Continue introducing Capsicum capability mode support:

If a system call wasn't listed in capabilities.conf, return ECAPMODE at syscall entry. Reviewed by: anderson Discussed with: benl, kris, pjd Sponsored by: Google, Inc. Obtained from: Capsicum Project MFC after: 3 months
2011-03-01 13:32:07 +00:00 · 2011-03-01 13:32:07 +00:00 · fc94e4476b
commit fc94e4476b
parent ddfe0c2ba4
1 changed files with 15 additions and 0 deletions
--- a/sys/kern/subr_trap.c
+++ b/sys/kern/subr_trap.c
@ -44,12 +44,14 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

+#include "opt_capabilities.h"
 #include "opt_ktrace.h"
 #include "opt_kdtrace.h"
 #include "opt_sched.h"

 #include <sys/param.h>
 #include <sys/bus.h>
+#include <sys/capability.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
@ -310,6 +312,19 @@ syscallenter(struct thread *td, struct syscall_args *sa)
 			if (error != 0)
 				goto retval;
 		}
+
+#ifdef CAPABILITIES
+		/*
+		 * In capability mode, we only allow access to system calls
+		 * flagged with SYF_CAPENABLED.
+		 */
+		if (IN_CAPABILITY_MODE(td) &&
+		    !(sa->callp->sy_flags & SYF_CAPENABLED)) {
+			error = ECAPMODE;
+			goto retval;
+		}
+#endif
+
 		error = syscall_thread_enter(td, sa->callp);
 		if (error != 0)
 			goto retval;