diff options
author | Liav A <liavalb@gmail.com> | 2023-01-06 10:08:22 +0200 |
---|---|---|
committer | Ali Mohammad Pur <Ali.mpfard@gmail.com> | 2023-01-07 03:44:59 +0330 |
commit | 04221a753394cf87213551c69c7cd9a7d4a899cd (patch) | |
tree | e4f6ea1dac9f9b86502fb68eb2267e15e9a74e9e | |
parent | a03d42b098e3bd8fb1149231b449996ecad3047c (diff) | |
download | serenity-04221a753394cf87213551c69c7cd9a7d4a899cd.zip |
Kernel: Mark Process::jail() method as const
We really don't want callers of this function to accidentally change
the jail, or even worse - remove the Process from an attached jail.
To ensure this never happens, we can just declare this method as const
so nobody can mutate it this way.
-rw-r--r-- | Kernel/Devices/Device.cpp | 2 | ||||
-rw-r--r-- | Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.cpp | 2 | ||||
-rw-r--r-- | Kernel/JailManagement.cpp | 2 | ||||
-rw-r--r-- | Kernel/Process.cpp | 16 | ||||
-rw-r--r-- | Kernel/Process.h | 2 | ||||
-rw-r--r-- | Kernel/Syscalls/execve.cpp | 2 |
6 files changed, 13 insertions, 13 deletions
diff --git a/Kernel/Devices/Device.cpp b/Kernel/Devices/Device.cpp index df306c7d92..8e9cd4dd45 100644 --- a/Kernel/Devices/Device.cpp +++ b/Kernel/Devices/Device.cpp @@ -60,7 +60,7 @@ ErrorOr<NonnullOwnPtr<KString>> Device::pseudo_path(OpenFileDescription const&) ErrorOr<NonnullLockRefPtr<OpenFileDescription>> Device::open(int options) { - TRY(Process::current().jail().with([&](auto& my_jail) -> ErrorOr<void> { + TRY(Process::current().jail().with([&](auto const& my_jail) -> ErrorOr<void> { if (my_jail && !is_openable_by_jailed_processes()) return Error::from_errno(EPERM); return {}; diff --git a/Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.cpp b/Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.cpp index dbd64154f0..fc7234f6f5 100644 --- a/Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.cpp +++ b/Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.cpp @@ -52,7 +52,7 @@ ErrorOr<void> SysFSGlobalInformation::refresh_data(OpenFileDescription& descript return ENOMEM; } auto builder = TRY(KBufferBuilder::try_create()); - TRY(Process::current().jail().with([&](auto& my_jail) -> ErrorOr<void> { + TRY(Process::current().jail().with([&](auto const& my_jail) -> ErrorOr<void> { if (my_jail && !is_readable_by_jailed_processes()) return Error::from_errno(EPERM); return {}; diff --git a/Kernel/JailManagement.cpp b/Kernel/JailManagement.cpp index 3735c92f73..df927ced6d 100644 --- a/Kernel/JailManagement.cpp +++ b/Kernel/JailManagement.cpp @@ -39,7 +39,7 @@ LockRefPtr<Jail> JailManagement::find_jail_by_index(JailIndex index) ErrorOr<void> JailManagement::for_each_in_same_jail(Function<ErrorOr<void>(Jail&)> callback) { - return Process::current().jail().with([&](auto& my_jail) -> ErrorOr<void> { + return Process::current().jail().with([&](auto const& my_jail) -> ErrorOr<void> { // Note: If we are in a jail, don't reveal anything about the outside world, // not even the fact that we are in which jail... if (my_jail) diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index 6f76b0537f..29c021d668 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -67,7 +67,7 @@ ErrorOr<void> Process::for_each_in_same_jail(Function<ErrorOr<void>(Process&)> c { ErrorOr<void> result {}; Process::all_instances().with([&](auto const& list) { - Process::current().jail().with([&](auto my_jail) { + Process::current().jail().with([&](auto const& my_jail) { for (auto& process : list) { if (!my_jail) { result = callback(process); @@ -77,7 +77,7 @@ ErrorOr<void> Process::for_each_in_same_jail(Function<ErrorOr<void>(Process&)> c if (&Process::current() == &process) { result = callback(process); } else { - process.jail().with([&](auto& their_jail) { + process.jail().with([&](auto const& their_jail) { if (their_jail.ptr() == my_jail.ptr()) result = callback(process); }); @@ -96,7 +96,7 @@ ErrorOr<void> Process::for_each_child_in_same_jail(Function<ErrorOr<void>(Proces ProcessID my_pid = pid(); ErrorOr<void> result {}; Process::all_instances().with([&](auto const& list) { - jail().with([&](auto my_jail) { + jail().with([&](auto const& my_jail) { for (auto& process : list) { if (!my_jail) { if (process.ppid() == my_pid || process.has_tracee_thread(pid())) @@ -109,7 +109,7 @@ ErrorOr<void> Process::for_each_child_in_same_jail(Function<ErrorOr<void>(Proces if (&Process::current() == &process && (process.ppid() == my_pid || process.has_tracee_thread(pid()))) { result = callback(process); } else { - process.jail().with([&](auto& their_jail) { + process.jail().with([&](auto const& their_jail) { if ((their_jail.ptr() == my_jail.ptr()) && (process.ppid() == my_pid || process.has_tracee_thread(pid()))) result = callback(process); }); @@ -127,7 +127,7 @@ ErrorOr<void> Process::for_each_in_pgrp_in_same_jail(ProcessGroupID pgid, Functi { ErrorOr<void> result {}; Process::all_instances().with([&](auto const& list) { - jail().with([&](auto my_jail) { + jail().with([&](auto const& my_jail) { for (auto& process : list) { if (!my_jail) { if (!process.is_dead() && process.pgid() == pgid) @@ -138,7 +138,7 @@ ErrorOr<void> Process::for_each_in_pgrp_in_same_jail(ProcessGroupID pgid, Functi if (&Process::current() == &process && !process.is_dead() && process.pgid() == pgid) { result = callback(process); } else { - process.jail().with([&](auto& their_jail) { + process.jail().with([&](auto const& their_jail) { if ((their_jail.ptr() == my_jail.ptr()) && !process.is_dead() && process.pgid() == pgid) result = callback(process); }); @@ -485,7 +485,7 @@ void Process::crash(int signal, FlatPtr ip, bool out_of_memory) LockRefPtr<Process> Process::from_pid_in_same_jail(ProcessID pid) { - return Process::current().jail().with([&](auto& my_jail) -> LockRefPtr<Process> { + return Process::current().jail().with([&](auto const& my_jail) -> LockRefPtr<Process> { return all_instances().with([&](auto const& list) -> LockRefPtr<Process> { if (!my_jail) { for (auto& process : list) { @@ -496,7 +496,7 @@ LockRefPtr<Process> Process::from_pid_in_same_jail(ProcessID pid) } else { for (auto& process : list) { if (process.pid() == pid) { - return process.jail().with([&](auto& other_process_jail) -> LockRefPtr<Process> { + return process.jail().with([&](auto const& other_process_jail) -> LockRefPtr<Process> { if (other_process_jail.ptr() == my_jail.ptr()) return process; return {}; diff --git a/Kernel/Process.h b/Kernel/Process.h index 67f257636d..ee476ecd3f 100644 --- a/Kernel/Process.h +++ b/Kernel/Process.h @@ -238,7 +238,7 @@ public: return with_protected_data([](auto& protected_data) { return protected_data.ppid; }); } - SpinlockProtected<RefPtr<Jail>, LockRank::Process>& jail() { return m_attached_jail; } + SpinlockProtected<RefPtr<Jail>, LockRank::Process> const& jail() { return m_attached_jail; } bool is_currently_in_jail() const { diff --git a/Kernel/Syscalls/execve.cpp b/Kernel/Syscalls/execve.cpp index 43218c1134..ba78e70fd6 100644 --- a/Kernel/Syscalls/execve.cpp +++ b/Kernel/Syscalls/execve.cpp @@ -474,7 +474,7 @@ ErrorOr<void> Process::do_exec(NonnullLockRefPtr<OpenFileDescription> main_progr VERIFY(!Processor::in_critical()); auto main_program_metadata = main_program_description->metadata(); // NOTE: Don't allow running SUID binaries at all if we are in a jail. - TRY(Process::current().jail().with([&](auto& my_jail) -> ErrorOr<void> { + TRY(Process::current().jail().with([&](auto const& my_jail) -> ErrorOr<void> { if (my_jail && (main_program_metadata.is_setuid() || main_program_metadata.is_setgid())) { return Error::from_errno(EPERM); } |