diff options
| author | rwatson <rwatson@FreeBSD.org> | 2011-03-01 13:35:48 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2011-03-01 13:35:48 +0000 |
| commit | 4c48fabb06c83176bbacf0aa02e57d294e3074f9 (patch) | |
| tree | d68ef04ba948e5ff9a89c518f73137623e79f31d /sys/arm | |
| parent | f1981d366a20ad6fd3c6cb0074b9625b2dfc25b1 (diff) | |
| download | FreeBSD-src-4c48fabb06c83176bbacf0aa02e57d294e3074f9.zip FreeBSD-src-4c48fabb06c83176bbacf0aa02e57d294e3074f9.tar.gz | |
Continue to introduce Capsicum capability mode:
White list sysarch calls allowed in capability mode; arguably, there
should be some link between the capability mode model and the privilege
model here. Sysarch is a morass similar to ioctl, in many senses.
Submitted by: anderson
Discussed with: benl, kris, pjd
Sponsored by: Google, Inc.
Obtained from: Capsicum Project
MFC after: 3 months
Diffstat (limited to 'sys/arm')
| -rw-r--r-- | sys/arm/arm/sys_machdep.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/sys/arm/arm/sys_machdep.c b/sys/arm/arm/sys_machdep.c index 1dd8677..89e5227 100644 --- a/sys/arm/arm/sys_machdep.c +++ b/sys/arm/arm/sys_machdep.c @@ -36,8 +36,11 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include "opt_capabilities.h" + #include <sys/param.h> #include <sys/systm.h> +#include <sys/capability.h> #include <sys/proc.h> #include <sys/sysproto.h> #include <sys/syscall.h> @@ -104,6 +107,24 @@ sysarch(td, uap) { int error; +#ifdef CAPABILITIES + /* + * Whitelist of operations which are safe enough for capability mode. + */ + if (IN_CAPABILITY_MODE(td)) { + switch (uap->op) { + case ARM_SYNC_ICACHE: + case ARM_DRAIN_WRITEBUF: + case ARM_SET_TP: + case ARM_GET_TP: + break; + + default: + return (ECAPMODE); + } + } +#endif + switch (uap->op) { case ARM_SYNC_ICACHE : error = arm32_sync_icache(td, uap->parms); |
