1/* $OpenBSD: pledge.h,v 1.48 2023/06/02 17:44:29 cheloha Exp $ */ 2 3/* 4 * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> 5 * Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#ifndef _SYS_PLEDGE_H_ 21#define _SYS_PLEDGE_H_ 22 23#include <sys/cdefs.h> 24 25/* 26 * pledge(2) requests 27 */ 28#define PLEDGE_ALWAYS 0xffffffffffffffffULL 29#define PLEDGE_RPATH 0x0000000000000001ULL /* allow open for read */ 30#define PLEDGE_WPATH 0x0000000000000002ULL /* allow open for write */ 31#define PLEDGE_CPATH 0x0000000000000004ULL /* allow creat, mkdir, unlink etc */ 32#define PLEDGE_STDIO 0x0000000000000008ULL /* operate on own pid */ 33#define PLEDGE_TMPPATH 0x0000000000000010ULL /* for mk*temp() */ 34#define PLEDGE_DNS 0x0000000000000020ULL /* DNS services */ 35#define PLEDGE_INET 0x0000000000000040ULL /* AF_INET/AF_INET6 sockets */ 36#define PLEDGE_FLOCK 0x0000000000000080ULL /* file locking */ 37#define PLEDGE_UNIX 0x0000000000000100ULL /* AF_UNIX sockets */ 38#define PLEDGE_ID 0x0000000000000200ULL /* allow setuid, setgid, etc */ 39#define PLEDGE_TAPE 0x0000000000000400ULL /* Tape ioctl */ 40#define PLEDGE_GETPW 0x0000000000000800ULL /* YP enables if ypbind.lock */ 41#define PLEDGE_PROC 0x0000000000001000ULL /* fork, waitpid, etc */ 42#define PLEDGE_SETTIME 0x0000000000002000ULL /* able to set/adj time/freq */ 43#define PLEDGE_FATTR 0x0000000000004000ULL /* allow explicit file st_* mods */ 44#define PLEDGE_PROTEXEC 0x0000000000008000ULL /* allow use of PROT_EXEC */ 45#define PLEDGE_TTY 0x0000000000010000ULL /* tty setting */ 46#define PLEDGE_SENDFD 0x0000000000020000ULL /* AF_UNIX CMSG fd sending */ 47#define PLEDGE_RECVFD 0x0000000000040000ULL /* AF_UNIX CMSG fd receiving */ 48#define PLEDGE_EXEC 0x0000000000080000ULL /* execve, child is free of pledge */ 49#define PLEDGE_ROUTE 0x0000000000100000ULL /* routing lookups */ 50#define PLEDGE_MCAST 0x0000000000200000ULL /* multicast joins */ 51#define PLEDGE_VMINFO 0x0000000000400000ULL /* vminfo listings */ 52#define PLEDGE_PS 0x0000000000800000ULL /* ps listings */ 53#define PLEDGE_DISKLABEL 0x0000000002000000ULL /* disklabels */ 54#define PLEDGE_PF 0x0000000004000000ULL /* pf ioctls */ 55#define PLEDGE_AUDIO 0x0000000008000000ULL /* audio ioctls */ 56#define PLEDGE_DPATH 0x0000000010000000ULL /* mknod & mkfifo */ 57#define PLEDGE_DRM 0x0000000020000000ULL /* drm ioctls */ 58#define PLEDGE_VMM 0x0000000040000000ULL /* vmm ioctls */ 59#define PLEDGE_CHOWN 0x0000000080000000ULL /* chown(2) family */ 60#define PLEDGE_CHOWNUID 0x0000000100000000ULL /* allow owner/group changes */ 61#define PLEDGE_BPF 0x0000000200000000ULL /* bpf ioctl */ 62#define PLEDGE_ERROR 0x0000000400000000ULL /* ENOSYS instead of kill */ 63#define PLEDGE_WROUTE 0x0000000800000000ULL /* interface address ioctls */ 64#define PLEDGE_UNVEIL 0x0000001000000000ULL /* allow unveil() */ 65#define PLEDGE_VIDEO 0x0000002000000000ULL /* video ioctls */ 66 67/* 68 * Bits outside PLEDGE_USERSET are used by the kernel itself 69 * to track program behaviours which have been observed. 70 */ 71#define PLEDGE_USERSET 0x0fffffffffffffffULL 72 73#ifdef PLEDGENAMES 74static const struct { 75 uint64_t bits; 76 const char *name; 77} pledgenames[] = { 78 { PLEDGE_STDIO, "stdio" }, 79 { PLEDGE_RPATH, "rpath" }, 80 { PLEDGE_WPATH, "wpath" }, 81 { PLEDGE_CPATH, "cpath" }, 82 { PLEDGE_DPATH, "dpath" }, 83 { PLEDGE_TMPPATH, "tmppath" }, 84 { PLEDGE_INET, "inet" }, 85 { PLEDGE_MCAST, "mcast" }, 86 { PLEDGE_FATTR, "fattr" }, 87 { PLEDGE_CHOWNUID, "chown" }, 88 { PLEDGE_FLOCK, "flock" }, 89 { PLEDGE_UNIX, "unix" }, 90 { PLEDGE_DNS, "dns" }, 91 { PLEDGE_GETPW, "getpw" }, 92 { PLEDGE_SENDFD, "sendfd" }, 93 { PLEDGE_RECVFD, "recvfd" }, 94 { PLEDGE_TAPE, "tape" }, 95 { PLEDGE_TTY, "tty" }, 96 { PLEDGE_PROC, "proc" }, 97 { PLEDGE_EXEC, "exec" }, 98 { PLEDGE_PROTEXEC, "prot_exec" }, 99 { PLEDGE_SETTIME, "settime" }, 100 { PLEDGE_PS, "ps" }, 101 { PLEDGE_VMINFO, "vminfo" }, 102 { PLEDGE_ID, "id" }, 103 { PLEDGE_PF, "pf" }, 104 { PLEDGE_ROUTE, "route" }, 105 { PLEDGE_WROUTE, "wroute" }, 106 { PLEDGE_AUDIO, "audio" }, 107 { PLEDGE_VIDEO, "video" }, 108 { PLEDGE_BPF, "bpf" }, 109 { PLEDGE_UNVEIL, "unveil" }, 110 { PLEDGE_ERROR, "error" }, 111 { PLEDGE_DISKLABEL, "disklabel" }, 112 { PLEDGE_DRM, "drm" }, 113 { PLEDGE_VMM, "vmm" }, 114 { 0, NULL }, 115}; 116#endif 117 118#ifdef _KERNEL 119 120int pledge_syscall(struct proc *, int, uint64_t *); 121int pledge_fail(struct proc *, int, uint64_t); 122 123struct mbuf; 124struct nameidata; 125int pledge_namei(struct proc *, struct nameidata *, char *); 126int pledge_sendfd(struct proc *p, struct file *); 127int pledge_recvfd(struct proc *p, struct file *); 128int pledge_sysctl(struct proc *p, int namelen, int *name, void *new); 129int pledge_chown(struct proc *p, uid_t, gid_t); 130int pledge_adjtime(struct proc *p, const void *v); 131int pledge_sendit(struct proc *p, const void *to); 132int pledge_sockopt(struct proc *p, int set, int level, int optname); 133int pledge_socket(struct proc *p, int domain, unsigned int state); 134int pledge_ioctl(struct proc *p, long com, struct file *); 135int pledge_ioctl_drm(struct proc *p, long com, dev_t device); 136int pledge_ioctl_vmm(struct proc *p, long com); 137int pledge_flock(struct proc *p); 138int pledge_fcntl(struct proc *p, int cmd); 139int pledge_swapctl(struct proc *p, int cmd); 140int pledge_kill(struct proc *p, pid_t pid); 141int pledge_profil(struct proc *, u_int); 142int pledge_protexec(struct proc *p, int prot); 143 144#endif /* _KERNEL */ 145 146#endif /* _SYS_PLEDGE_H_ */ 147