diff options
| author | Leah Rowe <leah@libreboot.org> | 2026-03-28 05:48:45 +0000 |
|---|---|---|
| committer | Leah Rowe <leah@libreboot.org> | 2026-03-28 05:49:41 +0000 |
| commit | 55f0e6ac8e540cea24af64070bfc49a032729511 (patch) | |
| tree | f2c790e11cf9e05dfc079958b192636c40799085 /util/libreboot-utils/nvmutil.c | |
| parent | 7f39ce5f9b635444e06302fbe556709e84bf3b9a (diff) | |
libreboot-utils: simplified pledge/unveil usage
i no longer care about openbsd 5.9. we assume unveil
is available, as has been the case for the past 12
years.
i use wrappers for unveil and pledge, which means that
i call them on every os. on OSes that don't have these,
i just return. it's somewhat inelegant, but also means
that i see errors more easily, e.g. misnamed variables
inside previous ifdef OpenBSD blocks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'util/libreboot-utils/nvmutil.c')
| -rw-r--r-- | util/libreboot-utils/nvmutil.c | 65 |
1 files changed, 10 insertions, 55 deletions
diff --git a/util/libreboot-utils/nvmutil.c b/util/libreboot-utils/nvmutil.c index 0eed440c..d78ab0c8 100644 --- a/util/libreboot-utils/nvmutil.c +++ b/util/libreboot-utils/nvmutil.c @@ -6,12 +6,6 @@ * These images configure your Intel Gigabit Ethernet adapter. */ -#ifdef __OpenBSD__ -/* for pledge/unveil test: - */ -#include <sys/param.h> -#endif - #include <sys/types.h> #include <sys/stat.h> @@ -38,25 +32,8 @@ main(int argc, char *argv[]) if (lbgetprogname(argv[0]) == NULL) err_no_cleanup(0, errno, "could not set progname"); -/* https://man.openbsd.org/pledge.2 - https://man.openbsd.org/unveil.2 */ -#if defined(__OpenBSD__) && defined(OpenBSD) -#if (OpenBSD) >= 604 - if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1) - err_no_cleanup(0, errno, "pledge plus unveil, main"); -#if defined(USE_URANDOM) && \ - ((USE_URANDOM) > 0) - if (unveil("/dev/null", "r") == -1) - err_no_cleanup(0, errno, "unveil r: /dev/null"); -#else - if (unveil("/dev/urandom", "r") == -1) - err_no_cleanup(0, errno, "unveil r: /dev/urandom"); -#endif -#elif (OpenBSD) >= 509 - if (pledge("stdio flock rpath wpath cpath", NULL) == -1) - err_no_cleanup(0, errno, "pledge, main"); -#endif -#endif + xpledgex("stdio flock rpath wpath cpath unveil", NULL); + xunveilx("/dev/urandom", "r"); #ifndef S_ISREG err_no_cleanup(0, ECANCELED, @@ -66,9 +43,7 @@ main(int argc, char *argv[]) err_no_cleanup(0, ECANCELED, "Unsupported char size"); #endif - x = xstart(argc, argv); - - if (x == NULL) + if ((x = xstart(argc, argv)) == NULL) err_no_cleanup(0, ECANCELED, "NULL state on init"); /* parse user command */ @@ -79,38 +54,18 @@ main(int argc, char *argv[]) cmd = &x->cmd[x->i]; f = &x->f; -/* https://man.openbsd.org/pledge.2 - https://man.openbsd.org/unveil.2 */ -#if defined(__OpenBSD__) && defined(OpenBSD) -#if (OpenBSD) >= 604 + if ((cmd->flags & O_ACCMODE) == O_RDONLY) + xunveilx(f->fname, "r"); + else + xunveilx(f->fname, "rwc"); - if ((us.cmd[i].flags & O_ACCMODE) == O_RDONLY) { - if (unveil(us.f.fname, "r") == -1) - b0rk(errno, "%s: unveil r", us.f.fname); - } else { - if (unveil(us.f.fname, "rwc") == -1) - b0rk(errno, "%s: unveil rw", us.f.fname); - } - - if (unveil(us.f.tname, "rwc") == -1) - b0rk(errno, "unveil rwc: %s", us.f.tname); - - if (unveil(NULL, NULL) == -1) - b0rk(errno, "unveil block (rw)"); - - if (pledge("stdio flock rpath wpath cpath", NULL) == -1) - b0rk(errno, "pledge (kill unveil)"); - -#elif (OpenBSD) >= 509 - if (pledge("stdio flock rpath wpath cpath", NULL) == -1) - b0rk(errno, "pledge"); -#endif -#endif + xunveilx(f->tname, "rwc"); + xunveilx(NULL, NULL); + xpledgex("stdio flock rpath wpath cpath", NULL); if (cmd->run == NULL) b0rk(errno, "Command not set"); - sanitize_command_list(); open_gbe_file(); |