From patchwork Wed Dec 12 04:16:34 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Hershberger X-Patchwork-Id: 205373 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 1238B2C0094 for ; Wed, 12 Dec 2012 15:20:19 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 24E954A1A7; Wed, 12 Dec 2012 05:20:03 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6PjkqVs8k+D; Wed, 12 Dec 2012 05:20:02 +0100 (CET) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 1A5384A212; Wed, 12 Dec 2012 05:18:27 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 382614A1C1 for ; Wed, 12 Dec 2012 05:17:37 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wjABTc9YM9lL for ; Wed, 12 Dec 2012 05:17:33 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from spamkiller06.natinst.com (mailserver6.natinst.com [130.164.80.6]) by theia.denx.de (Postfix) with ESMTP id 179C24A1A4 for ; Wed, 12 Dec 2012 05:17:23 +0100 (CET) Received: from mailserv58-us.natinst.com (nb-hsrp-1338.natinst.com [130.164.19.133]) by spamkiller06.natinst.com (8.14.5/8.14.5) with ESMTP id qBC4HHws022831; Tue, 11 Dec 2012 22:17:17 -0600 Received: from linux-xvxi.natinst.com ([130.164.14.197]) by mailserv58-us.natinst.com (Lotus Domino Release 8.5.3FP2 HF169) with ESMTP id 2012121122171735-310432 ; Tue, 11 Dec 2012 22:17:17 -0600 From: Joe Hershberger To: u-boot@lists.denx.de Date: Tue, 11 Dec 2012 22:16:34 -0600 Message-Id: <1355285797-27051-18-git-send-email-joe.hershberger@ni.com> X-Mailer: git-send-email 1.7.11.5 In-Reply-To: <1355285797-27051-1-git-send-email-joe.hershberger@ni.com> References: <1354672367-23747-1-git-send-email-joe.hershberger@ni.com> <1355285797-27051-1-git-send-email-joe.hershberger@ni.com> X-MIMETrack: Itemize by SMTP Server on MailServ58-US/AUS/H/NIC(Release 8.5.3FP2 HF169|September 14, 2012) at 12/11/2012 10:17:17 PM, Serialize by Router on MailServ58-US/AUS/H/NIC(Release 8.5.3FP2 HF169|September 14, 2012) at 12/11/2012 10:17:17 PM, Serialize complete at 12/11/2012 10:17:17 PM X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2012-12-12_01:2012-12-12, 2012-12-12, 1970-01-01 signatures=0 Cc: Tom Rini , Joe Hershberger , Gerlando Falauto Subject: [U-Boot] [PATCH v5 17/20] env: Add support for access control to .flags X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.11 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: u-boot-bounces@lists.denx.de Errors-To: u-boot-bounces@lists.denx.de Add support for read-only, write-once, and change-default. Signed-off-by: Joe Hershberger --- Changes in v5: - Fixed out-of-bounds array access in env_flags_parse_varaccess() Changes in v4: None Changes in v3: None Changes in v2: None README | 13 ++++- common/cmd_nvedit.c | 31 ++++++++-- common/env_common.c | 18 ++++++ common/env_flags.c | 159 ++++++++++++++++++++++++++++++++++++++++++++++++-- include/env_flags.h | 50 +++++++++++++++- include/environment.h | 3 + tools/env/fw_env.c | 74 +++++++++++++++++++++-- 7 files changed, 330 insertions(+), 18 deletions(-) diff --git a/README b/README index efce998..28abf89 100644 --- a/README +++ b/README @@ -3083,7 +3083,8 @@ Configuration Settings: The format of the list is: type_attribute = [s|d|x|b|i|m] - attributes = type_attribute + access_atribute = [a|r|o|c] + attributes = type_attribute[access_atribute] entry = variable_name[:attributes] list = entry[,list] @@ -3095,6 +3096,12 @@ Configuration Settings: i - IP address m - MAC address + The access attributes are: + a - Any (default) + r - Read-only + o - Write-once + c - Change-default + - CONFIG_ENV_FLAGS_LIST_DEFAULT Define this to a list (string) to define the ".flags" envirnoment variable in the default or embedded environment. @@ -3106,6 +3113,10 @@ Configuration Settings: list, simply add an entry for the same variable name to the ".flags" variable. +- CONFIG_ENV_ACCESS_IGNORE_FORCE + If defined, don't allow the -f switch to env set override variable + access flags. + The following definitions that deal with the placement and management of environment data (variable area); in general, we support the following configurations: diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c index 468b89c..e8dfbf5 100644 --- a/common/cmd_nvedit.c +++ b/common/cmd_nvedit.c @@ -447,8 +447,11 @@ int do_env_callback(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) static int print_static_flags(const char *var_name, const char *flags) { enum env_flags_vartype type = env_flags_parse_vartype(flags); + enum env_flags_varaccess access = env_flags_parse_varaccess(flags); - printf("\t%-20s %-20s\n", var_name, env_flags_get_vartype_name(type)); + printf("\t%-20s %-20s %-20s\n", var_name, + env_flags_get_vartype_name(type), + env_flags_get_varaccess_name(access)); return 0; } @@ -456,13 +459,17 @@ static int print_static_flags(const char *var_name, const char *flags) static int print_active_flags(ENTRY *entry) { enum env_flags_vartype type; + enum env_flags_varaccess access; if (entry->flags == 0) return 0; type = (enum env_flags_vartype) (entry->flags & ENV_FLAGS_VARTYPE_BIN_MASK); - printf("\t%-20s %-20s\n", entry->key, env_flags_get_vartype_name(type)); + access = env_flags_parse_varaccess_from_binflags(entry->flags); + printf("\t%-20s %-20s %-20s\n", entry->key, + env_flags_get_vartype_name(type), + env_flags_get_varaccess_name(access)); return 0; } @@ -480,17 +487,29 @@ int do_env_flags(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) env_flags_print_vartypes(); puts("\n"); + /* Print the available variable access types */ + printf("Available variable access flags (position %d):\n", + ENV_FLAGS_VARACCESS_LOC); + puts("\tFlag\tVariable Access Name\n"); + puts("\t----\t--------------------\n"); + env_flags_print_varaccess(); + puts("\n"); + /* Print the static flags that may exist */ puts("Static flags:\n"); - printf("\t%-20s %-20s\n", "Variable Name", "Variable Type"); - printf("\t%-20s %-20s\n", "-------------", "-------------"); + printf("\t%-20s %-20s %-20s\n", "Variable Name", "Variable Type", + "Variable Access"); + printf("\t%-20s %-20s %-20s\n", "-------------", "-------------", + "---------------"); env_attr_walk(ENV_FLAGS_LIST_STATIC, print_static_flags); puts("\n"); /* walk through each variable and print the flags if non-default */ puts("Active flags:\n"); - printf("\t%-20s %-20s\n", "Variable Name", "Variable Type"); - printf("\t%-20s %-20s\n", "-------------", "-------------"); + printf("\t%-20s %-20s %-20s\n", "Variable Name", "Variable Type", + "Variable Access"); + printf("\t%-20s %-20s %-20s\n", "-------------", "-------------", + "---------------"); hwalk_r(&env_htab, print_active_flags); return 0; } diff --git a/common/env_common.c b/common/env_common.c index bb18070..906b41f 100644 --- a/common/env_common.c +++ b/common/env_common.c @@ -95,6 +95,24 @@ int getenv_yesno(const char *var) 1 : 0; } +/* + * Look up the variable from the default environment + */ +char *getenv_default(const char *name) +{ + char *ret_val; + unsigned long really_valid = gd->env_valid; + unsigned long real_gd_flags = gd->flags; + + /* Pretend that the image is bad. */ + gd->flags &= ~GD_FLG_ENV_READY; + gd->env_valid = 0; + ret_val = getenv(name); + gd->env_valid = really_valid; + gd->flags = real_gd_flags; + return ret_val; +} + void set_default_env(const char *s) { int flags = 0; diff --git a/common/env_flags.c b/common/env_flags.c index 09f93d5..4caf12e 100644 --- a/common/env_flags.c +++ b/common/env_flags.c @@ -43,6 +43,17 @@ #endif static const char env_flags_vartype_rep[] = "sdxb" ENV_FLAGS_NET_VARTYPE_REPS; +static const char env_flags_varaccess_rep[] = "aroc"; +static const int env_flags_varaccess_mask[] = { + 0, + ENV_FLAGS_VARACCESS_PREVENT_DELETE | + ENV_FLAGS_VARACCESS_PREVENT_CREATE | + ENV_FLAGS_VARACCESS_PREVENT_OVERWR, + ENV_FLAGS_VARACCESS_PREVENT_DELETE | + ENV_FLAGS_VARACCESS_PREVENT_OVERWR, + ENV_FLAGS_VARACCESS_PREVENT_DELETE | + ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR}; + #ifdef CONFIG_CMD_ENV_FLAGS static const char * const env_flags_vartype_names[] = { "string", @@ -54,6 +65,12 @@ static const char * const env_flags_vartype_names[] = { "MAC address", #endif }; +static const char * const env_flags_varaccess_names[] = { + "any", + "read-only", + "write-once", + "change-default", +}; /* * Print the whole list of available type flags. @@ -70,12 +87,34 @@ void env_flags_print_vartypes(void) } /* + * Print the whole list of available access flags. + */ +void env_flags_print_varaccess(void) +{ + enum env_flags_varaccess curaccess = (enum env_flags_varaccess)0; + + while (curaccess != env_flags_varaccess_end) { + printf("\t%c -\t%s\n", env_flags_varaccess_rep[curaccess], + env_flags_varaccess_names[curaccess]); + curaccess++; + } +} + +/* * Return the name of the type. */ const char *env_flags_get_vartype_name(enum env_flags_vartype type) { return env_flags_vartype_names[type]; } + +/* + * Return the name of the access. + */ +const char *env_flags_get_varaccess_name(enum env_flags_varaccess access) +{ + return env_flags_varaccess_names[access]; +} #endif /* CONFIG_CMD_ENV_FLAGS */ /* @@ -100,6 +139,46 @@ enum env_flags_vartype env_flags_parse_vartype(const char *flags) return env_flags_vartype_string; } +/* + * Parse the flags string from a .flags attribute list into the varaccess enum. + */ +enum env_flags_varaccess env_flags_parse_varaccess(const char *flags) +{ + char *access; + + if (strlen(flags) <= ENV_FLAGS_VARACCESS_LOC) + return env_flags_varaccess_any; + + access = strchr(env_flags_varaccess_rep, + flags[ENV_FLAGS_VARACCESS_LOC]); + + if (access != NULL) + return (enum env_flags_varaccess) + (access - &env_flags_varaccess_rep[0]); + + printf("## Warning: Unknown environment variable access method '%c'\n", + flags[ENV_FLAGS_VARACCESS_LOC]); + return env_flags_varaccess_any; +} + +/* + * Parse the binary flags from a hash table entry into the varaccess enum. + */ +enum env_flags_varaccess env_flags_parse_varaccess_from_binflags(int binflags) +{ + int i; + + for (i = 0; i < sizeof(env_flags_varaccess_mask); i++) + if (env_flags_varaccess_mask[i] == + (binflags & ENV_FLAGS_VARACCESS_BIN_MASK)) + return (enum env_flags_varaccess)i; + + printf("Warning: Non-standard access flags. (0x%x)\n", + binflags & ENV_FLAGS_VARACCESS_BIN_MASK); + + return env_flags_varaccess_any; +} + static inline int is_hex_prefix(const char *value) { return value[0] == '0' && (value[1] == 'x' || value[1] == 'X'); @@ -242,6 +321,23 @@ enum env_flags_vartype env_flags_get_type(const char *name) } /* + * Look up the access of a variable directly from the .flags var. + */ +enum env_flags_varaccess env_flags_get_varaccess(const char *name) +{ + const char *flags_list = getenv(ENV_FLAGS_VAR); + char flags[ENV_FLAGS_ATTR_MAX_LEN + 1]; + + if (env_flags_lookup(flags_list, name, flags)) + return env_flags_varaccess_any; + + if (strlen(flags) <= ENV_FLAGS_VARACCESS_LOC) + return env_flags_varaccess_any; + + return env_flags_parse_varaccess(flags); +} + +/* * Validate that the proposed new value for "name" is valid according to the * defined flags for that variable, if any. */ @@ -262,6 +358,21 @@ int env_flags_validate_type(const char *name, const char *value) } /* + * Validate that the proposed access to variable "name" is valid according to + * the defined flags for that variable, if any. + */ +int env_flags_validate_varaccess(const char *name, int check_mask) +{ + enum env_flags_varaccess access; + int access_mask; + + access = env_flags_get_varaccess(name); + access_mask = env_flags_varaccess_mask[access]; + + return (check_mask & access_mask) != 0; +} + +/* * Validate the parameters to "env set" directly */ int env_flags_validate_env_set_params(int argc, char * const argv[]) @@ -292,7 +403,12 @@ int env_flags_validate_env_set_params(int argc, char * const argv[]) */ static int env_parse_flags_to_bin(const char *flags) { - return env_flags_parse_vartype(flags) & ENV_FLAGS_VARTYPE_BIN_MASK; + int binflags; + + binflags = env_flags_parse_vartype(flags) & ENV_FLAGS_VARTYPE_BIN_MASK; + binflags |= env_flags_varaccess_mask[env_flags_parse_varaccess(flags)]; + + return binflags; } /* @@ -377,13 +493,10 @@ int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, int flag) { const char *name; -#if !defined(CONFIG_ENV_OVERWRITE) && defined(CONFIG_OVERWRITE_ETHADDR_ONCE) \ -&& defined(CONFIG_ETHADDR) const char *oldval = NULL; if (op != env_op_create) oldval = item->data; -#endif name = item->key; @@ -422,6 +535,44 @@ int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, } } + /* check for access permission */ +#ifndef CONFIG_ENV_ACCESS_IGNORE_FORCE + if (flag & H_FORCE) + return 0; +#endif + switch (op) { + case env_op_delete: + if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_DELETE) { + printf("## Error: Can't delete \"%s\"\n", name); + return 1; + } + break; + case env_op_overwrite: + if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_OVERWR) { + printf("## Error: Can't overwrite \"%s\"\n", name); + return 1; + } else if (item->flags & + ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR) { + const char *defval = getenv_default(name); + + if (defval == NULL) + defval = ""; + printf("oldval: %s defval: %s\n", oldval, defval); + if (strcmp(oldval, defval) != 0) { + printf("## Error: Can't overwrite \"%s\"\n", + name); + return 1; + } + } + break; + case env_op_create: + if (item->flags & ENV_FLAGS_VARACCESS_PREVENT_CREATE) { + printf("## Error: Can't create \"%s\"\n", name); + return 1; + } + break; + } + return 0; } diff --git a/include/env_flags.h b/include/env_flags.h index 7e72523..0bdae07 100644 --- a/include/env_flags.h +++ b/include/env_flags.h @@ -36,9 +36,18 @@ enum env_flags_vartype { env_flags_vartype_end }; +enum env_flags_varaccess { + env_flags_varaccess_any, + env_flags_varaccess_readonly, + env_flags_varaccess_writeonce, + env_flags_varaccess_changedefault, + env_flags_varaccess_end +}; + #define ENV_FLAGS_VAR ".flags" #define ENV_FLAGS_ATTR_MAX_LEN 2 #define ENV_FLAGS_VARTYPE_LOC 0 +#define ENV_FLAGS_VARACCESS_LOC 1 #ifndef CONFIG_ENV_FLAGS_LIST_STATIC #define CONFIG_ENV_FLAGS_LIST_STATIC "" @@ -53,15 +62,31 @@ enum env_flags_vartype { */ void env_flags_print_vartypes(void); /* + * Print the whole list of available access flags. + */ +void env_flags_print_varaccess(void); +/* * Return the name of the type. */ const char *env_flags_get_vartype_name(enum env_flags_vartype type); +/* + * Return the name of the access. + */ +const char *env_flags_get_varaccess_name(enum env_flags_varaccess access); #endif /* * Parse the flags string from a .flags attribute list into the vartype enum. */ enum env_flags_vartype env_flags_parse_vartype(const char *flags); +/* + * Parse the flags string from a .flags attribute list into the varaccess enum. + */ +enum env_flags_varaccess env_flags_parse_varaccess(const char *flags); +/* + * Parse the binary flags from a hash table entry into the varaccess enum. + */ +enum env_flags_varaccess env_flags_parse_varaccess_from_binflags(int binflags); #ifdef USE_HOSTCC /* @@ -69,11 +94,25 @@ enum env_flags_vartype env_flags_parse_vartype(const char *flags); */ enum env_flags_vartype env_flags_get_type(const char *name); /* + * Look up the access of a variable directly from the .flags var. + */ +enum env_flags_varaccess env_flags_get_access(const char *name); +/* * Validate the newval for its type to conform with the requirements defined by * its flags (directly looked at the .flags var). */ int env_flags_validate_type(const char *name, const char *newval); /* + * Validate the newval for its access to conform with the requirements defined + * by its flags (directly looked at the .flags var). + */ +int env_flags_validate_access(const char *name, int check_mask); +/* + * Validate that the proposed access to variable "name" is valid according to + * the defined flags for that variable, if any. + */ +int env_flags_validate_varaccess(const char *name, int check_mask); +/* * Validate the parameters passed to "env set" for type compliance */ int env_flags_validate_env_set_params(int argc, char * const argv[]); @@ -94,13 +133,18 @@ void env_flags_init(ENTRY *var_entry); int env_flags_validate(const ENTRY *item, const char *newval, enum env_op op, int flag); +#endif /* USE_HOSTCC */ + /* * These are the binary flags used in the environment entry->flags variable to * decribe properties of veriables in the table */ -#define ENV_FLAGS_VARTYPE_BIN_MASK 0x00000007 +#define ENV_FLAGS_VARTYPE_BIN_MASK 0x00000007 /* The actual variable type values use the enum value (within the mask) */ - -#endif /* USE_HOSTCC */ +#define ENV_FLAGS_VARACCESS_PREVENT_DELETE 0x00000008 +#define ENV_FLAGS_VARACCESS_PREVENT_CREATE 0x00000010 +#define ENV_FLAGS_VARACCESS_PREVENT_OVERWR 0x00000020 +#define ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR 0x00000040 +#define ENV_FLAGS_VARACCESS_BIN_MASK 0x00000078 #endif /* __ENV_FLAGS_H__ */ diff --git a/include/environment.h b/include/environment.h index 00e59ba..e64b43d 100644 --- a/include/environment.h +++ b/include/environment.h @@ -181,6 +181,9 @@ unsigned char env_get_char_memory(int index); /* Function that updates CRC of the enironment */ void env_crc_update(void); +/* Look up the variable from the default environment */ +char *getenv_default(const char *name); + /* [re]set to the default environment */ void set_default_env(const char *s); diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index 5be36fc..a596a1b 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -182,6 +182,32 @@ char *fw_getenv (char *name) } /* + * Search the default environment for a variable. + * Return the value, if found, or NULL, if not found. + */ +char *fw_getdefenv(char *name) +{ + char *env, *nxt; + + for (env = default_environment; *env; env = nxt + 1) { + char *val; + + for (nxt = env; *nxt; ++nxt) { + if (nxt >= &default_environment[ENV_SIZE]) { + fprintf(stderr, "## Error: " + "default environment not terminated\n"); + return NULL; + } + } + val = envmatch(name, env); + if (!val) + continue; + return val; + } + return NULL; +} + +/* * Print the current definition of one, or more, or all * environment variables */ @@ -282,6 +308,7 @@ int fw_env_write(char *name, char *value) int len; char *env, *nxt; char *oldval = NULL; + int deleting, creating, overwriting; /* * search if variable with this name already exists @@ -299,10 +326,49 @@ int fw_env_write(char *name, char *value) break; } - /* - * Delete any existing definition - */ - if (oldval) { + deleting = (oldval && !(value && strlen(value))); + creating = (!oldval && (value && strlen(value))); + overwriting = (oldval && (value && strlen(value))); + + /* check for permission */ + if (deleting) { + if (env_flags_validate_varaccess(name, + ENV_FLAGS_VARACCESS_PREVENT_DELETE)) { + printf("Can't delete \"%s\"\n", name); + errno = EROFS; + return -1; + } + } else if (overwriting) { + if (env_flags_validate_varaccess(name, + ENV_FLAGS_VARACCESS_PREVENT_OVERWR)) { + printf("Can't overwrite \"%s\"\n", name); + errno = EROFS; + return -1; + } else if (env_flags_validate_varaccess(name, + ENV_FLAGS_VARACCESS_PREVENT_NONDEF_OVERWR)) { + const char *defval = fw_getdefenv(name); + + if (defval == NULL) + defval = ""; + if (strcmp(oldval, defval) + != 0) { + printf("Can't overwrite \"%s\"\n", name); + errno = EROFS; + return -1; + } + } + } else if (creating) { + if (env_flags_validate_varaccess(name, + ENV_FLAGS_VARACCESS_PREVENT_CREATE)) { + printf("Can't create \"%s\"\n", name); + errno = EROFS; + return -1; + } + } else + /* Nothing to do */ + return 0; + + if (deleting || overwriting) { #ifndef CONFIG_ENV_OVERWRITE /* * Ethernet Address and serial# can be set only once