makesyscalls.lua: add a CAPENABLED flag

The CAPENABLED flag indicates that the syscall can be used in capsicum capability mode. It is intended to replace capabilities.conf. Reviewed by: kevans, emaste MFC after: 1 week Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D31349
2021-09-01 21:54:38 +01:00 · 2021-09-01 21:54:38 +01:00 · 6945df3fff
commit 6945df3fff
parent 5647f85ade
2 changed files with 5 additions and 1 deletions
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@ -17,6 +17,7 @@
 ;		COMPAT7, COMPAT11, COMPAT12, NODEF, NOARGS, NOPROTO, NOSTD
 ;		The COMPAT* options may be combined with one or more NO*
 ;		options separated by '|' with no spaces (e.g. COMPAT|NOARGS)
+;		The CAPENABLED option may be ORed into a type.
 ;	name	pseudo-prototype of syscall routine
 ;		If one of the following alts is different, then all appear:
 ;	altname	name of system call if different
@ -47,6 +48,7 @@
 ;		function prototype in sys/sysproto.h.  Does add a
 ;		definition to syscall.h besides adding a sysent.
 ;	NOTSTATIC syscall is loadable
+;	CAPENABLED syscall is allowed in capability mode

 ; annotations:
 ;	SAL 2.0 annotations are used to specify how system calls treat
--- a/sys/tools/makesyscalls.lua
+++ b/sys/tools/makesyscalls.lua
@ -151,6 +151,7 @@ local known_flags = {
 	NOPROTO		= 0x00000040,
 	NOSTD		= 0x00000080,
 	NOTSTATIC	= 0x00000100,
+	CAPENABLED	= 0x00000200,

 	-- Compat flags start from here.  We have plenty of space.
 }
@ -1059,7 +1060,8 @@ process_syscall_def = function(line)
 	-- If applicable; strip the ABI prefix from the name
 	local stripped_name = strip_abi_prefix(funcname)

-	if config["capenabled"][funcname] ~= nil or
+	if flags & known_flags['CAPENABLED'] ~= 0 or
+	    config["capenabled"][funcname] ~= nil or
 	    config["capenabled"][stripped_name] ~= nil then
 		sysflags = "SYF_CAPENABLED"
 	end