Blob
Date:
Thu May 19 07:32:26 2022 UTC
Message:
don't include linux/prctl.h can conflict with sys/prctl.h, spotted while trying to build on alpine linux. 
1
/*

2
 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>

3
 *

4
 * Permission to use, copy, modify, and distribute this software for any

5
 * purpose with or without fee is hereby granted, provided that the above

6
 * copyright notice and this permission notice appear in all copies.

7
 *

8
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

9
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

10
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

11
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

12
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

13
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

14
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

15
 */

17
#include "compat.h"

19
#include <limits.h>

21
#include "fs.h"

22
#include "telescope.h"

24
#ifdef __OpenBSD__

26
# include <errno.h>

27
# include <stdlib.h>

28
# include <string.h>

29
# include <unistd.h>

31
void

32
sandbox_net_process(void)

33
{

34
	if (pledge("stdio inet dns", NULL) == -1)

35
		err(1, "pledge");

36
}

38
void

39
sandbox_ui_process(void)

40
{

41
	char path[PATH_MAX];

43
	if (unveil("/tmp", "rwc") == -1)

44
		err(1, "unveil(/tmp)");

46
	strlcpy(path, getenv("HOME"), sizeof(path));

47
	strlcat(path, "/Downloads", sizeof(path));

48
	if (unveil(path, "rwc") == -1 && errno != ENOENT)

49
		err(1, "unveil(%s)", path);

51
	if (unveil(config_path_base, "rwc") == -1)

52
		err(1, "unveil(%s)", config_path_base);

54
	if (unveil(data_path_base, "rwc") == -1)

55
		err(1, "unveil(%s)", data_path_base);

57
	if (unveil(cache_path_base, "rwc") == -1)

58
		err(1, "unveil(%s)", cache_path_base);

60
	if (pledge("stdio rpath wpath cpath unix tty", NULL) == -1)

61
		err(1, "pledge");

62
}

64
#elif HAVE_LINUX_LANDLOCK_H

66
#include <linux/landlock.h>

68
#include <sys/prctl.h>

69
#include <sys/stat.h>

70
#include <sys/syscall.h>

72
#include <errno.h>

73
#include <fcntl.h>

74
#include <stdlib.h>

75
#include <string.h>

76
#include <unistd.h>

78
/*

79
 * What's the deal with landlock?  While distro with linux >= 5.13

80
 * have the struct declarations, libc wrappers are missing.  The

81
 * sample landlock code provided by the authors includes these "shims"

82
 * in their example for the landlock API until libc provides them.

83
 *

84
 * Linux is such a mess sometimes.  /rant

85
 */

87
#ifndef landlock_create_ruleset

88
static inline int

89
landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size,

90
    __u32 flags)

91
{

92
	return syscall(__NR_landlock_create_ruleset, attr, size, flags);

93
}

94
#endif

96
#ifndef landlock_add_rule

97
static inline int

98
landlock_add_rule(int ruleset_fd, enum landlock_rule_type type,

99
    const void *attr, __u32 flags)

100
{

101
	return syscall(__NR_landlock_add_rule, ruleset_fd, type, attr, flags);

102
}

103
#endif

105
#ifndef landlock_restrict_self

106
static inline int

107
landlock_restrict_self(int ruleset_fd, __u32 flags)

108
{

109
	return syscall(__NR_landlock_restrict_self, ruleset_fd, flags);

110
}

111
#endif

113
static int

114
open_landlock(void)

115
{

116
	int fd;

117
	struct landlock_ruleset_attr attr = {

118
		.handled_access_fs =	LANDLOCK_ACCESS_FS_EXECUTE |

119
					LANDLOCK_ACCESS_FS_READ_FILE |

120
					LANDLOCK_ACCESS_FS_READ_DIR |

121
					LANDLOCK_ACCESS_FS_WRITE_FILE |

122
					LANDLOCK_ACCESS_FS_REMOVE_DIR |

123
					LANDLOCK_ACCESS_FS_REMOVE_FILE |

124
					LANDLOCK_ACCESS_FS_MAKE_CHAR |

125
					LANDLOCK_ACCESS_FS_MAKE_DIR |

126
					LANDLOCK_ACCESS_FS_MAKE_REG |

127
					LANDLOCK_ACCESS_FS_MAKE_SOCK |

128
					LANDLOCK_ACCESS_FS_MAKE_FIFO |

129
					LANDLOCK_ACCESS_FS_MAKE_BLOCK |

130
					LANDLOCK_ACCESS_FS_MAKE_SYM,

131
	};

133
	fd = landlock_create_ruleset(&attr, sizeof(attr), 0);

134
	if (fd == -1) {

135
		switch (errno) {

136
		case ENOSYS:

137
		case EOPNOTSUPP:

138
			return -1;

139
		default:

140
			err(1, "can't create landlock ruleset");

141
		}

142
	}

143
	return fd;

144
}

146
static int

147
landlock_unveil(int landlock_fd, const char *path, int perms)

148
{

149
	struct landlock_path_beneath_attr pb;

150
	int err, saved_errno;

152
	pb.allowed_access = perms;

154
	if ((pb.parent_fd = open(path, O_PATH)) == -1)

155
		return -1;

157
	err = landlock_add_rule(landlock_fd, LANDLOCK_RULE_PATH_BENEATH,

158
	    &pb, 0);

159
	saved_errno = errno;

160
	close(pb.parent_fd);

161
	errno = saved_errno;

162
	return err ? -1 : 0;

163
}

165
static int

166
landlock_apply(int fd)

167
{

168
	int r, saved_errno;

170
	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)

171
		err(1, "%s: prctl(PR_SET_NO_NEW_PRIVS)", __func__);

173
	r = landlock_restrict_self(fd, 0);

174
	saved_errno = errno;

175
	close(fd);

176
	errno = saved_errno;

177
	return r ? -1 : 0;

178
}

180
static int

181
landlock_no_fs(void)

182
{

183
	int fd;

185
	/*

186
	 * XXX: landlock disabled at runtime, pretend everything's

187
	 * good.

188
	 */

189
	if ((fd = open_landlock()) == -1)

190
		return 0;

192
	return landlock_apply(fd);

193
}

195
void

196
sandbox_net_process(void)

197
{

198
	/*

199
	 * We don't know what paths are required for the TLS stack.

200
	 * Yes, it sucks.

201
	 */

202
	return;

203
}

205
void

206
sandbox_ui_process(void)

207
{

208
	/*

209
	 * Needs to be able to read files *and* execute programs,

210
	 * can't be sandboxed.

211
	 */

212
	return;

213
}

215
#else

217
#warning "No sandbox for this OS"

219
void

220
sandbox_net_process(void)

221
{

222
	return;

223
}

225
void

226
sandbox_ui_process(void)

227
{

228
	return;

229
}

231
#endif
Omar Polo