• Josh Kunz's avatar
    Makes rp0s part of the node's secret c-space explicitly · 19b3c971
    Josh Kunz authored
    Previously, the cn_node_new would put the rp0 in the node's
    actual c-space, and the reset operation would put it in the node's
    secret c-space. Which meant that if the rp0 was fetched *after* the node
    was reset, it wouldn't function properly (since the capability would not
    be valid in the node's real principal).
    
    This commit fixes the implementation of rp0 to always put the rp0 in
    the secret c-space. This is probably a good idea to ensure that CapNet
    can always safely revoke the rp0 when the node is reset, but I believe
    the previous implementation was still safe. So now, when the node calls
    the `rp0` rpc, the node is explicitly granted its own rp0 from its secret
    principal.
    
    This commit also fixes an improper-free bug after a principal is
    cleared. When the principal is cleared its refcount would be set to zero
    (due to a cal to _obj_init) instead of keeping the same refcount it had
    before the clear operation.
    19b3c971
obj.c 87.6 KB