Only the bits necessary to set up a filter and lock down an incoming interface.
Index: kern/kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.174
diff -u -p -r1.174 kern_pledge.c
--- kern/kern_pledge.c 3 Jul 2016 04:36:08 -0000 1.174
+++ kern/kern_pledge.c 5 Jul 2016 17:35:04 -0000
@@ -79,7 +79,7 @@
#include "drm.h"
#endif
-int pledgereq_flags(const char *req);
+uint64_t pledgereq_flags(const char *req);
int canonpath(const char *input, char *buf, size_t bufsize);
int substrcmp(const char *p1, size_t s1, const char *p2, size_t s2);
int resolvpath(struct proc *p, char **rdir, size_t *rdirlen, char **cwd,
@@ -359,6 +359,7 @@ static const struct {
uint64_t flags;
} pledgereq[] = {
{ "audio", PLEDGE_AUDIO },
+ { "bpf", PLEDGE_BPF },
{ "chown", PLEDGE_CHOWN | PLEDGE_CHOWNUID },
{ "cpath", PLEDGE_CPATH },
{ "disklabel", PLEDGE_DISKLABEL },
@@ -404,7 +405,7 @@ sys_pledge(struct proc *p, void *v, regi
if (SCARG(uap, request)) {
size_t rbuflen;
char *rbuf, *rp, *pn;
- int f;
+ uint64_t f;
rbuf = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
error = copyinstr(SCARG(uap, request), rbuf, MAXPATHLEN,
@@ -1198,6 +1199,25 @@ pledge_ioctl(struct proc *p, long com, s
#endif /* NAUDIO > 0 */
}
+ if ((p->p_p->ps_pledge & PLEDGE_BPF)) {
+ switch (com) {
+ case BIOCGBLEN:
+ case BIOCVERSION:
+ case BIOCIMMEDIATE:
+ case BIOCSFILDROP:
+ case BIOCSHDRCMPLT:
+ case BIOCSETF:
+ case BIOCSETIF:
+ case BIOCSETWF:
+ case BIOCLOCK:
+ if ((fp->f_type == DTYPE_VNODE) &&
+ (vp->v_type == VCHR) &&
+ (cdevsw[major(vp->v_rdev)].d_open == bpfopen))
+ return (0);
+ break;
+ }
+ }
+
if ((p->p_p->ps_pledge & PLEDGE_DISKLABEL)) {
switch (com) {
case DIOCGDINFO:
@@ -1514,7 +1534,7 @@ pledge_swapctl(struct proc *p)
}
/* bsearch over pledgereq. return flags value if found, 0 else */
-int
+uint64_t
pledgereq_flags(const char *req_name)
{
int base = 0, cmp, i, lim;
Index: sys/pledge.h
===================================================================
RCS file: /cvs/src/sys/sys/pledge.h,v
retrieving revision 1.29
diff -u -p -r1.29 pledge.h
--- sys/pledge.h 3 Jul 2016 04:36:08 -0000 1.29
+++ sys/pledge.h 5 Jul 2016 17:35:04 -0000
@@ -58,6 +58,7 @@
#define PLEDGE_VMM 0x0000000040000000ULL /* vmm ioctls */
#define PLEDGE_CHOWN 0x0000000080000000ULL /* chown(2) family */
#define PLEDGE_CHOWNUID 0x0000000100000000ULL /* allow owner/group
changes */
+#define PLEDGE_BPF 0x0000000200000000ULL /* bpf ioctls */
/*
* Bits outside PLEDGE_USERSET are used by the kernel itself
@@ -103,6 +104,7 @@ static struct {
{ PLEDGE_DRM, "drm" },
{ PLEDGE_VMM, "vmm" },
{ PLEDGE_CHOWNUID, "chown" },
+ { PLEDGE_BPF, "bpf" },
{ 0, NULL },
};
#endif
