Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 328ca4af9b
Branches Tags
graphene
/
Pal
/
src
/
security
/
Linux
/
wrapper.c

wrapper.c 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
    2. 

  2. /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
    3. 

  3. 

  4. #include <linux/unistd.h>
    5. 

  5. #include <sys/wait.h>
    6. 

  6. #include <sys/stat.h>
    7. 

  7. #include <sys/socket.h>
    8. 

  8. #include <stdint.h>
    9. 

  9. #include <stdbool.h>
    10. 

  10. #include <asm-errno.h>
    11. 

  11. 

  12. #include "utils.h"
    13. 

  13. #include "pal_security.h"
    14. 

  14. #include "graphene.h"
    15. 

  15. 

  16. extern unsigned long pal_addr;
    17. 

  17. 

  18. bool do_fork  = false;
    19. 

  19. bool do_trace = false;
    20. 

  20. 

  21. extern struct pal_sec_info * pal_sec_info_addr;
    22. 

  22. extern struct config_store root_config;
    23. 

  23. 

  24. int ioctl_set_graphene (struct config_store * config, int ndefault,
    25. 

  25.                         const struct graphene_user_policy * default_policies);
    26. 

  26. 

  27. int init_child (int argc, const char ** argv, const char ** envp)
    28. 

  28. {
    29. 

  29.     const char * pipe_prefix = pal_sec_info_addr->pipe_prefix;
    30. 

  30.     char pipe_root[sizeof(GRAPHENE_PIPEDIR) + 20];
    31. 

  31.     snprintf(pipe_root, sizeof(GRAPHENE_PIPEDIR) + 20, GRAPHENE_PIPEDIR "/%08x",
    32. 

  32.              pal_sec_info_addr->domain_id);
    33. 

  33. 

  34.     struct graphene_net_policy mcast_rules[2];
    35. 

  35.     memset(mcast_rules, 0, sizeof(struct graphene_net_policy) * 2);
    36. 

  36. 

  37.     mcast_rules[0].family = AF_INET;
    38. 

  38.     mcast_rules[0].local.port_begin = pal_sec_info_addr->mcast_port;
    39. 

  39.     mcast_rules[0].local.port_end = pal_sec_info_addr->mcast_port;
    40. 

  40.     mcast_rules[0].peer.port_begin = 0;
    41. 

  41.     mcast_rules[0].peer.port_end = 65535;
    42. 

  42. 

  43.     mcast_rules[1].family = AF_INET;
    44. 

  44.     mcast_rules[1].local.port_begin = 0;
    45. 

  45.     mcast_rules[1].local.port_end = 65535;
    46. 

  46.     inet_pton(AF_INET, MCAST_GROUP, &mcast_rules[1].peer.addr);
    47. 

  47.     mcast_rules[1].peer.port_begin = pal_sec_info_addr->mcast_port;
    48. 

  48.     mcast_rules[1].peer.port_end = pal_sec_info_addr->mcast_port;
    49. 

  49. 

  50.     const struct graphene_user_policy default_policies[] = {
    51. 

  51.         { .type = GRAPHENE_LIB_NAME,     .value = PAL_LOADER, },
    52. 

  52.         { .type = GRAPHENE_LIB_ADDR,     .value = (void *) pal_addr, },
    53. 

  53.         { .type = GRAPHENE_UNIX_ROOT,    .value = pipe_root, },
    54. 

  54.         { .type = GRAPHENE_UNIX_PREFIX,  .value = pipe_prefix, },
    55. 

  55.         { .type = GRAPHENE_NET_RULE,     .value = &mcast_rules[0], },
    56. 

  56.         { .type = GRAPHENE_NET_RULE,     .value = &mcast_rules[1], },
    57. 

  57.     };
    58. 

  58. 

  59.     return ioctl_set_graphene(&root_config, 6, default_policies);
    60. 

  60. }
    61. 

  61. 

  62. int run_parent (pid_t child, int argc, const char ** argv, const char * envp)
    63. 

  63. {
    64. 

  64.     return 0;
    65. 

  65. }
    66.