serenity/Kernel
Liav A 718ae68621 Kernel+LibCore+LibC: Implement support for forcing unveil on exec
To accomplish this, we add another VeilState which is called
LockedInherited. The idea is to apply exec unveil data, similar to
execpromises of the pledge syscall, on the current exec'ed program
during the execve sequence. When applying the forced unveil data, the
veil state is set to be locked but the special state of LockedInherited
ensures that if the new program tries to unveil paths, the request will
silently be ignored, so the program will continue running without
receiving an error, but is still can only use the paths that were
unveiled before the exec syscall. This in turn, allows us to use the
unveil syscall with a special utility to sandbox other userland programs
in terms of what is visible to them on the filesystem, and is usable on
both programs that use or don't use the unveil syscall in their code.
2022-11-26 12:42:15 -07:00
..
API Kernel+LibCore+LibC: Implement support for forcing unveil on exec 2022-11-26 12:42:15 -07:00
Arch Kernel: Use AK::Time for InodeMetadata timestamps instead of time_t 2022-11-24 16:56:27 +01:00
Bus Kernel: Fix includes when building aarch64 2022-11-18 16:25:33 -08:00
Devices Kernel: Split the SysFS core files into smaller components 2022-11-08 02:54:48 -07:00
FileSystem Kernel+LibCore+LibC: Implement support for forcing unveil on exec 2022-11-26 12:42:15 -07:00
Firmware Kernel: Move InterruptDisabler out of Arch directory 2022-10-17 20:11:31 +02:00
Graphics Everywhere: Clean up "the the" comment typos 2022-11-03 17:38:32 +00:00
Heap Kernel/aarch64: Force kmalloc to return 16 byte aligned pointers 2022-10-20 23:26:32 +02:00
Interrupts Kernel+lsirq: Track per-CPU IRQ handler call counts 2022-11-19 15:39:30 +01:00
Library Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
Locking Kernel: Move Spinlock functions back to arch independent Locking folder 2022-08-26 12:51:57 +02:00
Memory Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
Net AK+Kernel: Handle some allocation failures in IPv4Socket and TCPSocket 2022-11-01 14:31:48 +00:00
Prekernel
Storage Kernel: Split the Ext2FileSystem.{cpp,h} files into smaller components 2022-11-08 02:54:48 -07:00
Syscalls Kernel+LibCore+LibC: Implement support for forcing unveil on exec 2022-11-26 12:42:15 -07:00
Tasks Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
Time Kernel: Use AK::Time for InodeMetadata timestamps instead of time_t 2022-11-24 16:56:27 +01:00
TTY Kernel: Split the DevPtsFS files into smaller components 2022-11-08 02:54:48 -07:00
AddressSanitizer.cpp
AddressSanitizer.h
Assertions.h Kernel: Replace VERIFY_NOT_REACHED with TODO_AARCH64 2022-10-16 17:35:37 +02:00
AtomicEdgeAction.h
BootInfo.h
CMakeLists.txt Kernel: Split the Ext2FileSystem.{cpp,h} files into smaller components 2022-11-08 02:54:48 -07:00
CommandLine.cpp AK+Everywhere: Turn bool keep_empty to an enum in split* functions 2022-10-24 23:29:18 +01:00
CommandLine.h Kernel/PCI: Don't use x86 initialization methods in non-x86 builds 2022-09-20 18:43:05 +01:00
Coredump.cpp Kernel/x86: Move RTC and CMOS code to x86 arch-specific subdirectory 2022-09-20 18:43:05 +01:00
Coredump.h Kernel: Work using copies of specific region data during a coredump 2022-08-31 16:28:47 +02:00
Credentials.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
Credentials.h Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
Debug.h.in Kernel: Add support for the FAT32 filesystem 2022-10-14 18:36:40 -06:00
DoubleBuffer.cpp Kernel: Move InterruptDisabler out of Arch directory 2022-10-17 20:11:31 +02:00
DoubleBuffer.h
embedmap.sh
Forward.h Kernel: Split the FATFileSystem.{cpp,h} files into smaller components 2022-11-08 02:54:48 -07:00
FutexQueue.cpp
FutexQueue.h
generate-version-file.sh Kernel: Bake version information into the Kernel 2022-10-14 13:45:33 +02:00
InterruptDisabler.h Kernel: Move InterruptDisabler out of Arch directory 2022-10-17 20:11:31 +02:00
IOWindow.cpp Kernel: Introduce the IOWindow class 2022-09-23 17:22:15 +01:00
IOWindow.h Kernel: Introduce the IOWindow class 2022-09-23 17:22:15 +01:00
Jail.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
Jail.h Kernel: Fix includes when building aarch64 2022-11-18 16:25:33 -08:00
JailManagement.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
JailManagement.h Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
KBuffer.h
KBufferBuilder.cpp
KBufferBuilder.h
KLexicalPath.cpp
KLexicalPath.h
kprintf.cpp Kernel: Don't blindly compile Bochs debug output code in ConsoleDevice 2022-09-20 18:43:05 +01:00
kstdio.h Kernel: Don't blindly compile Bochs debug output code in ConsoleDevice 2022-09-20 18:43:05 +01:00
KString.cpp
KString.h
KSyms.cpp Kernel: Add ability to dump backtrace from provided frame pointer 2022-10-01 14:09:01 +02:00
KSyms.h Kernel: Add ability to dump backtrace from provided frame pointer 2022-10-01 14:09:01 +02:00
MiniStdLib.cpp
mkmap.sh
Multiboot.h Kernel: Add basic aarch64 support to MemoryManager 2022-09-12 00:56:44 +01:00
Panic.cpp Kernel: Abstracts x86 reboot and shutdown specific methods 2022-09-20 18:43:05 +01:00
Panic.h
PerformanceEventBuffer.cpp Kernel: Don't wrap AddressSpace's RegionTree in SpinlockProtected 2022-08-24 14:57:51 +02:00
PerformanceEventBuffer.h
PerformanceManager.h Everywhere: Fix a variety of typos 2022-09-14 04:46:49 +00:00
PhysicalAddress.h
Process.cpp Kernel+LibCore+LibC: Implement support for forcing unveil on exec 2022-11-26 12:42:15 -07:00
Process.h Kernel+LibCore+LibC: Implement support for forcing unveil on exec 2022-11-26 12:42:15 -07:00
ProcessExposed.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
ProcessExposed.h Kernel: Use AK::Time for InodeMetadata timestamps instead of time_t 2022-11-24 16:56:27 +01:00
ProcessGroup.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
ProcessGroup.h Kernel: Include missing headers for various files 2022-10-26 20:01:45 +02:00
ProcessProcFSTraits.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
ProcessSpecificExposed.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
Random.cpp Kernel/aarch64: Stub enough functions to build Random.cpp 2022-10-20 23:26:32 +02:00
Random.h
SanCov.cpp
Scheduler.cpp Kernel: Call Processor::are_interrupts_enabled in Scheduler::idle_loop 2022-10-18 13:08:25 +02:00
Scheduler.h Kernel: Move Scheduler current time method to the TimeManagement code 2022-10-14 14:13:51 +02:00
Sections.h Kernel: Make the page table quickmaps per-CPU 2022-08-22 17:56:03 +02:00
StdLib.cpp AK+Everywhere: Add AK_COMPILER_{GCC,CLANG} and use them most places 2022-10-04 23:35:07 +01:00
StdLib.h Kernel: Add copy_typed_from_user for non-const Userspace<T*> 2022-11-05 18:00:58 -06:00
Syscall.cpp Kernel: Don't directly include <Kernel/Arch/x86/TrapFrame.h> 2022-10-16 17:35:37 +02:00
Thread.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
Thread.h Kernel+LibC: Report correct scheduling priority limits 2022-10-27 11:30:19 +01:00
ThreadBlockers.cpp Kernel: Use InterruptsState in Spinlock code 2022-08-26 12:51:57 +02:00
ThreadTracer.cpp
ThreadTracer.h
TimerQueue.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
TimerQueue.h Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
UBSanitizer.cpp
UnixTypes.h
UserOrKernelBuffer.cpp
UserOrKernelBuffer.h
VirtualAddress.h
WaitQueue.cpp
WaitQueue.h
WorkQueue.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
WorkQueue.h Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00