blob: 6759801c1632f82cae94aba6bc26df3621e8acc4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
/*
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <AK/StringView.h>
#include <Kernel/Process.h>
namespace Kernel {
ErrorOr<FlatPtr> Process::sys$pledge(Userspace<Syscall::SC_pledge_params const*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
auto params = TRY(copy_typed_from_user(user_params));
if (params.promises.length > 1024 || params.execpromises.length > 1024)
return E2BIG;
OwnPtr<KString> promises;
if (params.promises.characters) {
promises = TRY(try_copy_kstring_from_user(params.promises));
}
OwnPtr<KString> execpromises;
if (params.execpromises.characters) {
execpromises = TRY(try_copy_kstring_from_user(params.execpromises));
}
auto parse_pledge = [&](auto pledge_spec, u32& mask) {
auto found_invalid_pledge = true;
pledge_spec.for_each_split_view(' ', false, [&mask, &found_invalid_pledge](auto const& part) {
#define __ENUMERATE_PLEDGE_PROMISE(x) \
if (part == StringView { #x }) { \
mask |= (1u << (u32)Pledge::x); \
return; \
}
ENUMERATE_PLEDGE_PROMISES
#undef __ENUMERATE_PLEDGE_PROMISE
found_invalid_pledge = false;
});
return found_invalid_pledge;
};
u32 new_promises = 0;
if (promises) {
if (!parse_pledge(promises->view(), new_promises))
return EINVAL;
if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises)) {
if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error)))
return EPERM;
new_promises &= m_protected_values.promises;
}
}
u32 new_execpromises = 0;
if (execpromises) {
if (!parse_pledge(execpromises->view(), new_execpromises))
return EINVAL;
if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises)) {
if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error)))
return EPERM;
new_execpromises &= m_protected_values.execpromises;
}
}
// Only apply promises after all validation has occurred, this ensures
// we don't introduce logic bugs like applying the promises, and then
// erroring out when parsing the exec promises later. Such bugs silently
// leave the caller in an unexpected state.
ProtectedDataMutationScope scope { *this };
if (promises) {
m_protected_values.has_promises = true;
m_protected_values.promises = new_promises;
}
if (execpromises) {
m_protected_values.has_execpromises = true;
m_protected_values.execpromises = new_execpromises;
}
return 0;
}
}
|