Kernel: Add helper function to check if a Process is in jail

Use this helper function in various places to replace the old code of
acquiring the SpinlockProtected<RefPtr<Jail>> of a Process to do that
validation.
This commit is contained in:
Liav A 2023-01-06 09:13:40 +02:00 committed by Linus Groh
parent 6b3688147f
commit d8ebcaede8
4 changed files with 15 additions and 18 deletions

View file

@ -46,12 +46,9 @@ ErrorOr<void> SysFSPowerStateSwitchNode::truncate(u64 size)
ErrorOr<size_t> SysFSPowerStateSwitchNode::write_bytes(off_t offset, size_t count, UserOrKernelBuffer const& data, OpenFileDescription*)
{
TRY(Process::current().jail().with([&](auto const& my_jail) -> ErrorOr<void> {
// Note: If we are in a jail, don't let the current process to change the power state.
if (my_jail)
return Error::from_errno(EPERM);
return {};
}));
// Note: If we are in a jail, don't let the current process to change the power state.
if (Process::current().is_currently_in_jail())
return Error::from_errno(EPERM);
if (Checked<off_t>::addition_would_overflow(offset, count))
return Error::from_errno(EOVERFLOW);
if (offset > 0)

View file

@ -23,12 +23,10 @@ ErrorOr<size_t> SysFSSystemBooleanVariable::write_bytes(off_t, size_t count, Use
char value = 0;
TRY(buffer.read(&value, 1));
TRY(Process::current().jail().with([&](auto& my_jail) -> ErrorOr<void> {
// Note: If we are in a jail, don't let the current process to change the variable.
if (my_jail)
return Error::from_errno(EPERM);
return {};
}));
// NOTE: If we are in a jail, don't let the current process to change the variable.
if (Process::current().is_currently_in_jail())
return Error::from_errno(EPERM);
if (count != 1)
return Error::from_errno(EINVAL);
if (value == '0') {

View file

@ -25,12 +25,9 @@ ErrorOr<size_t> SysFSSystemStringVariable::write_bytes(off_t, size_t count, User
auto new_value = TRY(KString::try_create_uninitialized(count, value));
TRY(buffer.read(value, count));
auto new_value_without_possible_newlines = TRY(KString::try_create(new_value->view().trim("\n"sv)));
TRY(Process::current().jail().with([&](auto& my_jail) -> ErrorOr<void> {
// Note: If we are in a jail, don't let the current process to change the variable.
if (my_jail)
return Error::from_errno(EPERM);
return {};
}));
// NOTE: If we are in a jail, don't let the current process to change the variable.
if (Process::current().is_currently_in_jail())
return Error::from_errno(EPERM);
set_value(move(new_value_without_possible_newlines));
return count;
}

View file

@ -240,6 +240,11 @@ public:
SpinlockProtected<RefPtr<Jail>, LockRank::Process>& jail() { return m_attached_jail; }
bool is_currently_in_jail() const
{
return m_attached_jail.with([&](auto& jail) -> bool { return !jail.is_null(); });
}
NonnullRefPtr<Credentials> credentials() const;
bool is_dumpable() const