diff options
| author | rwatson <rwatson@FreeBSD.org> | 2011-03-01 13:28:27 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2011-03-01 13:28:27 +0000 |
| commit | fa27828ce8c7d01494255e04302a6c6399f9b05c (patch) | |
| tree | 633687ea6519a3e3f9ee337f70eec0a4e84100bc /sys/kern/makesyscalls.sh | |
| parent | f9ecc7bc78f832fcc9a4353bae704b30ea1d7dbf (diff) | |
| download | FreeBSD-src-fa27828ce8c7d01494255e04302a6c6399f9b05c.zip FreeBSD-src-fa27828ce8c7d01494255e04302a6c6399f9b05c.tar.gz | |
Continue to introduce Capsicum Capability Mode support:
Add a new system call flag, SYF_CAPENABLED, which indicates that a
particular system call is available in capability mode.
Add a new configuration file, kern/capabilities.conf (similar files
may be introduced for other ABIs in the future), which enumerates
system calls that are available in capability mode. When a new
system call is added to syscalls.master, it will also need to be
added here (if needed). Teach sysent parts to use this file to set
values for SYF_CAPENABLED for the native ABI.
Reviewed by: anderson
Discussed with: benl, kris, pjd
Obtained from: Capsicum Project
MFC after: 3 months
Diffstat (limited to 'sys/kern/makesyscalls.sh')
| -rw-r--r-- | sys/kern/makesyscalls.sh | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/sys/kern/makesyscalls.sh b/sys/kern/makesyscalls.sh index 46e04fc..eeca4e9 100644 --- a/sys/kern/makesyscalls.sh +++ b/sys/kern/makesyscalls.sh @@ -39,6 +39,13 @@ sysarg="sysarg.switch.$$" sysprotoend="sysprotoend.$$" systracetmp="systrace.$$" +if [ -r capabilities.conf ]; then + capenabled=`cat capabilities.conf | grep -v "^#" | grep -v "^$"` + capenabled=`echo $capenabled | sed 's/ /,/g'` +else + capenabled="" +fi + trap "rm $sysaue $sysdcl $syscompat $syscompatdcl $syscompat4 $syscompat4dcl $syscompat6 $syscompat6dcl $syscompat7 $syscompat7dcl $sysent $sysinc $sysarg $sysprotoend $systracetmp" 0 touch $sysaue $sysdcl $syscompat $syscompatdcl $syscompat4 $syscompat4dcl $syscompat6 $syscompat6dcl $syscompat7 $syscompat7dcl $sysent $sysinc $sysarg $sysprotoend $systracetmp @@ -97,8 +104,11 @@ s/\$//g switchname = \"$switchname\" namesname = \"$namesname\" infile = \"$1\" + capenabled_string = \"$capenabled\" "' + split(capenabled_string, capenabled, ","); + printf "/*\n * System call switch table.\n *\n" > syssw printf " * DO NOT EDIT-- this file is automatically generated.\n" > syssw printf " * $%s$\n", "FreeBSD" > syssw @@ -290,6 +300,18 @@ s/\$//g f++ #function return type funcname=$f + + # + # We now know the func name, so define a flags field for it. + # Do this before any other processing as we may return early + # from it. + # + for (cap in capenabled) { + if (funcname == capenabled[cap]) { + flags = "SYF_CAPENABLED"; + } + } + if (funcalias == "") funcalias = funcname if (argalias == "") { @@ -348,7 +370,7 @@ s/\$//g } # - # The currently-empty flags field. + # The flags, if any. # { flags = "0"; |
