diff options
Diffstat (limited to 'util/libreboot-utils')
| -rw-r--r-- | util/libreboot-utils/include/common.h | 2 | ||||
| -rw-r--r-- | util/libreboot-utils/lib/string.c | 29 | ||||
| -rw-r--r-- | util/libreboot-utils/lottery.c | 5 | ||||
| -rw-r--r-- | util/libreboot-utils/mkhtemp.c | 10 | ||||
| -rw-r--r-- | util/libreboot-utils/nvmutil.c | 30 |
5 files changed, 33 insertions, 43 deletions
diff --git a/util/libreboot-utils/include/common.h b/util/libreboot-utils/include/common.h index d08828df..a16bdce0 100644 --- a/util/libreboot-utils/include/common.h +++ b/util/libreboot-utils/include/common.h @@ -357,8 +357,6 @@ void write_mac_part(size_t partnum); size_t page_remain(const void *p); long pagesize(void); -int xunveilx(const char *path, const char *permissions); -int xpledgex(const char *promises, const char *execpromises); char *smalloc(char **buf, size_t size); void *vmalloc(void **buf, size_t size); size_t slen(const char *scmp, size_t maxlen, diff --git a/util/libreboot-utils/lib/string.c b/util/libreboot-utils/lib/string.c index 5e0b4c33..99864b82 100644 --- a/util/libreboot-utils/lib/string.c +++ b/util/libreboot-utils/lib/string.c @@ -620,32 +620,3 @@ lbsetprogname(char *argv0) return progname; } - -/* https://man.openbsd.org/pledge.2 - https://man.openbsd.org/unveil.2 */ -int -xpledgex(const char *promises, const char *execpromises) -{ - int saved_errno = errno; - (void) promises, (void) execpromises, (void) saved_errno; - errno = 0; -#ifdef __OpenBSD__ - if (pledge(promises, execpromises) == -1) - exitf("pledge"); -#endif - reset_caller_errno(0); - return 0; -} -int -xunveilx(const char *path, const char *permissions) -{ - int saved_errno = errno; - (void) path, (void) permissions, (void) saved_errno; - errno = 0; -#ifdef __OpenBSD__ - if (pledge(promises, execpromises) == -1) - exitf("pledge"); -#endif - reset_caller_errno(0); - return 0; -} diff --git a/util/libreboot-utils/lottery.c b/util/libreboot-utils/lottery.c index 1648cbc7..38407512 100644 --- a/util/libreboot-utils/lottery.c +++ b/util/libreboot-utils/lottery.c @@ -24,8 +24,11 @@ main(int argc, char **argv) (void) errhook(exit_cleanup); (void) lbsetprogname(argv[0]); +#ifdef __OpenBSD__ /* https://man.openbsd.org/pledge.2 */ - xpledgex("stdio", NULL); + if (pledge("stdio", NULL) == -1) + exitf("pledge"); +#endif buf = rmalloc(size); if (!vcmp(buf, buf + (size >> 1), size >> 1)) diff --git a/util/libreboot-utils/mkhtemp.c b/util/libreboot-utils/mkhtemp.c index 86aab536..d2f32ef2 100644 --- a/util/libreboot-utils/mkhtemp.c +++ b/util/libreboot-utils/mkhtemp.c @@ -59,8 +59,11 @@ main(int argc, char *argv[]) (void) errhook(exit_cleanup); (void) lbsetprogname(argv[0]); +#ifdef __OpenBSD__ /* https://man.openbsd.org/pledge.2 */ - xpledgex("stdio flock rpath wpath cpath", NULL); + if (pledge("stdio flock rpath wpath cpath", NULL) == -1) + exitf("pledge"); +#endif while ((c = getopt(argc, argv, "qdp:")) != -1) { @@ -117,7 +120,10 @@ main(int argc, char *argv[]) tmpdir, template) < 0) exitf("%s", s); - xpledgex("stdio", NULL); +#ifdef __OpenBSD__ + if (pledge("stdio", NULL) == -1) + exitf("pledge"); +#endif if (s == NULL) exitf("bad string initialisation"); diff --git a/util/libreboot-utils/nvmutil.c b/util/libreboot-utils/nvmutil.c index 66e47ec8..09801585 100644 --- a/util/libreboot-utils/nvmutil.c +++ b/util/libreboot-utils/nvmutil.c @@ -38,10 +38,14 @@ main(int argc, char *argv[]) (void) errhook(exit_cleanup); +#ifdef __OpenBSD /* https://man.openbsd.org/pledge.2 */ /* https://man.openbsd.org/unveil.2 */ - xpledgex("stdio flock rpath wpath cpath unveil", NULL); - xunveilx("/dev/urandom", "r"); + if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1) + exitf("pledge"); + if (unveil("/dev/urandom", "r") == -1) + exitf("unveil"); +#endif #ifndef S_ISREG exitf( @@ -62,14 +66,22 @@ main(int argc, char *argv[]) cmd = &x->cmd[x->i]; f = &x->f; - if ((cmd->flags & O_ACCMODE) == O_RDONLY) - xunveilx(f->fname, "r"); - else - xunveilx(f->fname, "rwc"); +#ifdef __OpenBSD__ + if ((cmd->flags & O_ACCMODE) == O_RDONLY) { + if (unveil(f->fname, "r") == -1) + exitf("unveil"); + } else { + if (unveil(f->fname, "rwc") == -1) + exitf("unveil"); + } - xunveilx(f->tname, "rwc"); - xunveilx(NULL, NULL); - xpledgex("stdio flock rpath wpath cpath", NULL); + if (unveil(f->tname, "rwc") == -1) + exitf("unveil"); + if (unveil(NULL, NULL) == -1) + exitf("unveil"); + if (pledge("stdio flock rpath wpath cpath", NULL) == -1) + exitf("pledge"); +#endif if (cmd->run == NULL) exitf("Command not set"); |