support task capability and fix a kconfig bug

Ubiquitous/XiZi_IIoT/fs/Kconfig

@@ -3,7 +3,7 @@ menu "File system"
 menuconfig FS_VFS
     bool "Using device virtual file system"
     select KERNEL_MUTEX
-    default n
+    default y   
     help
         The device file system is a light weight virtual file system.
 

Ubiquitous/XiZi_IIoT/kernel/include/xs_capability.h

@@ -32,6 +32,7 @@
 // assume the number of capability types is limited to 8*MAX_NUM_TA
 typedef enum {
     XS_CAP = 0,
+    XS_CAP_ROOT,
     XS_CAP_TASK,
     XS_CAP_MEM,
     XS_CAP_RESOURCES,
@@ -71,6 +72,12 @@ void AddTaskCapability(int32 pid, xs_capability *cap);
 // remove_task_capability is used to manipulate task capabilities
 void RemoveTaskCapability(int32 pid);
 
+// add_root_task_capability is used to manipulate task capabilities
+void AddRootTaskCapability(int32 pid);
+
+// Capability_Copy is used to deep copy capabilitie 
+void CapabilityCopy(xs_capability *cap, xs_capability *cap_copy_from);
+
 // check_task_capability is used to check if a task has a certain capability
 x_bool CheckTaskCapability(int32 pid, xs_capability_type type);
 
@@ -80,6 +87,25 @@ void SetTaskCapability(int32 pid, xs_capability_type type);
 // clear_task_capability is used to manipulate task capabilities
 void ClearTaskCapability(int32 pid, xs_capability_type type);
 
+// test
+void PrintTaskCapability();
+
+typedef struct CapsOps
+{
+    int (*CheckCap) (xs_capability *cap, xs_capability_type type);
+    void (*SetCap) (xs_capability *cap, xs_capability_type type);
+    void (*ClearCap) (xs_capability *cap, xs_capability_type type);
+    xs_capability* (*GetTaskCaps) (int32 pid);
+    void (*AddTaskCaps) (int32 pid, xs_capability *cap);
+    void (*RemoveTaskCaps) (int32 pid);
+    void (*AddRootTaskCaps) (int32 pid);
+    void (*Copy)(xs_capability *cap, xs_capability *cap_copy_from);
+    x_bool (*CheckTaskCap)(int32 pid, xs_capability_type type);
+    void (*SetTaskCap) (int32 pid, xs_capability_type type);
+    void (*ClearTaskCap) (int32 pid, xs_capability_type type);
+    void (*Print) ();
+} CapsOps;
+
 #endif /* XS_CAPABILITY_H */ 
 
 

Ubiquitous/XiZi_IIoT/kernel/thread/appstartup.c

@@ -28,6 +28,11 @@
 #ifdef APP_STARTUP_FROM_SDCARD
 #include <iot-vfs_posix.h>
 #endif
+#ifdef KERNEL_CAPABILITY
+#include <xs_capability.h>
+extern CapsOps CapsOperations;
+#endif
+
 
 extern int main(void);
 #ifdef USER_APPLICATION
@@ -76,6 +81,10 @@ void CreateMainTask(void)
 		KPrintf("main create failed ...%s %d.\n",__FUNCTION__,__LINE__);
 		return;
     }
+    #ifdef KERNEL_CAPABILITY
+        // MainTask has Root privileges
+        CapsOperations.SetTaskCap(main, XS_CAP_ROOT);
+    #endif
     
     StartupKTask(main);
 }

Ubiquitous/XiZi_IIoT/kernel/thread/capability.c

@@ -11,6 +11,21 @@ static capability_node task_capabilities={
     .next = NULL
 };
 
+CapsOps CapsOperations = {
+    CheckCapability,
+    SetCapability,
+    ClearCapability,
+    FindTaskCapability,
+    AddTaskCapability,
+    RemoveTaskCapability,
+    AddRootTaskCapability,
+    CapabilityCopy,
+    CheckTaskCapability,
+    SetTaskCapability,
+    ClearTaskCapability,
+    PrintTaskCapability,
+};
+
 // functions to manipulate capability flags
 int CheckCapability(xs_capability *cap, xs_capability_type type){
     return cap->flags[type/8] & (1 << (type%8));
@@ -37,27 +52,66 @@ xs_capability* FindTaskCapability(int32 pid){
     return NULL;
 }
 
+// test print
+void PrintTaskCapability(){
+    x_base lock = CriticalAreaLock();
+    capability_node* node = task_capabilities.next;
+    KPrintf("All cap:\n");
+    while(node){
+        KPrintf("pid : %d,  : %d \n", node->inner.pid, node->inner.cap.flags[0]);
+        node = node->next;
+    }
+    KPrintf("\n");
+    CriticalAreaUnLock(lock);
+}
+
+
 // add_task_capability and remove_task_capability are used to manipulate task capabilities
 void AddTaskCapability(int32 pid, xs_capability *cap){
+    x_base lock = CriticalAreaLock();
     capability_node* node = (capability_node*)x_malloc(sizeof(capability_node));
     node->inner.pid = pid;
     node->inner.cap = *cap;
     node->next = task_capabilities.next;
     task_capabilities.next = node;
+    CriticalAreaUnLock(lock);
 }
 
+// add_root_task_capability is used to manipulate task capabilities
+void AddRootTaskCapability(int32 pid){
+    x_base lock = CriticalAreaLock();
+    capability_node* node = (capability_node*)x_malloc(sizeof(capability_node));
+    xs_capability *cap = (xs_capability*)x_malloc(sizeof(xs_capability));
+    for(int i = 0; i < XS_CAP_MAX/8+1; i++) cap->flags[i] = 0xFF;
+    node->inner.pid = pid;
+    node->inner.cap = *cap;
+    node->next = task_capabilities.next;
+    task_capabilities.next = node;
+    CriticalAreaUnLock(lock);
+}
+
+// Capability_Copy is used to deep copy capabilitie 
+void CapabilityCopy(xs_capability *cap, xs_capability *cap_copy_from){
+    for(int i = 0; i < XS_CAP_MAX/8+1; i++){
+        cap->flags[i] = cap_copy_from->flags[i];
+    }
+} 
+
 // remove_task_capability is used to manipulate task capabilities
 void RemoveTaskCapability(int32 pid){
+    x_base lock = CriticalAreaLock();
     capability_node* node = &task_capabilities;
     while(node->next){
         if(node->next->inner.pid == pid){
             capability_node* removing = node->next;
             node->next = node->next->next;
             x_free(removing);
+            CriticalAreaUnLock(lock);
             return;
         }
         node = node->next;
     }
+    CriticalAreaUnLock(lock);
 }
 
 // check_task_capability is used to check if a task has a certain capability
@@ -71,22 +125,35 @@ x_bool CheckTaskCapability(int32 pid, xs_capability_type type){
 
 // set_task_capability and clear_task_capability are used to manipulate task capabilities
 void SetTaskCapability(int32 pid, xs_capability_type type){
-    x_base lock = CriticalAreaLock();
+    int32 current = GetKTaskDescriptor()->id.id;
-    xs_capability* cap = FindTaskCapability(pid);
+    xs_capability* cap = FindTaskCapability(current);
-    if(cap){
+    if(CheckCapability(cap, XS_CAP_ROOT)){
-        SetCapability(cap, type);
+        x_base lock = CriticalAreaLock();
+        xs_capability* cap = FindTaskCapability(pid);
+        if(cap){
+            SetCapability(cap, type);
+        }
+        CriticalAreaUnLock(lock);
+    } else {
+        KPrintf("No permission to SetTaskCapability\n");
     }
-    CriticalAreaUnLock(lock);
+
 }
 
 // clear_task_capability is used to manipulate task capabilities
 void ClearTaskCapability(int32 pid, xs_capability_type type){
-    x_base lock = CriticalAreaLock();
+    int32 current = GetKTaskDescriptor()->id.id;
-    xs_capability* cap = FindTaskCapability(pid);
+    xs_capability* cap = FindTaskCapability(current);
-    if(cap){
+    if(CheckCapability(cap, XS_CAP_ROOT) || current == pid){
-        ClearCapability(cap, type);
+        x_base lock = CriticalAreaLock();
+        xs_capability* cap = FindTaskCapability(pid);
+        if(cap){
+            ClearCapability(cap, type);
+        }
+        CriticalAreaUnLock(lock);
+    } else {
+        KPrintf("No permission to ClearTaskCapability\n");
     }
-    CriticalAreaUnLock(lock);
 }
 
 

Ubiquitous/XiZi_IIoT/kernel/thread/ktask.c

@@ -29,6 +29,10 @@
 #include <xs_isolation.h>
 #endif
 
+#ifdef KERNEL_CAPABILITY
+#include <xs_capability.h>
+extern CapsOps CapsOperations;
+#endif
 static volatile int __exstatus;
 
 extern DoubleLinklistType KTaskZombie;
@@ -51,6 +55,9 @@ DECLARE_ID_MANAGER(k_task_id_manager, ID_NUM_MAX);
 
 void KTaskIdDelete(int32 id)
 {
+    #ifdef KERNEL_CAPABILITY
+        CapsOperations.RemoveTaskCaps(id);
+    #endif
     IdRemoveObj(&k_task_id_manager, id);
 }
 
@@ -861,6 +868,20 @@ int32 KTaskCreate(const char *name,
 
     if( task->Done->init(task, name, entry, parameter, stack_depth, priority) == EOK ) {
         HOOK(hook.task.hook_TaskCreate, (task));
+        #ifdef KERNEL_CAPABILITY
+            int32 current = GetKTaskDescriptor()->id.id;
+            KPrintf("current : %d, new : %d\n", current, id);
+            if(current >= 1000){
+                // The system has just started
+                CapsOperations.AddRootTaskCaps(id);
+            }else{
+                xs_capability *cap = (xs_capability*)x_malloc(sizeof(xs_capability));
+                xs_capability* current_cap = CapsOperations.GetTaskCaps(current);
+                CapsOperations.Copy(cap, current_cap);
+                CapsOperations.ClearCap(cap, XS_CAP_ROOT);
+                CapsOperations.AddTaskCaps(id, cap);
+            }
+        #endif
         return id;
     } else {
         KPrintf("%s %d task init failed.\n",__func__,__LINE__);
@@ -911,6 +932,9 @@ x_err_t KTaskDelete(int32 id)
     task = GetTaskWithIdnodeInfo(id);
     NULL_PARAM_CHECK(task);
 
+    #ifdef KERNEL_CAPABILITY
+        CapsOperations.RemoveTaskCaps(id);
+    #endif
     return task->Done->Delete(task);
 }