| sys_capability.c (c601ad8eebac3f9bc517d75ecab772aae70aeec6) | sys_capability.c (e141be6f79f0cbfa36dd284c5a2528a566d809f9) |
|---|---|
| 1/*- 2 * Copyright (c) 2008-2011 Robert N. M. Watson 3 * Copyright (c) 2010-2011 Jonathan Anderson 4 * All rights reserved. 5 * 6 * This software was developed at the University of Cambridge Computer 7 * Laboratory with support from a grant from Google, Inc. 8 * --- 204 unchanged lines hidden (view full) --- 213 */ 214static int 215cap_check(struct capability *c, cap_rights_t rights) 216{ 217 218 if ((c->cap_rights | rights) != c->cap_rights) { 219#ifdef KTRACE 220 if (KTRPOINT(curthread, KTR_CAPFAIL)) | 1/*- 2 * Copyright (c) 2008-2011 Robert N. M. Watson 3 * Copyright (c) 2010-2011 Jonathan Anderson 4 * All rights reserved. 5 * 6 * This software was developed at the University of Cambridge Computer 7 * Laboratory with support from a grant from Google, Inc. 8 * --- 204 unchanged lines hidden (view full) --- 213 */ 214static int 215cap_check(struct capability *c, cap_rights_t rights) 216{ 217 218 if ((c->cap_rights | rights) != c->cap_rights) { 219#ifdef KTRACE 220 if (KTRPOINT(curthread, KTR_CAPFAIL)) |
| 221 ktrcapfail(rights, c->cap_rights); | 221 ktrcapfail(CAPFAIL_NOTCAPABLE, rights, c->cap_rights); |
| 222#endif 223 return (ENOTCAPABLE); 224 } 225 return (0); 226} 227 228/* 229 * Extract rights from a capability for monitoring purposes -- not for use in --- 79 unchanged lines hidden (view full) --- 309 310 /* 311 * If a new capability is being derived from an existing capability, 312 * then the new capability rights must be a subset of the existing 313 * rights. 314 */ 315 if (fp->f_type == DTYPE_CAPABILITY) { 316 cp_old = fp->f_data; | 222#endif 223 return (ENOTCAPABLE); 224 } 225 return (0); 226} 227 228/* 229 * Extract rights from a capability for monitoring purposes -- not for use in --- 79 unchanged lines hidden (view full) --- 309 310 /* 311 * If a new capability is being derived from an existing capability, 312 * then the new capability rights must be a subset of the existing 313 * rights. 314 */ 315 if (fp->f_type == DTYPE_CAPABILITY) { 316 cp_old = fp->f_data; |
| 317 if ((cp_old->cap_rights | rights) != cp_old->cap_rights) | 317 if ((cp_old->cap_rights | rights) != cp_old->cap_rights) { 318#ifdef KTRACE 319 if (KTRPOINT(curthread, KTR_CAPFAIL)) 320 ktrcapfail(CAPFAIL_INCREASE, 321 rights, cp_old->cap_rights); 322#endif |
| 318 return (ENOTCAPABLE); | 323 return (ENOTCAPABLE); |
| 324 } |
|
| 319 } 320 321 /* 322 * Allocate a new file descriptor to hang the capability off of. 323 */ 324 error = falloc(td, &fcapp, capfdp, fp->f_flag); 325 if (error) 326 return (error); --- 235 unchanged lines hidden --- | 325 } 326 327 /* 328 * Allocate a new file descriptor to hang the capability off of. 329 */ 330 error = falloc(td, &fcapp, capfdp, fp->f_flag); 331 if (error) 332 return (error); --- 235 unchanged lines hidden --- |