Index: sys/posix4/p1003_1b.c =================================================================== RCS file: /home/ncvs/src/sys/posix4/p1003_1b.c,v retrieving revision 1.5.2.1 diff -u -r1.5.2.1 p1003_1b.c --- sys/posix4/p1003_1b.c 3 Aug 2000 01:09:59 -0000 1.5.2.1 +++ sys/posix4/p1003_1b.c 30 Oct 2002 21:21:35 -0000 @@ -68,43 +68,39 @@ * * Can process p, with pcred pc, do "write flavor" operations to process q? */ -#define CAN_AFFECT(p, pc, q) \ - ((pc)->pc_ucred->cr_uid == 0 || \ - (pc)->p_ruid == (q)->p_cred->p_ruid || \ - (pc)->pc_ucred->cr_uid == (q)->p_cred->p_ruid || \ - (pc)->p_ruid == (q)->p_ucred->cr_uid || \ - (pc)->pc_ucred->cr_uid == (q)->p_ucred->cr_uid) +#define CAN_AFFECT(p, q) \ + (!suser_xxx(NULL, p, PRISON_ROOT) || \ + (p)->p_cred->p_ruid == (q)->p_cred->p_ruid || \ + (p)->p_ucred->cr_uid == (q)->p_cred->p_ruid || \ + (p)->p_cred->p_ruid == (q)->p_ucred->cr_uid || \ + (p)->p_ucred->cr_uid == (q)->p_ucred->cr_uid) #else -#define CAN_AFFECT(p, pc, q) ((pc)->pc_ucred->cr_uid == 0) +#define CAN_AFFECT(p, q) (!suser_xxx(NULL, p, PRISON_ROOT)) #endif /* * p31b_proc: Look up a proc from a PID. If proc is 0 it is * my own proc. */ -int p31b_proc(struct proc *p, pid_t pid, struct proc **pp) +static __inline int +p31b_proc(struct proc *p, pid_t pid, struct proc **pp, int set) { - int ret = 0; - struct proc *other_proc = 0; + struct proc *q; if (pid == 0) - other_proc = p; + q = p; else - other_proc = pfind(pid); + q = pfind(pid); - if (other_proc) - { - /* Enforce permission policy. - */ - if (CAN_AFFECT(p, p->p_cred, other_proc)) - *pp = other_proc; - else - ret = EPERM; - } - else - ret = ESRCH; + if (q == NULL) + return (ESRCH); - return ret; + /* Enforce permission policy. */ + if (!PRISON_CHECK(p, q) || set && p_trespass(p, q)) + return (EPERM); + + *pp = q; + return (0); } /* The system calls return ENOSYS if an entry is called that is @@ -128,7 +124,8 @@ /* Not configured but loadable via a module: */ -static int sched_attach(void) +static int +sched_attach(void) { return 0; } @@ -148,7 +145,8 @@ */ static struct ksched *ksched; -static int sched_attach(void) +static int +sched_attach(void) { int ret = ksched_attach(&ksched); @@ -158,101 +156,114 @@ return ret; } -int sched_setparam(struct proc *p, - struct sched_setparam_args *uap) +int +sched_setparam(struct proc *p, struct sched_setparam_args *uap) { + struct proc *targetp; int e; struct sched_param sched_param; - copyin(uap->param, &sched_param, sizeof(sched_param)); - - (void) (0 - || (e = p31b_proc(p, uap->pid, &p)) - || (e = ksched_setparam(&p->p_retval[0], ksched, p, - (const struct sched_param *)&sched_param)) - ); - - return e; + e = copyin(uap->param, &sched_param, sizeof(sched_param)); + if (e) + return (e); + + e = p31b_proc(p, uap->pid, &targetp, 1); + if (e) + return (e); + e = ksched_setparam(&p->p_retval[0], ksched, targetp, + (const struct sched_param *)&sched_param); + return (e); } -int sched_getparam(struct proc *p, - struct sched_getparam_args *uap) +int +sched_getparam(struct proc *p, struct sched_getparam_args *uap) { int e; struct sched_param sched_param; + struct proc *targetp; - (void) (0 - || (e = p31b_proc(p, uap->pid, &p)) - || (e = ksched_getparam(&p->p_retval[0], ksched, p, &sched_param)) - ); - - if (!e) - copyout(&sched_param, uap->param, sizeof(sched_param)); + e = p31b_proc(p, uap->pid, &targetp, 0); + if (e) + return (e); + e = ksched_getparam(&p->p_retval[0], ksched, targetp, &sched_param); + if (e) + return (e); - return e; + e = copyout(&sched_param, uap->param, sizeof(sched_param)); + return (e); } -int sched_setscheduler(struct proc *p, - struct sched_setscheduler_args *uap) + +int +sched_setscheduler(struct proc *p, struct sched_setscheduler_args *uap) { int e; - struct sched_param sched_param; - copyin(uap->param, &sched_param, sizeof(sched_param)); + struct proc *targetp; - (void) (0 - || (e = p31b_proc(p, uap->pid, &p)) - || (e = ksched_setscheduler(&p->p_retval[0], - ksched, p, uap->policy, - (const struct sched_param *)&sched_param)) - ); + e = copyin(uap->param, &sched_param, sizeof(sched_param)); + if (e) + return (e); + + e = p31b_proc(p, uap->pid, &targetp, 1); + if (e) + return (e); + e = ksched_setscheduler(&p->p_retval[0], ksched, targetp, uap->policy, + (const struct sched_param *)&sched_param); - return e; + return (e); } -int sched_getscheduler(struct proc *p, - struct sched_getscheduler_args *uap) + +int +sched_getscheduler(struct proc *p, struct sched_getscheduler_args *uap) { int e; - (void) (0 - || (e = p31b_proc(p, uap->pid, &p)) - || (e = ksched_getscheduler(&p->p_retval[0], ksched, p)) - ); + struct proc *targetp; + + e = p31b_proc(p, uap->pid, &targetp, 0); + if (e) + return (e); + e = ksched_getscheduler(&p->p_retval[0], ksched, targetp); - return e; + return (e); } -int sched_yield(struct proc *p, - struct sched_yield_args *uap) + +int +sched_yield(struct proc *p, struct sched_yield_args *uap) { return ksched_yield(&p->p_retval[0], ksched); } -int sched_get_priority_max(struct proc *p, - struct sched_get_priority_max_args *uap) + +int +sched_get_priority_max(struct proc *p, struct sched_get_priority_max_args *uap) { - return ksched_get_priority_max(&p->p_retval[0], - ksched, uap->policy); + return ksched_get_priority_max(&p->p_retval[0], ksched, uap->policy); } -int sched_get_priority_min(struct proc *p, - struct sched_get_priority_min_args *uap) + +int +sched_get_priority_min(struct proc *p, struct sched_get_priority_min_args *uap) { - return ksched_get_priority_min(&p->p_retval[0], - ksched, uap->policy); + return ksched_get_priority_min(&p->p_retval[0], ksched, uap->policy); } -int sched_rr_get_interval(struct proc *p, - struct sched_rr_get_interval_args *uap) + +int +sched_rr_get_interval(struct proc *p, struct sched_rr_get_interval_args *uap) { int e; + struct proc *targetp; - (void) (0 - || (e = p31b_proc(p, uap->pid, &p)) - || (e = ksched_rr_get_interval(&p->p_retval[0], ksched, - p, uap->interval)) - ); + e = p31b_proc(p, uap->pid, &targetp, 0); + if (e) + return (e); + e = ksched_rr_get_interval(&p->p_retval[0], ksched, targetp, + uap->interval); - return e; + return (e); } #endif -static void p31binit(void *notused) +static void +p31binit(void *notused) { (void) sched_attach(); p31b_setcfg(CTL_P1003_1B_PAGESIZE, PAGE_SIZE); Index: sys/posix4/posix4.h =================================================================== RCS file: /home/ncvs/src/sys/posix4/posix4.h,v retrieving revision 1.6 diff -u -r1.6 posix4.h --- sys/posix4/posix4.h 27 Dec 1999 10:22:09 -0000 1.6 +++ sys/posix4/posix4.h 30 Oct 2002 20:13:15 -0000 @@ -61,8 +61,6 @@ #define p31b_malloc(SIZE) malloc((SIZE), M_P31B, M_WAITOK) #define p31b_free(P) free((P), M_P31B) -int p31b_proc __P((struct proc *, pid_t, struct proc **)); - void p31b_setcfg __P((int, int)); #ifdef _KPOSIX_PRIORITY_SCHEDULING