Author: ion Date: Sun Jul 23 21:01:43 2006 New Revision: 23248 URL: http://svn.reactos.org/svn/reactos?rev=23248&view=rev Log: - Make use of PsChangeQuantumTable on system startup to setup the raw priority separation. - Call PspComputeQuantumAndPriority in PspCreateProcess to calculate process base priority and quantum for child threads. - Add security code to calculate process's access rights to itself, as documented in WI II. Modified: trunk/reactos/ntoskrnl/KrnlFun.c trunk/reactos/ntoskrnl/include/internal/ps.h trunk/reactos/ntoskrnl/ps/process.c trunk/reactos/ntoskrnl/ps/psmgr.c Modified: trunk/reactos/ntoskrnl/KrnlFun.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/KrnlFun.c?rev=232… ============================================================================== --- trunk/reactos/ntoskrnl/KrnlFun.c (original) +++ trunk/reactos/ntoskrnl/KrnlFun.c Sun Jul 23 21:01:43 2006 @@ -27,7 +27,7 @@ // Ps: // - Figure out why processes don't die. // - Generate process cookie for user-more thread. -// - Add security calls where necessary. +// - Add security calls where necessary for thread creation. // - Add tracing. // - Add failure/race checks for thread creation. // Modified: trunk/reactos/ntoskrnl/include/internal/ps.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/… ============================================================================== --- trunk/reactos/ntoskrnl/include/internal/ps.h (original) +++ trunk/reactos/ntoskrnl/include/internal/ps.h Sun Jul 23 21:01:43 2006 @@ -149,6 +149,13 @@ NTAPI PspGetSystemDllEntryPoints( VOID +); + +VOID +NTAPI +PsChangeQuantumTable( + IN BOOLEAN Immediate, + IN ULONG PrioritySeparation ); // @@ -343,6 +350,7 @@ extern PVOID PspSystemDllBase; extern BOOLEAN PspUseJobSchedulingClasses; extern CHAR PspJobSchedulingClasses[PSP_JOB_SCHEDULING_CLASSES]; +extern ULONG PsRawPrioritySeparation; // // Inlined Functions Modified: trunk/reactos/ntoskrnl/ps/process.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/process.c?rev=… ============================================================================== --- trunk/reactos/ntoskrnl/ps/process.c (original) +++ trunk/reactos/ntoskrnl/ps/process.c Sun Jul 23 21:01:43 2006 @@ -27,6 +27,7 @@ LARGE_INTEGER ShortPsLockDelay; +ULONG PsRawPrioritySeparation = 0; ULONG PsPrioritySeparation; CHAR PspForegroundQuantum[3]; @@ -360,7 +361,7 @@ PEPORT ExceptionPortObject; PDBGK_DEBUG_OBJECT DebugObject; PSECTION_OBJECT SectionObject; - NTSTATUS Status; + NTSTATUS Status, AccessStatus; KPROCESSOR_MODE PreviousMode; PHYSICAL_ADDRESS DirectoryTableBase; KAFFINITY Affinity; @@ -371,6 +372,10 @@ ACCESS_STATE LocalAccessState; PACCESS_STATE AccessState = &LocalAccessState; AUX_DATA AuxData; + UCHAR Quantum; + BOOLEAN Result, SdAllocated; + PSECURITY_DESCRIPTOR SecurityDescriptor; + SECURITY_SUBJECT_CONTEXT SubjectContext; PAGED_CODE(); DirectoryTableBase.QuadPart = 0; @@ -687,21 +692,74 @@ /* Cleanup on failure */ if (!NT_SUCCESS(Status)) goto Cleanup; - /* FIXME: Compute Quantum and Priority */ - - /* - * FIXME: ObGetObjectSecurity(Process, &SecurityDescriptor) - * SeAccessCheck - */ + /* Compute Quantum and Priority */ + Process->Pcb.BasePriority = PspComputeQuantumAndPriority(Process, + 0, + &Quantum); + Process->Pcb.QuantumReset = Quantum; + + /* Check if we have a parent other then the initial system process */ + if ((Parent) && (Parent != PsInitialSystemProcess)) + { + /* Get the process's SD */ + Status = ObGetObjectSecurity(Process, + &SecurityDescriptor, + &SdAllocated); + if (!NT_SUCCESS(Status)) + { + /* We failed, close the handle and clean up */ + ObCloseHandle(hProcess, PreviousMode); + goto CleanupWithRef; + } + + /* Create the subject context */ + SubjectContext.ProcessAuditId = Process; + SubjectContext.PrimaryToken = PsReferencePrimaryToken(Process); + SubjectContext.ClientToken = NULL; + + /* Do the access check */ + if (!SecurityDescriptor) DPRINT1("FIX PS SDs!!\n"); + Result = SeAccessCheck(SecurityDescriptor, + &SubjectContext, + FALSE, + MAXIMUM_ALLOWED, + 0, + NULL, + &PsProcessType->TypeInfo.GenericMapping, + PreviousMode, + &Process->GrantedAccess, + &AccessStatus); + + /* Dereference the token and let go the SD */ + ObFastDereferenceObject(&Process->Token, + SubjectContext.PrimaryToken); + ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated); + + /* Remove access if it failed */ + if (!Result) Process->GrantedAccess = 0; + + /* Give the process some basic access */ + Process->GrantedAccess |= (PROCESS_VM_OPERATION | + PROCESS_VM_READ | + PROCESS_VM_WRITE | + PROCESS_QUERY_INFORMATION | + PROCESS_TERMINATE | + PROCESS_CREATE_THREAD | + PROCESS_DUP_HANDLE | + PROCESS_CREATE_PROCESS | + PROCESS_SET_INFORMATION); + } + else + { + /* Set full granted access */ + Process->GrantedAccess = PROCESS_ALL_ACCESS; + } /* Sanity check */ ASSERT(IsListEmpty(&Process->ThreadListHead)); /* Set the Creation Time */ KeQuerySystemTime(&Process->CreateTime); - - /* Set the granted access */ - Process->GrantedAccess = PROCESS_ALL_ACCESS; /* Protect against bad user-mode pointer */ _SEH_TRY Modified: trunk/reactos/ntoskrnl/ps/psmgr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/psmgr.c?rev=23… ============================================================================== --- trunk/reactos/ntoskrnl/ps/psmgr.c (original) +++ trunk/reactos/ntoskrnl/ps/psmgr.c Sun Jul 23 21:01:43 2006 @@ -158,6 +158,9 @@ InitializeListHead(&PsActiveProcessHead); KeInitializeGuardedMutex(&PspActiveProcessMutex); + + /* Setup the quantum table */ + PsChangeQuantumTable(FALSE, PsRawPrioritySeparation); /* * Initialize the default quota block.