1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
/* $OpenBSD: pledge.h,v 1.40 2019/06/19 16:55:51 deraadt Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
* Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _SYS_PLEDGE_H_
#define _SYS_PLEDGE_H_
#include <sys/cdefs.h>
/*
* pledge(2) requests
*/
#define PLEDGE_ALWAYS 0xffffffffffffffffULL
#define PLEDGE_RPATH 0x0000000000000001ULL /* allow open for read */
#define PLEDGE_WPATH 0x0000000000000002ULL /* allow open for write */
#define PLEDGE_CPATH 0x0000000000000004ULL /* allow creat, mkdir, unlink etc */
#define PLEDGE_STDIO 0x0000000000000008ULL /* operate on own pid */
#define PLEDGE_TMPPATH 0x0000000000000010ULL /* for mk*temp() */
#define PLEDGE_DNS 0x0000000000000020ULL /* DNS services */
#define PLEDGE_INET 0x0000000000000040ULL /* AF_INET/AF_INET6 sockets */
#define PLEDGE_FLOCK 0x0000000000000080ULL /* file locking */
#define PLEDGE_UNIX 0x0000000000000100ULL /* AF_UNIX sockets */
#define PLEDGE_ID 0x0000000000000200ULL /* allow setuid, setgid, etc */
#define PLEDGE_TAPE 0x0000000000000400ULL /* Tape ioctl */
#define PLEDGE_GETPW 0x0000000000000800ULL /* YP enables if ypbind.lock */
#define PLEDGE_PROC 0x0000000000001000ULL /* fork, waitpid, etc */
#define PLEDGE_SETTIME 0x0000000000002000ULL /* able to set/adj time/freq */
#define PLEDGE_FATTR 0x0000000000004000ULL /* allow explicit file st_* mods */
#define PLEDGE_PROTEXEC 0x0000000000008000ULL /* allow use of PROT_EXEC */
#define PLEDGE_TTY 0x0000000000010000ULL /* tty setting */
#define PLEDGE_SENDFD 0x0000000000020000ULL /* AF_UNIX CMSG fd sending */
#define PLEDGE_RECVFD 0x0000000000040000ULL /* AF_UNIX CMSG fd receiving */
#define PLEDGE_EXEC 0x0000000000080000ULL /* execve, child is free of pledge */
#define PLEDGE_ROUTE 0x0000000000100000ULL /* routing lookups */
#define PLEDGE_MCAST 0x0000000000200000ULL /* multicast joins */
#define PLEDGE_VMINFO 0x0000000000400000ULL /* vminfo listings */
#define PLEDGE_PS 0x0000000000800000ULL /* ps listings */
#define PLEDGE_DISKLABEL 0x0000000002000000ULL /* disklabels */
#define PLEDGE_PF 0x0000000004000000ULL /* pf ioctls */
#define PLEDGE_AUDIO 0x0000000008000000ULL /* audio ioctls */
#define PLEDGE_DPATH 0x0000000010000000ULL /* mknod & mkfifo */
#define PLEDGE_DRM 0x0000000020000000ULL /* drm ioctls */
#define PLEDGE_VMM 0x0000000040000000ULL /* vmm ioctls */
#define PLEDGE_CHOWN 0x0000000080000000ULL /* chown(2) family */
#define PLEDGE_CHOWNUID 0x0000000100000000ULL /* allow owner/group changes */
#define PLEDGE_BPF 0x0000000200000000ULL /* bpf ioctl */
#define PLEDGE_ERROR 0x0000000400000000ULL /* ENOSYS instead of kill */
#define PLEDGE_WROUTE 0x0000000800000000ULL /* interface address ioctls */
#define PLEDGE_UNVEIL 0x0000001000000000ULL /* allow unveil() */
#define PLEDGE_VIDEO 0x0000002000000000ULL /* video ioctls */
/*
* Bits outside PLEDGE_USERSET are used by the kernel itself
* to track program behaviours which have been observed.
*/
#define PLEDGE_USERSET 0x0fffffffffffffffULL
#define PLEDGE_YPACTIVE 0x8000000000000000ULL /* YP use detected and allowed */
#ifdef PLEDGENAMES
static struct {
uint64_t bits;
char *name;
} pledgenames[] = {
{ PLEDGE_RPATH, "rpath" },
{ PLEDGE_WPATH, "wpath" },
{ PLEDGE_CPATH, "cpath" },
{ PLEDGE_STDIO, "stdio" },
{ PLEDGE_TMPPATH, "tmppath" },
{ PLEDGE_DNS, "dns" },
{ PLEDGE_INET, "inet" },
{ PLEDGE_FLOCK, "flock" },
{ PLEDGE_UNIX, "unix" },
{ PLEDGE_ID, "id" },
{ PLEDGE_TAPE, "tape" },
{ PLEDGE_GETPW, "getpw" },
{ PLEDGE_PROC, "proc" },
{ PLEDGE_SETTIME, "settime" },
{ PLEDGE_FATTR, "fattr" },
{ PLEDGE_PROTEXEC, "prot_exec" },
{ PLEDGE_TTY, "tty" },
{ PLEDGE_SENDFD, "sendfd" },
{ PLEDGE_RECVFD, "recvfd" },
{ PLEDGE_EXEC, "exec" },
{ PLEDGE_ROUTE, "route" },
{ PLEDGE_MCAST, "mcast" },
{ PLEDGE_VMINFO, "vminfo" },
{ PLEDGE_PS, "ps" },
{ PLEDGE_DISKLABEL, "disklabel" },
{ PLEDGE_PF, "pf" },
{ PLEDGE_AUDIO, "audio" },
{ PLEDGE_DPATH, "dpath" },
{ PLEDGE_DRM, "drm" },
{ PLEDGE_VMM, "vmm" },
{ PLEDGE_CHOWNUID, "chown" },
{ PLEDGE_BPF, "bpf" },
{ PLEDGE_ERROR, "error" },
{ PLEDGE_WROUTE, "wroute" },
{ PLEDGE_UNVEIL, "unveil" },
{ PLEDGE_VIDEO, "video" },
{ 0, NULL },
};
#endif
#ifdef _KERNEL
int pledge_syscall(struct proc *, int, uint64_t *);
int pledge_fail(struct proc *, int, uint64_t);
struct mbuf;
struct nameidata;
int pledge_namei(struct proc *, struct nameidata *, char *);
int pledge_sendfd(struct proc *p, struct file *);
int pledge_recvfd(struct proc *p, struct file *);
int pledge_sysctl(struct proc *p, int namelen, int *name, void *new);
int pledge_chown(struct proc *p, uid_t, gid_t);
int pledge_adjtime(struct proc *p, const void *v);
int pledge_sendit(struct proc *p, const void *to);
int pledge_sockopt(struct proc *p, int set, int level, int optname);
int pledge_socket(struct proc *p, int domain, unsigned int state);
int pledge_ioctl(struct proc *p, long com, struct file *);
int pledge_ioctl_drm(struct proc *p, long com, dev_t device);
int pledge_ioctl_vmm(struct proc *p, long com);
int pledge_flock(struct proc *p);
int pledge_fcntl(struct proc *p, int cmd);
int pledge_swapctl(struct proc *p);
int pledge_kill(struct proc *p, pid_t pid);
int pledge_protexec(struct proc *p, int prot);
void ppath_destroy(struct process *ps);
#endif /* _KERNEL */
#endif /* _SYS_PLEDGE_H_ */
|