summaryrefslogtreecommitdiff
path: root/Userland
diff options
context:
space:
mode:
Diffstat (limited to 'Userland')
-rw-r--r--Userland/Libraries/LibC/unistd.cpp2
-rw-r--r--Userland/Libraries/LibCore/System.cpp16
-rw-r--r--Userland/Libraries/LibCore/System.h1
3 files changed, 19 insertions, 0 deletions
diff --git a/Userland/Libraries/LibC/unistd.cpp b/Userland/Libraries/LibC/unistd.cpp
index d866e15165..b48dadec11 100644
--- a/Userland/Libraries/LibC/unistd.cpp
+++ b/Userland/Libraries/LibC/unistd.cpp
@@ -8,6 +8,7 @@
#include <AK/ScopedValueRollback.h>
#include <AK/String.h>
#include <AK/Vector.h>
+#include <Kernel/API/Unveil.h>
#include <LibCore/File.h>
#include <alloca.h>
#include <assert.h>
@@ -965,6 +966,7 @@ int pledge(char const* promises, char const* execpromises)
int unveil(char const* path, char const* permissions)
{
Syscall::SC_unveil_params params {
+ static_cast<int>(UnveilFlags::CurrentProgram),
{ path, path ? strlen(path) : 0 },
{ permissions, permissions ? strlen(permissions) : 0 }
};
diff --git a/Userland/Libraries/LibCore/System.cpp b/Userland/Libraries/LibCore/System.cpp
index 39602c5846..3c1ab3264b 100644
--- a/Userland/Libraries/LibCore/System.cpp
+++ b/Userland/Libraries/LibCore/System.cpp
@@ -25,6 +25,7 @@
#include <unistd.h>
#ifdef AK_OS_SERENITY
+# include <Kernel/API/Unveil.h>
# include <LibCore/Account.h>
# include <LibSystem/syscall.h>
# include <serenity.h>
@@ -91,6 +92,7 @@ static ErrorOr<void> unveil_dynamic_loader()
constexpr auto dynamic_loader_permissions = "x"sv;
Syscall::SC_unveil_params params {
+ static_cast<int>(UnveilFlags::CurrentProgram),
{ dynamic_loader_path.characters_without_null_termination(), dynamic_loader_path.length() },
{ dynamic_loader_permissions.characters_without_null_termination(), dynamic_loader_permissions.length() },
};
@@ -110,6 +112,20 @@ ErrorOr<void> unveil(StringView path, StringView permissions)
TRY(unveil_dynamic_loader());
Syscall::SC_unveil_params params {
+ static_cast<int>(UnveilFlags::CurrentProgram),
+ { parsed_path.characters(), parsed_path.length() },
+ { permissions.characters_without_null_termination(), permissions.length() },
+ };
+ int rc = syscall(SC_unveil, &params);
+ HANDLE_SYSCALL_RETURN_VALUE("unveil", rc, {});
+}
+
+ErrorOr<void> unveil_after_exec(StringView path, StringView permissions)
+{
+ auto const parsed_path = TRY(Core::SessionManagement::parse_path_with_sid(path));
+
+ Syscall::SC_unveil_params params {
+ static_cast<int>(UnveilFlags::AfterExec),
{ parsed_path.characters(), parsed_path.length() },
{ permissions.characters_without_null_termination(), permissions.length() },
};
diff --git a/Userland/Libraries/LibCore/System.h b/Userland/Libraries/LibCore/System.h
index 0a47c4ead7..e0f49b0982 100644
--- a/Userland/Libraries/LibCore/System.h
+++ b/Userland/Libraries/LibCore/System.h
@@ -36,6 +36,7 @@ namespace Core::System {
ErrorOr<void> beep();
ErrorOr<void> pledge(StringView promises, StringView execpromises = {});
ErrorOr<void> unveil(StringView path, StringView permissions);
+ErrorOr<void> unveil_after_exec(StringView path, StringView permissions);
ErrorOr<void> sendfd(int sockfd, int fd);
ErrorOr<int> recvfd(int sockfd, int options);
ErrorOr<void> ptrace_peekbuf(pid_t tid, void const* tracee_addr, Bytes destination_buf);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-17 19:51:04 +0000