Kernel: Add pledge() syscall :^)

This patch implements basic support for OpenBSD-style pledge(). pledge() allows programs to incrementally reduce their set of allowed syscalls, which are divided into categories that each make up a subset of POSIX functionality. If a process violates one of its pledged promises by attempting to call a syscall that it previously said it wouldn't call, the process is immediately terminated with an uncatchable SIGABRT. This is by no means complete, and we'll need to add more checks in various places to ensure that promises are being kept. But it is pretty cool! :^)
2025-05-31 10:28:10 +00:00 · 2020-01-11 20:45:51 +01:00 · 2020-01-11 20:45:51 +01:00 · 41c504a33b
commit 41c504a33b
parent 529a65c283
2 changed files with 13 additions and 0 deletions
--- a/Libraries/LibC/unistd.cpp
+++ b/Libraries/LibC/unistd.cpp
@ -652,4 +652,16 @@ int chroot(const char* path)
    int rc = syscall(SC_chroot, path, strlen(path));
    __RETURN_WITH_ERRNO(rc, rc, -1);
 }
+
+int pledge(const char* promises, const char* execpromises)
+{
+    Syscall::SC_pledge_params params {
+        { promises, promises ? strlen(promises) : 0 },
+        { execpromises, execpromises ? strlen(execpromises) : 0 }
+    };
+    int rc = syscall(SC_pledge, &params);
+    __RETURN_WITH_ERRNO(rc, rc, -1);
 }
+
+}
+