1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 |
- /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
- /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
- #include <linux/unistd.h>
- #include <sys/wait.h>
- #include <sys/stat.h>
- #include <sys/socket.h>
- #include <stdint.h>
- #include <stdbool.h>
- #include <asm-errno.h>
- #include "utils.h"
- #include "pal_security.h"
- #include "graphene.h"
- extern unsigned long pal_addr;
- bool do_fork = false;
- bool do_trace = false;
- extern struct pal_sec_info * pal_sec_info_addr;
- extern struct config_store root_config;
- int ioctl_set_graphene (struct config_store * config, int ndefault,
- const struct graphene_user_policy * default_policies);
- int init_child (int argc, const char ** argv, const char ** envp)
- {
- const char * pipe_prefix = pal_sec_info_addr->pipe_prefix;
- char pipe_root[sizeof(GRAPHENE_PIPEDIR) + 20];
- snprintf(pipe_root, sizeof(GRAPHENE_PIPEDIR) + 20, GRAPHENE_PIPEDIR "/%08x",
- pal_sec_info_addr->domain_id);
- struct graphene_net_policy mcast_rules[2];
- memset(mcast_rules, 0, sizeof(struct graphene_net_policy) * 2);
- mcast_rules[0].family = AF_INET;
- mcast_rules[0].local.port_begin = pal_sec_info_addr->mcast_port;
- mcast_rules[0].local.port_end = pal_sec_info_addr->mcast_port;
- mcast_rules[0].peer.port_begin = 0;
- mcast_rules[0].peer.port_end = 65535;
- mcast_rules[1].family = AF_INET;
- mcast_rules[1].local.port_begin = 0;
- mcast_rules[1].local.port_end = 65535;
- inet_pton(AF_INET, MCAST_GROUP, &mcast_rules[1].peer.addr);
- mcast_rules[1].peer.port_begin = pal_sec_info_addr->mcast_port;
- mcast_rules[1].peer.port_end = pal_sec_info_addr->mcast_port;
- const struct graphene_user_policy default_policies[] = {
- { .type = GRAPHENE_LIB_NAME, .value = PAL_LOADER, },
- { .type = GRAPHENE_LIB_ADDR, .value = (void *) pal_addr, },
- { .type = GRAPHENE_UNIX_ROOT, .value = pipe_root, },
- { .type = GRAPHENE_UNIX_PREFIX, .value = pipe_prefix, },
- { .type = GRAPHENE_NET_RULE, .value = &mcast_rules[0], },
- { .type = GRAPHENE_NET_RULE, .value = &mcast_rules[1], },
- };
- return ioctl_set_graphene(&root_config, 6, default_policies);
- }
- int run_parent (pid_t child, int argc, const char ** argv, const char * envp)
- {
- return 0;
- }
|