Browse Source

init/sandbox: patch in <routes> support

undefined
Emery Hemingway 5 months ago
parent
commit
4b73b6c497
2 changed files with 174 additions and 2 deletions
  1. 2
    2
      packages/dhall/genode.nix
  2. 172
    0
      packages/genodelabs/sandbox.patch

+ 2
- 2
packages/dhall/genode.nix View File

@@ -8,8 +8,8 @@ dhallPackages.buildDhallPackage {
8 8
   code = let
9 9
     src = fetchgit {
10 10
       url = "https://git.sr.ht/~ehmry/dhall-genode";
11
-      rev = "270a6050714663e0edd0fc51b3b305c074661d3c";
12
-      sha256 = "Vw9hd1DP8zauvnl/fRpZfRzrCwnxtIix88r5OBFO+y4=";
11
+      rev = "8c547f017cba7780ce4334c0b4702f6c441b8819";
12
+      sha256 = "1adpyigpha9iqmpdvrz8pl9sbgc65vdm9h37khm13w2kixwlkqq4";
13 13
     };
14 14
   in src + "/package.dhall";
15 15
 

+ 172
- 0
packages/genodelabs/sandbox.patch View File

@@ -54,3 +54,175 @@ index 5361665eac..fa09cca31a 100644
54 54
  				if (target.has_type("parent")) {
55 55
  
56 56
  					try {
57
+commit ce74d9bb7740f14b362e72adcf8ac42e36693468
58
+Author: Emery Hemingway <ehmry@posteo.net>
59
+Date:   Sat Apr 25 17:10:03 2020 +0530
60
+
61
+    init/sandbox: <routes> support
62
+    
63
+    Apply routing rules to a child from a <routes> node at the top-level of
64
+    a sandbox config, unless the corresponding start node has as <route>
65
+    node. If neither are present routes are taken from <default-route> as a
66
+    fallback.
67
+    
68
+    Unlike the <route> and <default-route> the <routes> rules are checked by
69
+    labels prefixed by child name, so <routes> may contain child-specific
70
+    rules.
71
+
72
+diff --git a/repos/os/src/lib/sandbox/child.cc b/repos/os/src/lib/sandbox/child.cc
73
+index fa09cca31a..85389474ef 100644
74
+--- a/repos/os/src/lib/sandbox/child.cc
75
++++ b/repos/os/src/lib/sandbox/child.cc
76
+@@ -523,16 +523,21 @@ Sandbox::Child::resolve_session_request(Service::Name const &service_name,
77
+ 
78
+ 	try {
79
+ 		Xml_node route_node = _default_route_accessor.default_route();
80
++		route_node = _routes_accessor.routes(route_node);
81
+ 		try {
82
+ 			route_node = _start_node->xml().sub_node("route"); }
83
+ 		catch (...) { }
84
++
85
+ 		Xml_node service_node = route_node.sub_node();
86
+ 
87
++		/* <routes> is processed with the "«child» -> " prefix */
88
++		bool skip_prefix = route_node.type() != "routes";
89
++
90
+ 		for (; ; service_node = service_node.next()) {
91
+ 
92
+ 			bool service_wildcard = service_node.has_type("any-service");
93
+ 
94
+-			if (!service_node_matches(service_node, label, name(), service_name))
95
++			if (!service_node_matches(service_node, label, name(), service_name, skip_prefix))
96
+ 				continue;
97
+ 
98
+ 			Xml_node target = service_node.sub_node();
99
+@@ -736,6 +741,7 @@ Sandbox::Child::Child(Env                      &env,
100
+                       Report_update_trigger    &report_update_trigger,
101
+                       Xml_node                  start_node,
102
+                       Default_route_accessor   &default_route_accessor,
103
++                      Routes_accessor          &routes_accessor,
104
+                       Default_caps_accessor    &default_caps_accessor,
105
+                       Name_registry            &name_registry,
106
+                       Ram_quota                 ram_limit,
107
+@@ -753,6 +759,7 @@ Sandbox::Child::Child(Env                      &env,
108
+ 	_list_element(this),
109
+ 	_start_node(_alloc, start_node),
110
+ 	_default_route_accessor(default_route_accessor),
111
++	_routes_accessor(routes_accessor),
112
+ 	_default_caps_accessor(default_caps_accessor),
113
+ 	_ram_limit_accessor(ram_limit_accessor),
114
+ 	_cap_limit_accessor(cap_limit_accessor),
115
+diff --git a/repos/os/src/lib/sandbox/child.h b/repos/os/src/lib/sandbox/child.h
116
+index 4dd2803417..8e84e9bf75 100644
117
+--- a/repos/os/src/lib/sandbox/child.h
118
++++ b/repos/os/src/lib/sandbox/child.h
119
+@@ -52,6 +52,14 @@ class Sandbox::Child : Child_policy, Routed_service::Wakeup
120
+ 		struct Default_route_accessor : Interface { virtual Xml_node default_route() = 0; };
121
+ 		struct Default_caps_accessor  : Interface { virtual Cap_quota default_caps() = 0; };
122
+ 
123
++		struct Routes_accessor : Interface
124
++		{
125
++			virtual Xml_node routes(Xml_node _default)
126
++			{
127
++				return _default;
128
++			}
129
++		};
130
++
131
+ 		template <typename QUOTA>
132
+ 		struct Resource_limit_accessor : Interface
133
+ 		{
134
+@@ -98,6 +106,7 @@ class Sandbox::Child : Child_policy, Routed_service::Wakeup
135
+ 		bool const _use_ld = _start_node->xml().attribute_value("ld", true);
136
+ 
137
+ 		Default_route_accessor &_default_route_accessor;
138
++		Routes_accessor        &_routes_accessor;
139
+ 		Default_caps_accessor  &_default_caps_accessor;
140
+ 		Ram_limit_accessor     &_ram_limit_accessor;
141
+ 		Cap_limit_accessor     &_cap_limit_accessor;
142
+@@ -475,6 +484,7 @@ class Sandbox::Child : Child_policy, Routed_service::Wakeup
143
+ 		      Report_update_trigger    &report_update_trigger,
144
+ 		      Xml_node                  start_node,
145
+ 		      Default_route_accessor   &default_route_accessor,
146
++		      Routes_accessor          &route_accessor,
147
+ 		      Default_caps_accessor    &default_caps_accessor,
148
+ 		      Name_registry            &name_registry,
149
+ 		      Ram_quota                 ram_limit,
150
+diff --git a/repos/os/src/lib/sandbox/library.cc b/repos/os/src/lib/sandbox/library.cc
151
+index 28b60c491f..30d0f2dfc1 100644
152
+--- a/repos/os/src/lib/sandbox/library.cc
153
++++ b/repos/os/src/lib/sandbox/library.cc
154
+@@ -23,6 +23,7 @@
155
+ 
156
+ struct Genode::Sandbox::Library : ::Sandbox::State_reporter::Producer,
157
+                                   ::Sandbox::Child::Default_route_accessor,
158
++                                  ::Sandbox::Child::Routes_accessor,
159
+                                   ::Sandbox::Child::Default_caps_accessor,
160
+                                   ::Sandbox::Child::Ram_limit_accessor,
161
+                                   ::Sandbox::Child::Cap_limit_accessor
162
+@@ -52,6 +53,8 @@ struct Genode::Sandbox::Library : ::Sandbox::State_reporter::Producer,
163
+ 
164
+ 	Constructible<Buffered_xml> _default_route { };
165
+ 
166
++	Constructible<Buffered_xml> _routes { };
167
++
168
+ 	Cap_quota _default_caps { 0 };
169
+ 
170
+ 	unsigned _child_cnt = 0;
171
+@@ -140,6 +143,12 @@ struct Genode::Sandbox::Library : ::Sandbox::State_reporter::Producer,
172
+ 		                                    : Xml_node("<empty/>");
173
+ 	}
174
+ 
175
++	/**
176
++	 * Routes_accessor interface
177
++	 */
178
++	Xml_node routes(Xml_node _default) override {
179
++		return _routes.constructed() ? _routes->xml() : _default; }
180
++
181
+ 	/**
182
+ 	 * Default_caps_accessor interface
183
+ 	 */
184
+@@ -314,6 +323,9 @@ void Genode::Sandbox::Library::apply_config(Xml_node const &config)
185
+ 		_default_route.construct(_heap, config.sub_node("default-route")); }
186
+ 	catch (...) { }
187
+ 
188
++	try { _routes.construct(_heap, config.sub_node("routes")); }
189
++	catch (...) { }
190
++
191
+ 	_default_caps = Cap_quota { 0 };
192
+ 	try {
193
+ 		_default_caps = Cap_quota { config.sub_node("default")
194
+@@ -404,7 +416,7 @@ void Genode::Sandbox::Library::apply_config(Xml_node const &config)
195
+ 				Child &child = *new (_heap)
196
+ 					Child(_env, _heap, *_verbose,
197
+ 					      Child::Id { ++_child_cnt }, _state_reporter,
198
+-					      start_node, *this, *this, _children,
199
++					      start_node, *this, *this, *this, _children,
200
+ 					      Ram_quota { avail_ram.value  - used_ram.value },
201
+ 					      Cap_quota { avail_caps.value - used_caps.value },
202
+ 					       *this, *this, prio_levels, affinity_space,
203
+diff --git a/repos/os/src/lib/sandbox/utils.h b/repos/os/src/lib/sandbox/utils.h
204
+index 7afcaebf00..36aab737f2 100644
205
+--- a/repos/os/src/lib/sandbox/utils.h
206
++++ b/repos/os/src/lib/sandbox/utils.h
207
+@@ -59,7 +59,8 @@ namespace Sandbox {
208
+ 	inline bool service_node_matches(Xml_node           const  service_node,
209
+ 	                                 Session_label      const &label,
210
+ 	                                 Child_policy::Name const &child_name,
211
+-	                                 Service::Name      const &service_name)
212
++	                                 Service::Name      const &service_name,
213
++	                                 bool               skip_child_prefix = true)
214
+ 	{
215
+ 		bool const service_matches =
216
+ 			service_node.has_type("any-service") ||
217
+@@ -98,8 +99,9 @@ namespace Sandbox {
218
+ 		if (!route_depends_on_child_provided_label)
219
+ 			return true;
220
+ 
221
+-		char const * const scoped_label = skip_label_prefix(
222
+-			child_name.string(), label.string());
223
++		char const * const scoped_label = skip_child_prefix
224
++			? skip_label_prefix(child_name.string(), label.string())
225
++			: label.string();
226
+ 
227
+ 		if (!scoped_label)
228
+ 			return false;

Loading…
Cancel
Save