diff options
author | jhb <jhb@FreeBSD.org> | 2008-01-08 21:58:16 +0000 |
---|---|---|
committer | jhb <jhb@FreeBSD.org> | 2008-01-08 21:58:16 +0000 |
commit | 8cd9437636744162d1427275b2fe66cf8ccef25c (patch) | |
tree | 49b07dc757aae71e0a64eb4939cde4037af60a24 /sys/security/mac_test/mac_test.c | |
parent | 23d78439c96372baa4a3c2847df65f8e11455ae7 (diff) | |
download | FreeBSD-src-8cd9437636744162d1427275b2fe66cf8ccef25c.zip FreeBSD-src-8cd9437636744162d1427275b2fe66cf8ccef25c.tar.gz |
Add a new file descriptor type for IPC shared memory objects and use it to
implement shm_open(2) and shm_unlink(2) in the kernel:
- Each shared memory file descriptor is associated with a swap-backed vm
object which provides the backing store. Each descriptor starts off with
a size of zero, but the size can be altered via ftruncate(2). The shared
memory file descriptors also support fstat(2). read(2), write(2),
ioctl(2), select(2), poll(2), and kevent(2) are not supported on shared
memory file descriptors.
- shm_open(2) and shm_unlink(2) are now implemented as system calls that
manage shared memory file descriptors. The virtual namespace that maps
pathnames to shared memory file descriptors is implemented as a hash
table where the hash key is generated via the 32-bit Fowler/Noll/Vo hash
of the pathname.
- As an extension, the constant 'SHM_ANON' may be specified in place of the
path argument to shm_open(2). In this case, an unnamed shared memory
file descriptor will be created similar to the IPC_PRIVATE key for
shmget(2). Note that the shared memory object can still be shared among
processes by sharing the file descriptor via fork(2) or sendmsg(2), but
it is unnamed. This effectively serves to implement the getmemfd() idea
bandied about the lists several times over the years.
- The backing store for shared memory file descriptors are garbage
collected when they are not referenced by any open file descriptors or
the shm_open(2) virtual namespace.
Submitted by: dillon, peter (previous versions)
Submitted by: rwatson (I based this on his version)
Reviewed by: alc (suggested converting getmemfd() to shm_open())
Diffstat (limited to 'sys/security/mac_test/mac_test.c')
-rw-r--r-- | sys/security/mac_test/mac_test.c | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index e28e4c3..14d3b80 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -94,6 +94,7 @@ SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, #define MAGIC_SYSV_SHM 0x76119ab0 #define MAGIC_PIPE 0xdc6c9919 #define MAGIC_POSIX_SEM 0x78ae980c +#define MAGIC_POSIX_SHM 0x4e853fc9 #define MAGIC_PROC 0x3b4be98f #define MAGIC_CRED 0x9a5a4987 #define MAGIC_VNODE 0x1a67a45c @@ -1116,6 +1117,92 @@ test_posixsem_init_label(struct label *label) COUNTER_INC(posixsem_init_label); } +COUNTER_DECL(posixshm_check_mmap); +static int +test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, + struct label *shmfdlabel, int prot, int flags) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); + return (0); +} + +COUNTER_DECL(posixshm_check_open); +static int +test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, + struct label *shmfdlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); + return (0); +} + +COUNTER_DECL(posixshm_check_stat); +static int +test_posixshm_check_stat(struct ucred *active_cred, + struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) +{ + + LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); + LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); + return (0); +} + +COUNTER_DECL(posixshm_check_truncate); +static int +test_posixshm_check_truncate(struct ucred *active_cred, + struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) +{ + + LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); + LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); + return (0); +} + +COUNTER_DECL(posixshm_check_unlink); +static int +test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, + struct label *shmfdlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); + return (0); +} + +COUNTER_DECL(posixshm_create); +static void +test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, + struct label *shmfdlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); + COUNTER_INC(posixshm_create); +} + +COUNTER_DECL(posixshm_destroy_label); +static void +test_posixshm_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_POSIX_SHM); + COUNTER_INC(posixshm_destroy_label); +} + +COUNTER_DECL(posixshm_init_label); +static void +test_posixshm_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_POSIX_SHM); + COUNTER_INC(posixshm_init_label); +} + COUNTER_DECL(proc_check_debug); static int test_proc_check_debug(struct ucred *cred, struct proc *p) @@ -2809,6 +2896,15 @@ static struct mac_policy_ops test_ops = .mpo_posixsem_destroy_label = test_posixsem_destroy_label, .mpo_posixsem_init_label = test_posixsem_init_label, + .mpo_posixshm_check_mmap = test_posixshm_check_mmap, + .mpo_posixshm_check_open = test_posixshm_check_open, + .mpo_posixshm_check_stat = test_posixshm_check_stat, + .mpo_posixshm_check_truncate = test_posixshm_check_truncate, + .mpo_posixshm_check_unlink = test_posixshm_check_unlink, + .mpo_posixshm_create = test_posixshm_create, + .mpo_posixshm_destroy_label = test_posixshm_destroy_label, + .mpo_posixshm_init_label = test_posixshm_init_label, + .mpo_proc_check_debug = test_proc_check_debug, .mpo_proc_check_sched = test_proc_check_sched, .mpo_proc_check_setaudit = test_proc_check_setaudit, |