X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/2d21ac55c334faf3a56e5634905ed6987fc787d4..c6bf4f310a33a9262d455ea4d3f0630b1255e3fe:/bsd/kern/sysv_ipc.c

diff --git a/bsd/kern/sysv_ipc.c b/bsd/kern/sysv_ipc.c
index 95c23d418..926ce9f7e 100644
--- a/bsd/kern/sysv_ipc.c
+++ b/bsd/kern/sysv_ipc.c
@@ -2,7 +2,7 @@
  * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
@@ -11,10 +11,10 @@
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -22,7 +22,7 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*	$NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $	*/
@@ -60,46 +60,104 @@
 
 #include <sys/param.h>
 #include <sys/ipc.h>
+#include <sys/stat.h>   /* mode constants */
 #include <sys/ucred.h>
 #include <sys/kauth.h>
 
 
 /*
  * Check for ipc permission
- *
- * XXX: Should pass proc argument so that we can pass 
- * XXX: proc->p_acflag to suser()
  */
 
+
 /*
+ * ipc_perm
+ *
+ *	perm->mode			mode of the object
+ *	mode				mode bits we want to test
+ *
  * Returns:	0			Success
  *		EPERM
  *		EACCES
+ *
+ * Notes:	The IPC_M bit is special, in that it may only be granted to
+ *		root, the creating user, or the owning user.
+ *
+ *		This code does not use posix_cred_access() because of the
+ *		need to check both creator and owner separately when we are
+ *		considering a rights grant.  Because of this, we need to do
+ *		two evaluations when the values are inequal, which can lead
+ *		us to defeat the callout avoidance optimization.  So we do
+ *		the work here, inline.  This is less than optimal for any
+ *		future work involving opacity of of POSIX credentials.
+ *
+ *		Setting up the mode_owner / mode_group / mode_world implicitly
+ *		masks the IPC_M bit off.  This is intentional.
+ *
+ *		See the posix_cred_access() implementation for algorithm
+ *		information.
  */
 int
-ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode)
+ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode_req)
 {
+	uid_t   uid = kauth_cred_getuid(cred);  /* avoid multiple calls */
+	int     want_mod_controlinfo = (mode_req & IPC_M);
+	int     is_member;
+	mode_t  mode_owner = (perm->mode & S_IRWXU);
+	mode_t  mode_group = (perm->mode & S_IRWXG) << 3;
+	mode_t  mode_world = (perm->mode & S_IRWXO) << 6;
 
-	if (!suser(cred, (u_short *)NULL))
-		return (0);
+	/* Grant all rights to super user */
+	if (!suser(cred, (u_short *)NULL)) {
+		return 0;
+	}
 
-	/* Check for user match. */
-	if (kauth_cred_getuid(cred) != perm->cuid && kauth_cred_getuid(cred) != perm->uid) {
-		int is_member;
+	/* Grant or deny rights based on ownership */
+	if (uid == perm->cuid || uid == perm->uid) {
+		if (want_mod_controlinfo) {
+			return 0;
+		}
 
-		if (mode & IPC_M)
-			return (EPERM);
-		/* Check for group match. */
-		mode >>= 3;
-		if ((kauth_cred_ismember_gid(cred, perm->gid, &is_member) || !is_member) &&
-		    (kauth_cred_ismember_gid(cred, perm->cgid, &is_member) || !is_member)) {
-			/* Check for `other' match. */
-			mode >>= 3;
-	}
+		return (mode_req & mode_owner) == mode_req ? 0 : EACCES;
+	} else {
+		/* everyone else who wants to modify control info is denied */
+		if (want_mod_controlinfo) {
+			return EPERM;
+		}
 	}
 
-	if (mode & IPC_M)
-		return (0);
-
-	return ((mode & perm->mode) == mode ? 0 : EACCES);
+	/*
+	 * Combined group and world rights check, if no owner rights; positive
+	 * asssertion of gid/cgid equality avoids an extra callout in the
+	 * common case.
+	 */
+	if ((mode_req & mode_group & mode_world) == mode_req) {
+		return 0;
+	} else {
+		if ((mode_req & mode_group) != mode_req) {
+			if ((!kauth_cred_ismember_gid(cred, perm->gid, &is_member) && is_member) &&
+			    ((perm->gid == perm->cgid) ||
+			    (!kauth_cred_ismember_gid(cred, perm->cgid, &is_member) && is_member))) {
+				return EACCES;
+			} else {
+				if ((mode_req & mode_world) != mode_req) {
+					return EACCES;
+				} else {
+					return 0;
+				}
+			}
+		} else {
+			if ((!kauth_cred_ismember_gid(cred, perm->gid, &is_member) && is_member) ||
+			    ((perm->gid != perm->cgid) &&
+			    (!kauth_cred_ismember_gid(cred, perm->cgid, &is_member) && is_member))) {
+				return 0;
+			} else {
+				if ((mode_req & mode_world) != mode_req) {
+					return EACCES;
+				} else {
+					return 0;
+				}
+			}
+		}
+	}
 }