RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 16:47:36 +00:00
Code Issues Activity Actions

Kernel: Add a 'no_error' pledge promise

Browse source 
This makes pledge() ignore promises that would otherwise cause it to
fail with EPERM, which is very useful for allowing programs to run under
a "jail" so to speak, without having them termiate early due to a
failing pledge() call.
This commit is contained in:
Ali Mohammad Pur 2022-03-25 01:17:42 +04:30 committed by Ali Mohammad Pur
parent 37073437c1
commit 8233da3398
3 changed files with 12 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Kernel/Syscalls/pledge.cpp
View file

@ -46,16 +46,21 @@ ErrorOr<FlatPtr> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*>
if (promises) {
if (!parse_pledge(promises->view(), new_promises))
return EINVAL;
if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises))
return EPERM;
if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) {
if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises))
return EPERM;
}
}
u32 new_execpromises = 0;
if (execpromises) {
if (!parse_pledge(execpromises->view(), new_execpromises))
return EINVAL;
if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises))
return EPERM;
if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) {
if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises))
return EPERM;
}
}
// Only apply promises after all validation has occurred, this ensures