Kernel: Add "map_fixed" pledge promise

This is a new promise that guards access to mmap() with MAP_FIXED.

Fixed-address mappings are rarely used, but can be useful if you are
trying to groom the process address space for malicious purposes.

None of our programs need this at the moment, as the only user of
MAP_FIXED is DynamicLoader, but the fixed mappings are constructed
before the process has had a chance to pledge anything.

Base/usr/share/man/man2/pledge.md

@@ -54,6 +54,7 @@ If the process later attempts to use any system functionality it has previously
 * `recvfd`: Receive file descriptors over a local socket
 * `ptrace`: The [`ptrace(2)`](ptrace.md) syscall (\*)
 * `prot_exec`: [`mmap(2)`](mmap.md) and [`mprotect(2)`](mprotect.md) with `PROT_EXEC`
+* `map_fixed`: [`mmap(2)`](mmap.md) with `MAP_FIXED` (\*)
 
 Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`.
 

Kernel/Process.h

@@ -82,6 +82,7 @@ void kgettimeofday(timeval&);
     __ENUMERATE_PLEDGE_PROMISE(sigaction) \
     __ENUMERATE_PLEDGE_PROMISE(setkeymap) \
     __ENUMERATE_PLEDGE_PROMISE(prot_exec) \
+    __ENUMERATE_PLEDGE_PROMISE(map_fixed) \
     __ENUMERATE_PLEDGE_PROMISE(getkeymap)
 
 enum class Pledge : u32 {

Kernel/Syscalls/mmap.cpp

@@ -157,6 +157,10 @@ void* Process::sys$mmap(Userspace<const Syscall::SC_mmap_params*> user_params)
         REQUIRE_PROMISE(prot_exec);
     }
 
+    if (prot & MAP_FIXED) {
+        REQUIRE_PROMISE(map_fixed);
+    }
+
     if (alignment & ~PAGE_MASK)
         return (void*)-EINVAL;