move all security policy stuff out of userspace

darcs-hash:20040701010812-24bed-bea5e29c60c2fe0460bad47fa118a7b7d02ba591.gz

diff --git a/src/org/ibex/nestedvm/Runtime.java b/src/org/ibex/nestedvm/Runtime.java
index f6a00df..1065693 100644 (file)
--- a/src/org/ibex/nestedvm/Runtime.java
+++ b/src/org/ibex/nestedvm/Runtime.java
@@ -1061,6 +1061,10 @@ public abstract class Runtime implements UsermodeConstants,Registers,Cloneable {
             case SYS_getpagesize: return sys_getpagesize();
             case SYS_fcntl: return sys_fcntl(a,b,c);
             case SYS_sysconf: return sys_sysconf(a);
             case SYS_getpagesize: return sys_getpagesize();
             case SYS_fcntl: return sys_fcntl(a,b,c);
             case SYS_sysconf: return sys_sysconf(a);

+            case SYS_getuid: return sys_getuid();
+            case SYS_geteuid: return sys_geteuid();
+            case SYS_getgid: return sys_getgid();
+            case SYS_getegid: return sys_getegid();

             
             case SYS_memcpy: memcpy(a,b,c); return a;
             case SYS_memset: memset(a,b,c); return a;
             
             case SYS_memcpy: memcpy(a,b,c); return a;
             case SYS_memset: memset(a,b,c); return a;

@@ -1082,6 +1086,11 @@ public abstract class Runtime implements UsermodeConstants,Registers,Cloneable {
         }
     }
     
         }
     }
     

+    private int sys_getuid() { return 0; }
+    private int sys_geteuid() { return 0; }
+    private int sys_getgid() { return 0; }
+    private int sys_getegid() { return 0; }
+    

     public int xmalloc(int size) { int p=malloc(size); if(p==0) throw new RuntimeException("malloc() failed"); return p; }
     public int xrealloc(int addr,int newsize) { int p=realloc(addr,newsize); if(p==0) throw new RuntimeException("realloc() failed"); return p; }
     public int realloc(int addr, int newsize) { try { return call("realloc",addr,newsize); } catch(CallException e) { return 0; } }
     public int xmalloc(int size) { int p=malloc(size); if(p==0) throw new RuntimeException("malloc() failed"); return p; }
     public int xrealloc(int addr,int newsize) { int p=realloc(addr,newsize); if(p==0) throw new RuntimeException("realloc() failed"); return p; }
     public int realloc(int addr, int newsize) { try { return call("realloc",addr,newsize); } catch(CallException e) { return 0; } }

diff --git a/src/org/ibex/nestedvm/UsermodeConstants.java b/src/org/ibex/nestedvm/UsermodeConstants.java
index c373b67..07c03f4 100644 (file)
--- a/src/org/ibex/nestedvm/UsermodeConstants.java
+++ b/src/org/ibex/nestedvm/UsermodeConstants.java
@@ -67,6 +67,30 @@ public interface UsermodeConstants {
     public static final int SYS_sendto = 65;
     public static final int SYS_recvfrom = 66;
     public static final int SYS_select = 67;
     public static final int SYS_sendto = 65;
     public static final int SYS_recvfrom = 66;
     public static final int SYS_select = 67;

+    public static final int SYS_getuid = 68;
+    public static final int SYS_getgid = 69;
+    public static final int SYS_geteuid = 70;
+    public static final int SYS_getegid = 71;
+    public static final int SYS_getgroups = 72;
+    public static final int SYS_umask = 73;
+    public static final int SYS_chmod = 74;
+    public static final int SYS_fchmod = 75;
+    public static final int SYS_chown = 76;
+    public static final int SYS_fchown = 77;
+    public static final int SYS_access = 78;
+    public static final int SYS_alarm = 79;
+    public static final int SYS_setuid = 80;
+    public static final int SYS_setgid = 81;
+    public static final int SYS_send = 82;
+    public static final int SYS_recv = 83;
+    public static final int SYS_getsockname = 84;
+    public static final int SYS_getpeername = 85;
+    public static final int SYS_seteuid = 86;
+    public static final int SYS_setegid = 87;
+    public static final int SYS_setgroups = 88;
+    public static final int SYS_resolve_ip = 89;
+    public static final int SYS_setsid = 90;
+    public static final int AF_UNIX = 1;

     public static final int AF_INET = 2;
     public static final int SOCK_STREAM = 1;
     public static final int SOCK_DGRAM = 2;
     public static final int AF_INET = 2;
     public static final int SOCK_STREAM = 1;
     public static final int SOCK_DGRAM = 2;

@@ -77,10 +101,14 @@ public interface UsermodeConstants {
     public static final int SOL_SOCKET = 0xffff;
     public static final int SO_REUSEADDR = 0x0004;
     public static final int SO_KEEPALIVE = 0x0008; 
     public static final int SOL_SOCKET = 0xffff;
     public static final int SO_REUSEADDR = 0x0004;
     public static final int SO_KEEPALIVE = 0x0008; 

+    public static final int SO_BROADCAST = 0x0020;
+    public static final int SO_TYPE = 0x1008;

     public static final int SHUT_RD = 0;
     public static final int SHUT_WR = 1;
     public static final int SHUT_RDWR = 2;
     public static final int INADDR_ANY = 0;
     public static final int SHUT_RD = 0;
     public static final int SHUT_WR = 1;
     public static final int SHUT_RDWR = 2;
     public static final int INADDR_ANY = 0;

+    public static final int INADDR_LOOPBACK = 0x7f000001;
+    public static final int INADDR_BROADCAST = 0xffffffff;

     public static final int EPERM = 1; /* Not super-user */
     public static final int ENOENT = 2; /* No such file or directory */
     public static final int ESRCH = 3; /* No such process */
     public static final int EPERM = 1; /* Not super-user */
     public static final int ENOENT = 2; /* No such file or directory */
     public static final int ESRCH = 3; /* No such process */

diff --git a/src/org/ibex/nestedvm/support.s b/src/org/ibex/nestedvm/support.s
index ae5e738..3a50fac 100644 (file)
--- a/src/org/ibex/nestedvm/support.s
+++ b/src/org/ibex/nestedvm/support.s
@@ -172,3 +172,26 @@ SYSCALL_R(shutdown)
 SYSCALL_R_LONG(sendto)
 SYSCALL_R_LONG(recvfrom)
 SYSCALL_R_LONG(select)
 SYSCALL_R_LONG(sendto)
 SYSCALL_R_LONG(recvfrom)
 SYSCALL_R_LONG(select)

+SYSCALL(umask)
+SYSCALL(getuid)
+SYSCALL(geteuid)
+SYSCALL(getgid)
+SYSCALL(getegid)
+SYSCALL_R(send)
+SYSCALL_R(recv)
+SYSCALL_R(getsockname)
+SYSCALL_R(getpeername)
+SYSCALL_R(setuid)
+SYSCALL_R(seteuid)
+SYSCALL_R(setgid)
+SYSCALL_R(setegid)
+SYSCALL_R(setgroups)
+SYSCALL_R(access)
+SYSCALL_R(chown)
+SYSCALL_R(fchown)
+SYSCALL_R(chmod)
+SYSCALL_R(fchmod)
+SYSCALL(alarm)
+SYSCALL_R(getgroups)
+SYSCALL_R(setsid)
+SYSCALL_R2(__resolve_ip_r,SYS_resolve_ip)

diff --git a/src/org/ibex/nestedvm/support_aux.c b/src/org/ibex/nestedvm/support_aux.c
index 97be5d9..fcb7b31 100644 (file)
--- a/src/org/ibex/nestedvm/support_aux.c
+++ b/src/org/ibex/nestedvm/support_aux.c
@@ -20,28 +20,6 @@ int _syscall_set_errno(struct _reent *ptr, int err) {
     return -1;
 }
 
     return -1;
 }
 

-extern int _stat_r(struct _reent *, const char *, struct stat *);
-int _access_r(struct _reent *ptr, const char *pathname, int mode) {
-    struct stat statbuf;
-    if(_stat_r(ptr,pathname,&statbuf) < 0) return -1;
-    return 0;
-}
-
-/* NestedVM doesn't, and probably never will, support this security related stuff */
-uid_t getuid() { return 0; }
-gid_t getgid() { return 0; }
-uid_t geteuid() { return 0; }
-gid_t getegid() { return 0; }
-int getgroups(int gidsetlen, gid_t *gidset) {
-    if(gidsetlen) *gidset = 0;
-    return 1;
-}
-mode_t umask(mode_t new) { return 0022; }
-int _chmod_r(struct _reent *ptr, const char *f, mode_t mode) { return 0; }
-int _fchmod_r(struct _reent *ptr, int fd, mode_t mode) { return 0; }
-int _chown_r(struct _reent *ptr, const char *f, uid_t uid, gid_t gid) { return 0; }
-int _fchown_r(struct _reent *ptr, int fd, uid_t uid, gid_t gid) { return 0; }
-

 #define REENT_WRAPPER0R(f,rt) \
     extern rt _##f##_r(struct _reent *ptr); \
     rt f() { return _##f##_r(_REENT); }
 #define REENT_WRAPPER0R(f,rt) \
     extern rt _##f##_r(struct _reent *ptr); \
     rt f() { return _##f##_r(_REENT); }

@@ -114,6 +92,7 @@ REENT_WRAPPER3(setpriority,int,int,int)
 REENT_WRAPPER3(connect,int,const struct sockaddr *,socklen_t)
 REENT_WRAPPER3(socket,int,int,int)
 REENT_WRAPPER3(_resolve_hostname,const char *,char*,size_t*)
 REENT_WRAPPER3(connect,int,const struct sockaddr *,socklen_t)
 REENT_WRAPPER3(socket,int,int,int)
 REENT_WRAPPER3(_resolve_hostname,const char *,char*,size_t*)

+REENT_WRAPPER3(_resolve_ip,int,char*,size_t)

 REENT_WRAPPER3(accept,int,struct sockaddr *,socklen_t*)
 REENT_WRAPPER5(getsockopt,int,int,int,void*,socklen_t*)
 REENT_WRAPPER5(setsockopt,int,int,int,const void*,socklen_t)
 REENT_WRAPPER3(accept,int,struct sockaddr *,socklen_t*)
 REENT_WRAPPER5(getsockopt,int,int,int,void*,socklen_t*)
 REENT_WRAPPER5(setsockopt,int,int,int,const void*,socklen_t)

@@ -123,6 +102,17 @@ REENT_WRAPPER2(shutdown,int,int)
 REENT_WRAPPER6(sendto,int,const void*,size_t,int,const struct sockaddr*,socklen_t)
 REENT_WRAPPER6(recvfrom,int,void*,size_t,int,struct sockaddr*,socklen_t*)
 REENT_WRAPPER5(select,int,fd_set*,fd_set*,fd_set*,struct timeval*)
 REENT_WRAPPER6(sendto,int,const void*,size_t,int,const struct sockaddr*,socklen_t)
 REENT_WRAPPER6(recvfrom,int,void*,size_t,int,struct sockaddr*,socklen_t*)
 REENT_WRAPPER5(select,int,fd_set*,fd_set*,fd_set*,struct timeval*)

+REENT_WRAPPER4(send,int,const void*,size_t,int)
+REENT_WRAPPER4(recv,int,void*,size_t,int)
+REENT_WRAPPER2(getgroups,int,gid_t*)
+REENT_WRAPPER3(getsockname,int,struct sockaddr*,int*)
+REENT_WRAPPER3(getpeername,int,struct sockaddr*,int*)
+REENT_WRAPPER1(setuid,uid_t)
+REENT_WRAPPER1(seteuid,uid_t)
+REENT_WRAPPER1(setgid,gid_t)
+REENT_WRAPPER1(setegid,gid_t)
+REENT_WRAPPER2(setgroups,int,const gid_t *)
+REENT_WRAPPER0R(setsid,pid_t)

 
 extern int __execve_r(struct _reent *ptr, const char *path, char *const argv[], char *const envp[]);
 int _execve(const char *path, char *const argv[], char *const envp[]) {
 
 extern int __execve_r(struct _reent *ptr, const char *path, char *const argv[], char *const envp[]);
 int _execve(const char *path, char *const argv[], char *const envp[]) {

@@ -541,8 +531,8 @@ int nochdir, noclose;
             _exit(0);
        }
     
             _exit(0);
        }
     

-       /*if (setsid() == -1)
-               return (-1);*/
+       if (setsid() == -1)
+               return (-1);

     
        if (!nochdir)
                (void)chdir("/");
     
        if (!nochdir)
                (void)chdir("/");

diff --git a/src/org/ibex/nestedvm/syscalls.h b/src/org/ibex/nestedvm/syscalls.h
index b89e9b0..c346a40 100644 (file)
--- a/src/org/ibex/nestedvm/syscalls.h
+++ b/src/org/ibex/nestedvm/syscalls.h
@@ -62,3 +62,26 @@
 #define SYS_sendto 65
 #define SYS_recvfrom 66
 #define SYS_select 67
 #define SYS_sendto 65
 #define SYS_recvfrom 66
 #define SYS_select 67

+#define SYS_getuid 68
+#define SYS_getgid 69
+#define SYS_geteuid 70
+#define SYS_getegid 71
+#define SYS_getgroups 72
+#define SYS_umask 73
+#define SYS_chmod 74
+#define SYS_fchmod 75
+#define SYS_chown 76
+#define SYS_fchown 77
+#define SYS_access 78
+#define SYS_alarm 79
+#define SYS_setuid 80
+#define SYS_setgid 81
+#define SYS_send 82
+#define SYS_recv 83
+#define SYS_getsockname 84
+#define SYS_getpeername 85
+#define SYS_seteuid 86
+#define SYS_setegid 87
+#define SYS_setgroups 88
+#define SYS_resolve_ip 89
+#define SYS_setsid 90