Kernel: Move process pledge promises into protected data

3 files changed, 25 insertions, 18 deletions

diff --git a/Kernel/Syscalls/execve.cpp b/Kernel/Syscalls/execve.cpp
index 5aa2e8686e..ecdb12731f 100644
--- a/Kernel/Syscalls/execve.cpp
+++ b/Kernel/Syscalls/execve.cpp
@@ -536,12 +536,6 @@ KResult Process::do_exec(NonnullRefPtr<FileDescription> main_program_description
     m_arguments = arguments;
     m_environment = environment;
 
-    m_promises = m_execpromises;
-    m_has_promises = m_has_execpromises;
-
-    m_execpromises = 0;
-    m_has_execpromises = false;
-
     m_veil_state = VeilState::None;
     m_unveiled_paths.clear();
 
@@ -603,8 +597,18 @@ KResult Process::do_exec(NonnullRefPtr<FileDescription> main_program_description
     m_name = parts.take_last();
     new_main_thread->set_name(m_name);
 
-    // FIXME: PID/TID ISSUE
-    MutableProtectedData(*this)->pid = new_main_thread->tid().value();
+    {
+        MutableProtectedData protected_data { *this };
+        protected_data->promises = protected_data->execpromises;
+        protected_data->has_promises = protected_data->has_execpromises;
+
+        protected_data->execpromises = 0;
+        protected_data->has_execpromises = false;
+
+        // FIXME: PID/TID ISSUE
+        protected_data->pid = new_main_thread->tid().value();
+    }
+
     auto tsr_result = new_main_thread->make_thread_specific_region({});
     if (tsr_result.is_error()) {
         // FIXME: We cannot fail this late. Refactor this so the allocation happens before we commit to the new executable.
diff --git a/Kernel/Syscalls/fork.cpp b/Kernel/Syscalls/fork.cpp
index 26d9bd96ee..1ce770875d 100644
--- a/Kernel/Syscalls/fork.cpp
+++ b/Kernel/Syscalls/fork.cpp
@@ -41,10 +41,6 @@ KResultOr<pid_t> Process::sys$fork(RegisterState& regs)
         return ENOMEM;
     child->m_root_directory = m_root_directory;
     child->m_root_directory_relative_to_global_root = m_root_directory_relative_to_global_root;
-    child->m_promises = m_promises;
-    child->m_execpromises = m_execpromises;
-    child->m_has_promises = m_has_promises;
-    child->m_has_execpromises = m_has_execpromises;
     child->m_veil_state = m_veil_state;
     child->m_unveiled_paths = m_unveiled_paths.deep_copy();
     child->m_fds = m_fds;
@@ -54,6 +50,10 @@ KResultOr<pid_t> Process::sys$fork(RegisterState& regs)
 
     {
         MutableProtectedData child_data { *child };
+        child_data->promises = protected_data().promises;
+        child_data->execpromises = protected_data().execpromises;
+        child_data->has_promises = protected_data().has_promises;
+        child_data->has_execpromises = protected_data().has_execpromises;
         child_data->sid = this->sid();
         child_data->extra_gids = this->extra_gids();
     }
diff --git a/Kernel/Syscalls/pledge.cpp b/Kernel/Syscalls/pledge.cpp
index 2d1676ab5a..024fe17f45 100644
--- a/Kernel/Syscalls/pledge.cpp
+++ b/Kernel/Syscalls/pledge.cpp
@@ -67,24 +67,27 @@ KResultOr<int> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*> u
         return true;
     };
 
+    MutableProtectedData mutable_protected_data { *this };
+
     if (!promises.is_null()) {
         u32 new_promises = 0;
         if (!parse_pledge(promises, new_promises))
             return EINVAL;
-        if (m_promises && (!new_promises || new_promises & ~m_promises))
+        if (protected_data().promises && (!new_promises || new_promises & ~protected_data().promises))
             return EPERM;
-        m_has_promises = true;
-        m_promises = new_promises;
+
+        mutable_protected_data->has_promises = true;
+        mutable_protected_data->promises = new_promises;
     }
 
     if (!execpromises.is_null()) {
         u32 new_execpromises = 0;
         if (!parse_pledge(execpromises, new_execpromises))
             return EINVAL;
-        if (m_execpromises && (!new_execpromises || new_execpromises & ~m_execpromises))
+        if (protected_data().execpromises && (!new_execpromises || new_execpromises & ~protected_data().execpromises))
             return EPERM;
-        m_has_execpromises = true;
-        m_execpromises = new_execpromises;
+        mutable_protected_data->has_execpromises = true;
+        mutable_protected_data->execpromises = new_execpromises;
     }
 
     return 0;