Kernel: Allow opening some device nodes sparingly for jailed processes

From now on, we don't allow jailed processes to open all device nodes in
/dev, but only allow jailed processes to open /dev/full, /dev/zero,
/dev/null, and various TTY and PTY devices (and not including virtual
consoles) so we basically restrict applications to what they can do when
they are in jail.
The motivation for this type of restriction is to ensure that even if a
remote code execution occurred, the damage that can be done is very
small.
We also don't restrict reading and writing on device nodes that were
already opened, because that limit seems not useful, especially in the
case where we do want to provide an OpenFileDescription to such device
but nothing further than that.

1 files changed, 3 insertions, 0 deletions

diff --git a/Kernel/Devices/ZeroDevice.h b/Kernel/Devices/ZeroDevice.h
index 77c9f08e57..c539d4f048 100644
--- a/Kernel/Devices/ZeroDevice.h
+++ b/Kernel/Devices/ZeroDevice.h
@@ -20,6 +20,9 @@ public:
 private:
     ZeroDevice();
 
+    // ^Device
+    virtual bool is_openable_by_jailed_processes() const override { return true; }
+
     // ^CharacterDevice
     virtual ErrorOr<size_t> read(OpenFileDescription&, u64, UserOrKernelBuffer&, size_t) override;
     virtual ErrorOr<size_t> write(OpenFileDescription&, u64, UserOrKernelBuffer const&, size_t) override;