makesyscalls.lua: add a CAPENABLED flag

The CAPENABLED flag indicates that the syscall can be used in capsicum capability mode. It is intended to replace capabilities.conf. Reviewed by: kevans, emaste Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D31349 (cherry picked from commit 6945df3fff)
2021-10-20 00:19:56 +01:00 · 2021-10-20 00:19:56 +01:00 · fe388671ac
commit fe388671ac
parent 81184e92e0
2 changed files with 5 additions and 1 deletions
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@ -15,6 +15,7 @@
 ;		COMPAT7, COMPAT11, COMPAT12, NODEF, NOARGS, NOPROTO, NOSTD
 ;		The COMPAT* options may be combined with one or more NO*
 ;		options separated by '|' with no spaces (e.g. COMPAT|NOARGS)
+;		The CAPENABLED option may be ORed into a type.
 ;	name	pseudo-prototype of syscall routine
 ;		If one of the following alts is different, then all appear:
 ;	altname	name of system call if different
@ -45,6 +46,7 @@
 ;		function prototype in sys/sysproto.h.  Does add a
 ;		definition to syscall.h besides adding a sysent.
 ;	NOTSTATIC syscall is loadable
+;	CAPENABLED syscall is allowed in capability mode

 ; annotations:
 ;	SAL 2.0 annotations are used to specify how system calls treat
--- a/sys/tools/makesyscalls.lua
+++ b/sys/tools/makesyscalls.lua
@ -155,6 +155,7 @@ local known_flags = {
 	NOPROTO		= 0x00000040,
 	NOSTD		= 0x00000080,
 	NOTSTATIC	= 0x00000100,
+	CAPENABLED	= 0x00000200,

 	-- Compat flags start from here.  We have plenty of space.
 }
@ -1060,7 +1061,8 @@ process_syscall_def = function(line)
 	-- If applicable; strip the ABI prefix from the name
 	local stripped_name = strip_abi_prefix(funcname)

-	if config["capenabled"][funcname] ~= nil or
+	if flags & known_flags['CAPENABLED'] ~= 0 or
+	    config["capenabled"][funcname] ~= nil or
 	    config["capenabled"][stripped_name] ~= nil then
 		sysflags = "SYF_CAPENABLED"
 	end