git: fe388671ac85 - stable/13 - makesyscalls.lua: add a CAPENABLED flag

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Brooks Davis <brooks_at_FreeBSD.org>
Date: Tue, 19 Oct 2021 23:20:34 UTC
The branch stable/13 has been updated by brooks:

URL: https://cgit.FreeBSD.org/src/commit/?id=fe388671ac851292f59926e96f2c86e6e46ea218

commit fe388671ac851292f59926e96f2c86e6e46ea218
Author:     Brooks Davis <brooks@FreeBSD.org>
AuthorDate: 2021-10-19 23:19:56 +0000
Commit:     Brooks Davis <brooks@FreeBSD.org>
CommitDate: 2021-10-19 23:19:56 +0000

    makesyscalls.lua: add a CAPENABLED flag
    
    The CAPENABLED flag indicates that the syscall can be used in capsicum
    capability mode.  It is intended to replace capabilities.conf.
    
    Reviewed by:    kevans, emaste
    Sponsored by:   DARPA
    Differential Revision:  https://reviews.freebsd.org/D31349
    
    (cherry picked from commit 6945df3fff57a9606f8c8a4e3865def3a0e915e7)
---
 sys/kern/syscalls.master   | 2 ++
 sys/tools/makesyscalls.lua | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
index 81f016a0c073..51ff07f8deed 100644
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -15,6 +15,7 @@
 ;		COMPAT7, COMPAT11, COMPAT12, NODEF, NOARGS, NOPROTO, NOSTD
 ;		The COMPAT* options may be combined with one or more NO*
 ;		options separated by '|' with no spaces (e.g. COMPAT|NOARGS)
+;		The CAPENABLED option may be ORed into a type.
 ;	name	pseudo-prototype of syscall routine
 ;		If one of the following alts is different, then all appear:
 ;	altname	name of system call if different
@@ -45,6 +46,7 @@
 ;		function prototype in sys/sysproto.h.  Does add a
 ;		definition to syscall.h besides adding a sysent.
 ;	NOTSTATIC syscall is loadable
+;	CAPENABLED syscall is allowed in capability mode
 
 ; annotations:
 ;	SAL 2.0 annotations are used to specify how system calls treat
diff --git a/sys/tools/makesyscalls.lua b/sys/tools/makesyscalls.lua
index 49a9e283e646..dba9488b11a8 100644
--- a/sys/tools/makesyscalls.lua
+++ b/sys/tools/makesyscalls.lua
@@ -155,6 +155,7 @@ local known_flags = {
 	NOPROTO		= 0x00000040,
 	NOSTD		= 0x00000080,
 	NOTSTATIC	= 0x00000100,
+	CAPENABLED	= 0x00000200,
 
 	-- Compat flags start from here.  We have plenty of space.
 }
@@ -1060,7 +1061,8 @@ process_syscall_def = function(line)
 	-- If applicable; strip the ABI prefix from the name
 	local stripped_name = strip_abi_prefix(funcname)
 
-	if config["capenabled"][funcname] ~= nil or
+	if flags & known_flags['CAPENABLED'] ~= 0 or
+	    config["capenabled"][funcname] ~= nil or
 	    config["capenabled"][stripped_name] ~= nil then
 		sysflags = "SYF_CAPENABLED"
 	end