util/nvmutil: Harden pledge promises

After reading a file, remove rpath.

When removing rpath, also remove wpath if flags
are not to O_RDONLY (read-only disk operation).

When wpath is permitted, and a file was successfully
written, remove wpath.

In order to permit /dev/urandom access in rhex(),
I call it as a void just before re-calling pledge.

The rhex() function has been written in such a way
that /dev/urandom only needs to be read *once*.

Signed-off-by: Leah Rowe <leah@libreboot.org>

0 files changed, 0 insertions, 0 deletions