mirror of
https://github.com/AmbiML/sparrow-kata-full.git
synced 2025-06-23 21:07:17 +00:00
kata-security-interface: guard against sending a random cap
- assert kata_security_install is really sending a CNode - have kata_security_request clear any unexpected capability associated with the ipcbuffer; this mostly guards against a received badge being treated as a cap if the ipcbuffer is turned around from recv to send Change-Id: I8ac6634809aa11f0f249a7be296b43807d56dff8 GitOrigin-RevId: 21930c5f7a5e809460348da0d0b617004e77e065
This commit is contained in:
Sam Leffler
parent
a36368cf63
commit
d25dffb3dd
@ -22,9 +22,9 @@ extern crate alloc;
|
|||||||
use alloc::boxed::Box;
|
use alloc::boxed::Box;
|
||||||
use alloc::string::String;
|
use alloc::string::String;
|
||||||
use kata_memory_interface::ObjDescBundle;
|
use kata_memory_interface::ObjDescBundle;
|
||||||
|
use kata_security_interface::KeyValueData;
|
||||||
use kata_security_interface::SecurityCoordinatorInterface;
|
use kata_security_interface::SecurityCoordinatorInterface;
|
||||||
use kata_security_interface::SecurityRequestError;
|
use kata_security_interface::SecurityRequestError;
|
||||||
use kata_security_interface::KeyValueData;
|
|
||||||
|
|
||||||
#[cfg(all(feature = "fake", feature = "sel4"))]
|
#[cfg(all(feature = "fake", feature = "sel4"))]
|
||||||
compile_error!("features \"fake\" and \"sel4\" are mutually exclusive");
|
compile_error!("features \"fake\" and \"sel4\" are mutually exclusive");
|
||||||
|
|||||||
@ -305,6 +305,11 @@ pub fn kata_security_request<T: Serialize + SecurityCapability>(
|
|||||||
reply_buffer as *mut _,
|
reply_buffer as *mut _,
|
||||||
)
|
)
|
||||||
} else {
|
} else {
|
||||||
|
// NB: guard against a received badge being treated as an
|
||||||
|
// outbound capability. This is needed because the code CAmkES
|
||||||
|
// generates for security_request always enables possible xmit
|
||||||
|
// of 1 capability.
|
||||||
|
Camkes::clear_request_cap();
|
||||||
security_request(
|
security_request(
|
||||||
request,
|
request,
|
||||||
request_buffer.len() as u32,
|
request_buffer.len() as u32,
|
||||||
@ -335,6 +340,10 @@ pub fn kata_security_echo(request: &str) -> Result<String, SecurityRequestError>
|
|||||||
#[inline]
|
#[inline]
|
||||||
#[allow(dead_code)]
|
#[allow(dead_code)]
|
||||||
pub fn kata_security_install(pkg_contents: &ObjDescBundle) -> Result<String, SecurityRequestError> {
|
pub fn kata_security_install(pkg_contents: &ObjDescBundle) -> Result<String, SecurityRequestError> {
|
||||||
|
Camkes::debug_assert_slot_cnode(
|
||||||
|
"kata_security_install",
|
||||||
|
&Camkes::top_level_path(pkg_contents.cnode),
|
||||||
|
);
|
||||||
let reply = &mut [0u8; SECURITY_REPLY_DATA_SIZE];
|
let reply = &mut [0u8; SECURITY_REPLY_DATA_SIZE];
|
||||||
kata_security_request(
|
kata_security_request(
|
||||||
SecurityRequest::SrInstall,
|
SecurityRequest::SrInstall,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user