From 4c48fabb06c83176bbacf0aa02e57d294e3074f9 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Tue, 1 Mar 2011 13:35:48 +0000
Subject: Continue to introduce Capsicum capability mode:

White list sysarch calls allowed in capability mode; arguably, there
should be some link between the capability mode model and the privilege
model here.  Sysarch is a morass similar to ioctl, in many senses.

Submitted by:	anderson
Discussed with:	benl, kris, pjd
Sponsored by:	Google, Inc.
Obtained from:	Capsicum Project
MFC after:	3 months
---
 sys/arm/arm/sys_machdep.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'sys/arm')

diff --git a/sys/arm/arm/sys_machdep.c b/sys/arm/arm/sys_machdep.c
index 1dd8677..89e5227 100644
--- a/sys/arm/arm/sys_machdep.c
+++ b/sys/arm/arm/sys_machdep.c
@@ -36,8 +36,11 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include "opt_capabilities.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/capability.h>
 #include <sys/proc.h>
 #include <sys/sysproto.h>
 #include <sys/syscall.h>
@@ -104,6 +107,24 @@ sysarch(td, uap)
 {
 	int error;
 
+#ifdef CAPABILITIES
+	/*
+	 * Whitelist of operations which are safe enough for capability mode.
+	 */
+	if (IN_CAPABILITY_MODE(td)) {
+		switch (uap->op) {
+			case ARM_SYNC_ICACHE:
+			case ARM_DRAIN_WRITEBUF:
+			case ARM_SET_TP:
+			case ARM_GET_TP:
+				break;
+
+			default:
+				return (ECAPMODE);
+		}
+	}
+#endif
+
 	switch (uap->op) {
 	case ARM_SYNC_ICACHE : 
 		error = arm32_sync_icache(td, uap->parms);
-- 
cgit v1.1