Kernel: Disallow jailed processes to read files in /sys/kernel directory

By default, disallow reading of values in that directory. Later on, we will enable sparingly read access to specific files. The idea that led to this mechanism was suggested by Jean-Baptiste Boric (also known as boricj in GitHub), to prevent access to sensitive information in the SysFS if someone adds a new file in the /sys/kernel directory.
2025-01-23 09:51:57 -05:00 · 2022-11-12 19:50:57 +02:00 · 2022-11-12 19:50:57 +02:00 · 1ca0ac5207
commit 1ca0ac5207
parent 2e55956784
2 changed files with 9 additions and 1 deletions
--- a/Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.cpp
+++ b/Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.cpp
@ -5,6 +5,7 @@
 */

 #include <Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.h>
+#include <Kernel/Process.h>

 namespace Kernel {

@ -51,7 +52,12 @@ ErrorOr<void> SysFSGlobalInformation::refresh_data(OpenFileDescription& descript
            return ENOMEM;
    }
    auto builder = TRY(KBufferBuilder::try_create());
-    TRY(const_cast<SysFSGlobalInformation&>(*this).try_generate(builder));
+    TRY(Process::current().jail().with([&](auto& my_jail) -> ErrorOr<void> {
+        if (my_jail && !is_readable_by_jailed_processes())
+            return Error::from_errno(EPERM);
+        TRY(const_cast<SysFSGlobalInformation&>(*this).try_generate(builder));
+        return {};
+    }));
    auto& typed_cached_data = static_cast<SysFSInodeData&>(*cached_data);
    typed_cached_data.buffer = builder.build();
    if (!typed_cached_data.buffer)
--- a/Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.h
+++ b/Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.h
@ -28,6 +28,8 @@ protected:
    virtual ErrorOr<void> refresh_data(OpenFileDescription&) const override;
    virtual ErrorOr<void> try_generate(KBufferBuilder&) = 0;

+    virtual bool is_readable_by_jailed_processes() const { return false; }
+
    mutable Mutex m_refresh_lock;
 };