ficl pfopen: verify file

If the file is verified - do not allow write
otherwise do not allow read.

Add O_ACCMODE to stand.h

Reviewed by:	stevek, mindal_semihalf.com
MFC after:	3 days
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org/D20387

stand/ficl.mk

@@ -16,3 +16,7 @@ CFLAGS+=	-fPIC
 
 CFLAGS+=	-I${FICLSRC} -I${FICLSRC}/${FICL_CPUARCH} -I${LDRSRC}
 CFLAGS+=	-DBF_DICTSIZE=15000
+
+.if ${MK_LOADER_VERIEXEC} != "no"
+CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h
+.endif

stand/ficl/loader.c

@@ -502,6 +502,23 @@ static void pfopen(FICL_VM *pVM)
 
     /* open the file */
     fd = open(name, mode);
+#ifdef LOADER_VERIEXEC
+    if (fd >= 0) {
+	if (verify_file(fd, name, 0, VE_GUESS) < 0) {
+	    /* not verified writing ok but reading is not */
+	    if ((mode & O_ACCMODE) != O_WRONLY) {
+		close(fd);
+		fd = -1;
+	    }
+	} else {
+	    /* verified reading ok but writing is not */
+	    if ((mode & O_ACCMODE) != O_RDONLY) {
+		close(fd);
+		fd = -1;
+	    }
+	}
+    }
+#endif
     free(name);
     stackPushINT(pVM->pStack, fd);
     return;

stand/libsa/stand.h

@@ -286,6 +286,7 @@ extern int	open(const char *, int);
 #define	O_RDONLY	0x0
 #define O_WRONLY	0x1
 #define O_RDWR		0x2
+#define O_ACCMODE	0x3
 /* NOT IMPLEMENTED */
 #define	O_CREAT		0x0200		/* create if nonexistent */
 #define	O_TRUNC		0x0400		/* truncate to zero length */