//init metadata (i.e. struct client_desc) for the first child @ arbiter side void init_first_child(pid) { struct client_desc *c_new; //allocate a new struct client_desc for new thread c_new = (struct client_desc *)malloc(sizeof(struct client_desc)); memset(c_new, 0, sizeof(c_new)); //fill out client_desc for the new thread... GET_FAMILY(c_new->client_addr.unix_addr) = AF_UNIX; snprintf(GET_PATH(c_new->client_addr.unix_addr), 108, "/tmp/abt_client_%d", pid); c_new->client_addr.addr_len = sizeof(GET_FAMILY(c_new->client_addr.unix_addr)) + strlen(GET_PATH(c_new->client_addr.unix_addr)) + 1; c_new->pid = pid; //add new thread to linked list list_insert_tail(&(arbiter.client_list), (void *)c_new); }
int lchown(const char *pathname, uid_t owner, gid_t group) { static int (*real_lchown)(const char *pathname, uid_t owner, gid_t group) = NULL; const char *p; int ret; GET_PATH(lchown); if (p) { ret = real_lchown(p, owner, group); PUT_PATH(-1); } return real_lchown(pathname, owner, group); }
int lchmod(const char *pathname, mode_t mode) { static int (*real_lchmod)(const char *pathname, mode_t mode) = NULL; const char *p; int ret; GET_PATH(lchmod); if (p) { ret = real_lchmod(p, mode); PUT_PATH(-1); } return real_lchmod(pathname, mode); }
int rmdir(const char *pathname) { static int (*real_rmdir)(const char *pathname) = NULL; const char *p; int ret; GET_PATH(rmdir); if (p) { ret = real_rmdir(p); PUT_PATH(-1); } return real_rmdir(pathname); }
int mkdir(const char *pathname, mode_t mode) { static int (*real_mkdir)(const char *pathname, mode_t mode) = NULL; const char *p; int ret; GET_PATH(mkdir); if (p) { ret = real_mkdir(p, mode); PUT_PATH(-1); } return real_mkdir(pathname, mode); }
int __lxstat64(int ver, const char *pathname, struct stat64 *buf) { static int (*real___lxstat64)(int ver, const char *pathname, struct stat64 *buf) = NULL; const char *p; int ret; GET_PATH(__lxstat64); if (p) { ret = real___lxstat64(ver, p, buf); PUT_PATH(-1); } return real___lxstat64(ver, pathname, buf); }
int lstat64(const char *pathname, struct stat64 *buf) { static int (*real_lstat64)(const char *pathname, struct stat64 *buf) = NULL; const char *p; int ret; GET_PATH(lstat64); if (p) { ret = real_lstat64(p, buf); PUT_PATH(-1); } return real_lstat64(pathname, buf); }
int stat(const char *pathname, struct stat *buf) { static int (*real_stat)(const char *pathname, struct stat *buf) = NULL; const char *p; int ret; GET_PATH(stat); if (p) { ret = real_stat(p, buf); PUT_PATH(-1); } return real_stat(pathname, buf); }
int symlink(const char *oldpath, const char *pathname) { static int (*real_symlink)(const char *oldpath, const char *pathname) = NULL; const char *p; int ret; GET_PATH(symlink); if (p) { ret = real_symlink(oldpath, p); PUT_PATH(-1); } return real_symlink(oldpath, pathname); }
int open(const char *pathname, int flags, mode_t mode) { static int (*real_open)(const char *pathname, int flags, mode_t mode) = NULL; const char *p; int ret; GET_PATH(open); if (p) { ret = real_open(p, flags, mode); PUT_PATH(-1); } return real_open(pathname, flags, mode); }
FILE *freopen64(const char *pathname, const char *mode, FILE *stream) { static void * (*real_freopen64)(const char *pathname, const char *mode, FILE *stream) = NULL; const char *p; FILE *ret; GET_PATH(freopen64); if (p) { ret = real_freopen64(p, mode, stream); PUT_PATH(NULL); } return real_freopen64(pathname, mode, stream); }
int access(const char *pathname, int mode) { static int (*real_access)(const char *pathname, int mode) = NULL; const char *p; int ret; GET_PATH(access); if (p) { ret = real_access(p, mode); PUT_PATH(-1); } return real_access(pathname, mode); }
DIR *opendir(const char *pathname) { static DIR * (*real_opendir)(const char *pathname) = NULL; const char *p; DIR *ret; GET_PATH(opendir); if (p) { ret = real_opendir(p); PUT_PATH(NULL); } return real_opendir(pathname); }
FILE *fopen64(const char *pathname, const char *mode) { static FILE * (*real_fopen64)(const char *pathname, const char *mode) = NULL; const char *p; FILE *ret; GET_PATH(fopen64); if (p) { ret = real_fopen64(p, mode); PUT_PATH(NULL); } return real_fopen64(pathname, mode); }
ssize_t readlink(const char *pathname, char *buf, size_t bufsiz) { static int (*real_readlink)(const char *pathname, char *buf, size_t bufsiz) = NULL; const char *p; int ret; GET_PATH(readlink); if (p) { ret = real_readlink(p, buf, bufsiz); PUT_PATH(-1); } return real_readlink(pathname, buf, bufsiz); }
int utimes(const char *pathname, const struct timeval tv[2]) { static int (*real_utimes)(const char *pathname, const struct timeval tv[2]) = NULL; const char *p; int ret; GET_PATH(utimes); if (p) { ret = real_utimes(p, tv); PUT_PATH(-1); } return real_utimes(pathname, tv); }
int utime(const char *pathname, const struct utimbuf *buf) { static int (*real_utime)(const char *pathname, const struct utimbuf *buf) = NULL; const char *p; int ret; GET_PATH(utime); if (p) { ret = real_utime(p, buf); PUT_PATH(-1); } return real_utime(pathname, buf); }
int unlink(const char *pathname) { static int (*real_unlink)(const char *pathname) = NULL; const char *p; int ret; GET_PATH(unlink); if (p) { ret = real_unlink(p); free((void*)p); if (ret == 0) return ret; } return real_unlink(pathname); }
void *dlopen(const char *pathname, int flags) { static void * (*real_dlopen)(const char *pathname, int flags) = NULL; const char *p; void *ret; /* If the value of file is 0, dlopen() shall provide a handle on a global symbol object. */ if (pathname == NULL) return real_dlopen(pathname, flags); GET_PATH(dlopen); if (p) { ret = real_dlopen(p, flags); PUT_PATH(NULL); } return real_dlopen(pathname, flags); }
static void handle_fork_rpc(struct arbiter_thread *abt, struct client_desc *c, struct abt_request *req, struct rpc_header *hdr) { label_t L1, L2; own_t O1, O2; struct client_desc *c_new; struct abt_reply_header rply; struct abreq_fork *forkreq = (struct abreq_fork *)hdr; AB_INFO("Arbiter: Processing fork \n"); *(uint64_t *)L1 = c->label; *(uint64_t *)O1 = c->ownership; *(uint64_t *)L2 = forkreq->label; *(uint64_t *)O2 = forkreq->ownership; //label check if ( check_label(L1, O1, L2, O2) ) { rply.abt_reply_magic = ABT_RPC_MAGIC; rply.msg_len = sizeof(rply); rply.return_val = -1; //-1 indicate failure //report voilation AB_MSG("Arbiter: Security Voilation: handle_fork_rpc\n"); abt_sendreply(abt, req, &rply); return; } //allocate a new struct client_desc for new thread c_new = (struct client_desc *)malloc(sizeof(struct client_desc)); memset(c_new, 0, sizeof(c_new)); //fill out client_desc for the new thread... memcpy( &(c_new->client_addr.unix_addr), &(req->client_addr), sizeof(req->client_addr)); c_new->client_addr.addr_len = req->client_addr_len; //FIXME: to get the pid of new thread in secure way c_new->pid = forkreq->pid; c_new->label = *(uint64_t *)L2; c_new->ownership = *(uint64_t *)O2; GET_FAMILY(c_new->client_addr.unix_addr) = AF_UNIX; snprintf(GET_PATH(c_new->client_addr.unix_addr), 108, "/tmp/abt_client_%d", c_new->pid); c_new->client_addr.addr_len = sizeof(GET_FAMILY(c_new->client_addr.unix_addr)) + strlen(GET_PATH(c_new->client_addr.unix_addr)) + 1; //add new thread to linked list list_insert_tail(&(arbiter.client_list), (void *)c_new); AB_DBG("Arbiter: new thread forked: pid=%d, label=%lx, ownership=%lx\n", c_new->pid, (long int)c_new->label, (long int)c_new->ownership); //set up or update page tables for existing allocated memory malloc_update(c_new); rply.abt_reply_magic = ABT_RPC_MAGIC; rply.msg_len = sizeof(rply); rply.return_val = 0; //0 indicate success abt_sendreply(abt, req, &rply); }