service ds
{
uid 0;
- ipc ALL; # ALL ipc targets allowed
+ ipc ALL_SYS; # All system ipc targets allowed
system ALL; # ALL kernel calls allowed
vm BASIC; # Only basic VM calls allowed
io NONE; # No I/O range allowed
service sched
{
uid 0;
- ipc ALL; # ALL ipc targets allowed
+ ipc ALL_SYS; # All system ipc targets allowed
system ALL; # ALL kernel calls allowed
vm BASIC; # Only basic VM calls allowed
io NONE; # No I/O range allowed
service mfs
{
uid 0;
- ipc ALL; # ALL ipc targets allowed
+ ipc ALL_SYS; # All system ipc targets allowed
system BASIC; # Only basic kernel calls allowed
vm BASIC; # Only basic VM calls allowed
io NONE; # No I/O range allowed
service ext2
{
- ipc ALL; # ALL ipc targets allowed
+ ipc ALL_SYS; # All system ipc targets allowed
system BASIC; # Only basic kernel calls allowed
vm BASIC; # Only basic VM calls allowed
io NONE; # No I/O range allowed
service pfs
{
uid 0;
- ipc ALL; # ALL ipc targets allowed
+ ipc ALL_SYS; # All system ipc targets allowed
system BASIC; # Only basic kernel calls allowed
vm BASIC; # Only basic VM calls allowed
io NONE; # No I/O range allowed
service tty
{
uid 0;
- ipc ALL; # ALL ipc targets allowed
+ ipc ALL_SYS; # All system ipc targets allowed
system # Extra kernel calls allowed:
KILL # 06
SEGCTL # 12
service memory
{
uid 0;
- ipc ALL; # ALL ipc targets allowed
+ ipc ALL_SYS; # All system ipc targets allowed
system # Extra kernel calls allowed:
SEGCTL # 12
UMAP # 14
service log
{
uid 0;
- ipc ALL; # ALL ipc targets allowed
+ ipc ALL_SYS; # All system ipc targets allowed
system # Extra kernel calls allowed:
SEGCTL # 12
UMAP # 14
return;
}
- printf("-nr- -id- -name-- -flags- traps grants -ipc_to-- -kernel calls-\n");
+ printf("-nr- -id- -name-- -flags- traps grants -ipc_to--"
+ " -kernel calls-\n");
PROCLOOP(rp, oldrp)
r = -1;
if (r == -1 && !isemptyp(rp)) {
sp = &priv[USER_PRIV_ID];
}
- printf("(%02u) %-7.7s %s %s %7d",
+ printf("(%02u) %-7.7s %s %s %6d",
sp->s_id, rp->p_name,
s_flags_str(sp->s_flags), s_traps_str(sp->s_trap_mask),
sp->s_grant_entries);
struct rproc *rrp;
struct rprocpub *rrpub;
char *proc_name;
- int priv_id;
+ int priv_id, is_ipc_all, is_ipc_all_sys;
proc_name = rp->r_pub->proc_name;
if (!(rrp->r_flags & RS_IN_USE))
continue;
- /* If an IPC target list was provided for the process being
- * checked here, make sure that the name of the new process
+ if (!rrp->r_ipc_list[0])
+ continue;
+
+ /* If the process being checked is set to allow IPC to all
+ * other processes, or for all other system processes and the
+ * target process is a system process, add a permission bit.
+ */
+ rrpub = rrp->r_pub;
+
+ is_ipc_all = !strcmp(rrp->r_ipc_list, RSS_IPC_ALL);
+ is_ipc_all_sys = !strcmp(rrp->r_ipc_list, RSS_IPC_ALL_SYS);
+
+ if (is_ipc_all ||
+ (is_ipc_all_sys && (privp->s_flags & SYS_PROC))) {
+#if PRIV_DEBUG
+ printf(" RS: add_backward_ipc: setting sendto bit "
+ "for %d...\n", rrpub->endpoint);
+#endif
+ priv_id= rrp->r_priv.s_id;
+ set_sys_bit(privp->s_ipc_to, priv_id);
+
+ continue;
+ }
+
+ /* An IPC target list was provided for the process being
+ * checked here. Make sure that the name of the new process
* is in that process's list. There may be multiple matches.
*/
- if (rrp->r_ipc_list[0]) {
- rrpub = rrp->r_pub;
- p = rrp->r_ipc_list;
+ p = rrp->r_ipc_list;
- while ((p = get_next_name(p, name,
- rrpub->label)) != NULL) {
- if (!strcmp(proc_name, name)) {
+ while ((p = get_next_name(p, name, rrpub->label)) != NULL) {
+ if (!strcmp(proc_name, name)) {
#if PRIV_DEBUG
- printf(" RS: add_backward_ipc: setting"
- " sendto bit for %d...\n",
- rrpub->endpoint);
+ printf(" RS: add_backward_ipc: setting sendto"
+ " bit for %d...\n",
+ rrpub->endpoint);
#endif
- priv_id= rrp->r_priv.s_id;
- set_sys_bit(privp->s_ipc_to, priv_id);
- }
+ priv_id= rrp->r_priv.s_id;
+ set_sys_bit(privp->s_ipc_to, priv_id);
}
}
}