2 /* Call mask ACL management. */
4 #include <minix/drivers.h>
12 #define FIRST_SYS_ACL 1
14 static bitchunk_t acl_mask
[NR_SYS_PROCS
][VM_CALL_MASK_SIZE
];
15 static bitchunk_t acl_inuse
[BITMAP_CHUNKS(NR_SYS_PROCS
)];
18 * Initialize ACL data structures.
25 for (i
= 0; i
< ELEMENTS(vmproc
); i
++)
26 vmproc
[i
].vm_acl
= NO_ACL
;
28 memset(acl_mask
, 0, sizeof(acl_mask
));
29 memset(acl_inuse
, 0, sizeof(acl_inuse
));
33 * Check whether a process is allowed to make a certain (zero-based) call.
34 * Return OK or an error.
37 acl_check(struct vmproc
*vmp
, int call
)
40 /* VM makes asynchronous calls to itself. Always allow those. */
41 if (vmp
->vm_endpoint
== VM_PROC_NR
)
44 /* If the process has no ACL, all calls are allowed.. for now. */
45 if (vmp
->vm_acl
== NO_ACL
) {
46 /* RS instrumented with ASR may call VM_BRK at startup. */
47 if (vmp
->vm_endpoint
== RS_PROC_NR
)
50 printf("VM: calling process %u has no ACL!\n",
56 /* See if the call is allowed. */
57 if (!GET_BIT(acl_mask
[vmp
->vm_acl
], call
))
64 * Assign a call mask to a process. User processes share the first ACL entry.
65 * System processes are assigned to any of the other slots. For user
66 * processes, no call mask need to be provided: it will simply be inherited in
70 acl_set(struct vmproc
*vmp
, bitchunk_t
*mask
, int sys_proc
)
77 for (i
= FIRST_SYS_ACL
; i
< NR_SYS_PROCS
; i
++)
78 if (!GET_BIT(acl_inuse
, i
))
82 * This should never happen. If it does, then different user
83 * processes have been assigned call masks separately. It is
84 * RS's responsibility to prevent that.
86 if (i
== NR_SYS_PROCS
) {
87 printf("VM: no ACL entries available!\n");
93 if (!GET_BIT(acl_inuse
, i
) && mask
== NULL
)
94 printf("VM: WARNING: inheriting uninitialized ACL mask\n");
96 SET_BIT(acl_inuse
, i
);
100 memcpy(&acl_mask
[vmp
->vm_acl
], mask
, sizeof(acl_mask
[0]));
104 * A process has forked. User processes inherit their parent's ACL by default,
105 * although they may be turned into system processes later. System processes
106 * do not inherit an ACL, and will have to be assigned one before getting to
110 acl_fork(struct vmproc
*vmp
)
112 if (vmp
->vm_acl
!= USER_ACL
)
113 vmp
->vm_acl
= NO_ACL
;
117 * A process has exited. Decrease the reference count on its ACL entry, and
118 * mark the process as having no ACL.
121 acl_clear(struct vmproc
*vmp
)
123 if (vmp
->vm_acl
!= NO_ACL
) {
124 if (vmp
->vm_acl
!= USER_ACL
)
125 UNSET_BIT(acl_inuse
, vmp
->vm_acl
);
127 vmp
->vm_acl
= NO_ACL
;