add unveil(2) to mixerctl(1)

after we know what is the mixer device to be used, either through MIXERDEVICE
env var, the argument passed or by default /dev/mixer then we can unveil it in
read/write mode, then if opening fails we reduce unveil to only read mode.

Once open(2) succeeds then we can disable fs access by calling unveil(NULL, NULL)
since all further operations occur on fds.

A cleaner solution would be to just call pledge("audio") after open(2) but
currently the ioctls used are not whitelisted in pledge(2), ratchov@ will
investigate a better way to do this

OK ratchov@

1 files changed, 13 insertions, 3 deletions

diff --git a/usr.bin/mixerctl/mixerctl.c b/usr.bin/mixerctl/mixerctl.c
index fc5ac5733b6..913462d3290 100644
--- a/usr.bin/mixerctl/mixerctl.c
+++ b/usr.bin/mixerctl/mixerctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mixerctl.c,v 1.30 2015/02/08 23:40:34 deraadt Exp $	*/
+/*	$OpenBSD: mixerctl.c,v 1.31 2018/08/08 19:35:47 mestre Exp $	*/
 /*	$NetBSD: mixerctl.c,v 1.11 1998/04/27 16:55:23 augustss Exp $	*/
 
 /*
@@ -283,10 +283,20 @@ main(int argc, char **argv)
 
 	if (argc == 0 && tflag == 0)
 		aflag = 1;
-		
-	if ((fd = open(file, O_RDWR)) == -1)
+
+	if (unveil(file, "rw") == -1)
+		err(1, "unveil");
+
+	if ((fd = open(file, O_RDWR)) == -1) {
+		if (unveil(file, "r") == -1)
+			err(1, "unveil");
+
 		if ((fd = open(file, O_RDONLY)) == -1)
 			err(1, "%s", file);
+	}
+
+	if (unveil(NULL, NULL) == -1)
+		err(1, "unveil");
 
 	for (ndev = 0; ; ndev++) {
 		dinfo.index = ndev;