contexts();
let context_lock = contexts.current().ok_or(Error::new(ESRCH))?;
let mut context = context_lock.write();
if context.uid == 0 {
context.uid = uid;
Ok(0)
} else if context.uid == uid {
Ok(0)
} else {
Err(Error::new(EPERM))
}
}
pub fn virttophys(virtual_address: usize) -> Result<usize> {
let active_table = unsafe { ActivePageTable::new() };
match active_table.translate(VirtualAddress::new(virtual_address)) {

2
libstd

@ -1 +1 @@
Subproject commit 452e1c13eef2faeb4252639da692fa8c335d35dd
Subproject commit 60c282e9b09cc37251d0229108398e7d7add99b9

2
programs/coreutils

@ -1 +1 @@
Subproject commit 648a0d119aaed8f4cf8c856e05e47da421c4074a
Subproject commit fe104e72ea1d756556e0d6d98158713f6c3a8a38

2
programs/extrautils

@ -1 +1 @@
Subproject commit 6f0ef493c9f48f7b0c8dfe7c2a9a029f68fdda19
Subproject commit d6c122a94cd760819f139f2af6ea22e4f4b17151

3
programs/getty/src/main.rs
View file

@ -2,8 +2,7 @@
extern crate syscall;
use std::fs::File;
use std::io::{Read, Write};
use std::io::Write;
use std::process::Command;
use std::{env, io, str, thread};

6
programs/id/Cargo.toml Normal file
View file

@ -0,0 +1,6 @@
[package]
name = "id"
version = "0.1.0"
[dependencies]
syscall = { path = "../../syscall/" }

11
programs/id/src/main.rs Normal file
View file

@ -0,0 +1,11 @@
#![feature(question_mark)]
extern crate syscall;
use std::env;
pub fn main() {
let uid = syscall::getuid().expect("id: failed to get UID");
let gid = syscall::getgid().expect("id: failed to get GID");
println!("uid={}({}) gid={}({})", uid, env::var("USER").unwrap_or(String::new()), gid, "");
}

17
programs/login/src/main.rs
View file

@ -7,15 +7,15 @@ use octavo::octavo_digest::Digest;
use octavo::octavo_digest::sha3::Sha512;
use std::fs::File;
use std::io::{Read, Write};
use std::process::Command;
use std::{env, io, str, thread};
use std::process::{Command, CommandExt};
use std::{io, str};
use termion::input::TermRead;
pub struct Passwd<'a> {
user: &'a str,
hash: &'a str,
uid: usize,
gid: usize,
uid: u32,
gid: u32,
name: &'a str,
home: &'a str,
shell: &'a str
@ -27,8 +27,8 @@ impl<'a> Passwd<'a> {
let user = parts.next().ok_or(())?;
let hash = parts.next().ok_or(())?;
let uid = parts.next().ok_or(())?.parse::<usize>().or(Err(()))?;
let gid = parts.next().ok_or(())?.parse::<usize>().or(Err(()))?;
let uid = parts.next().ok_or(())?.parse::<u32>().or(Err(()))?;
let gid = parts.next().ok_or(())?.parse::<u32>().or(Err(()))?;
let name = parts.next().ok_or(())?;
let home = parts.next().ok_or(())?;
let shell = parts.next().ok_or(())?;
@ -118,7 +118,10 @@ pub fn main() {
let mut command = Command::new(passwd.shell);
env::set_current_dir(passwd.home).unwrap();
command.uid(passwd.uid);
command.gid(passwd.gid);
command.current_dir(passwd.home);
command.env("USER", &user);
command.env("HOME", passwd.home);

2
rust

@ -1 +1 @@
Subproject commit f1f40f850e2546c2c187514e3d61d17544ba433f
Subproject commit a5dac7a2af3ee444817eb7bfbba3539be8c06cf1

2
schemes/redoxfs

@ -1 +1 @@
Subproject commit 1488d1ef5661496aff695f2e1bf67997d4654329
Subproject commit c06edb232b48024a7a8e468dd5316d5b28a3eac9

5
syscall/src/data.rs
View file

@ -28,7 +28,10 @@ impl DerefMut for Event {
#[derive(Copy, Clone, Debug, Default)]
#[repr(packed)]
pub struct Packet {
pub id: usize,
pub id: u64,
pub pid: usize,
pub uid: u32,
pub gid: u32,
pub a: usize,
pub b: usize,
pub c: usize,

16
syscall/src/lib.rs
View file

@ -86,10 +86,18 @@ pub fn getcwd(buf: &mut [u8]) -> Result<usize> {
unsafe { syscall2(SYS_GETCWD, buf.as_mut_ptr() as usize, buf.len()) }
}
pub fn getgid() -> Result<usize> {
unsafe { syscall0(SYS_GETGID) }
}
pub fn getpid() -> Result<usize> {
unsafe { syscall0(SYS_GETPID) }
}
pub fn getuid() -> Result<usize> {
unsafe { syscall0(SYS_GETUID) }
}
pub unsafe fn iopl(level: usize) -> Result<usize> {
syscall1(SYS_IOPL, level)
}
@ -142,6 +150,14 @@ pub fn rmdir(path: &str) -> Result<usize> {
unsafe { syscall2(SYS_RMDIR, path.as_ptr() as usize, path.len()) }
}
pub fn setgid(gid: usize) -> Result<usize> {
unsafe { syscall1(SYS_SETGID, gid) }
}
pub fn setuid(uid: usize) -> Result<usize> {
unsafe { syscall1(SYS_SETUID, uid) }
}
pub fn unlink(path: &str) -> Result<usize> {
unsafe { syscall2(SYS_UNLINK, path.as_ptr() as usize, path.len()) }
}

4
syscall/src/number.rs
View file

@ -13,7 +13,9 @@ pub const SYS_FSYNC: usize = 118;
pub const SYS_FTRUNCATE: usize = 93;
pub const SYS_FUTEX: usize = 240;
pub const SYS_GETCWD: usize = 183;
pub const SYS_GETGID: usize = 200;
pub const SYS_GETPID: usize = 20;
pub const SYS_GETUID: usize = 199;
pub const SYS_IOPL: usize = 110;
pub const SYS_LINK: usize = 9;
pub const SYS_LSEEK: usize = 19;
@ -28,6 +30,8 @@ pub const SYS_VIRTTOPHYS: usize = 949;
pub const SYS_PIPE2: usize = 331;
pub const SYS_READ: usize = 3;
pub const SYS_RMDIR: usize = 84;
pub const SYS_SETGID: usize = 214;
pub const SYS_SETUID: usize = 213;
pub const SYS_UNLINK: usize = 10;
pub const SYS_WAITPID: usize = 7;
pub const SYS_WRITE: usize = 4;