mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-07-14 06:59:10 +00:00
parent
2d64b9994b
commit
10fd8bdb70
1397 changed files with 1204 additions and 5031 deletions
33
libc/calls/_timespec_tonanos.c
Normal file
33
libc/calls/_timespec_tonanos.c
Normal file
|
@ -0,0 +1,33 @@
|
|||
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
||||
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
|
||||
╞══════════════════════════════════════════════════════════════════════════════╡
|
||||
│ Copyright 2022 Justine Alexandra Roberts Tunney │
|
||||
│ │
|
||||
│ Permission to use, copy, modify, and/or distribute this software for │
|
||||
│ any purpose with or without fee is hereby granted, provided that the │
|
||||
│ above copyright notice and this permission notice appear in all copies. │
|
||||
│ │
|
||||
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
||||
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
||||
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
||||
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
||||
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
||||
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
||||
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
||||
│ PERFORMANCE OF THIS SOFTWARE. │
|
||||
╚─────────────────────────────────────────────────────────────────────────────*/
|
||||
#include "libc/calls/struct/timespec.h"
|
||||
#include "libc/limits.h"
|
||||
|
||||
/**
|
||||
* Converts timespec interval to nanoseconds.
|
||||
*/
|
||||
int64_t _timespec_tonanos(struct timespec x) {
|
||||
int64_t ns;
|
||||
if (!__builtin_mul_overflow(x.tv_sec, 1000000000ul, &ns) &&
|
||||
!__builtin_add_overflow(ns, x.tv_nsec, &ns)) {
|
||||
return ns;
|
||||
} else {
|
||||
return INT64_MAX;
|
||||
}
|
||||
}
|
|
@ -33,6 +33,7 @@
|
|||
* - /tmp/
|
||||
*
|
||||
* This guarantees trailing slash.
|
||||
* We also guarantee `kTmpPath` won't be longer than `PATH_MAX / 2`.
|
||||
*/
|
||||
char kTmpPath[PATH_MAX];
|
||||
|
||||
|
@ -46,7 +47,7 @@ __attribute__((__constructor__)) static void kTmpPathInit(void) {
|
|||
uint32_t n;
|
||||
char16_t path16[PATH_MAX];
|
||||
|
||||
if ((s = getenv("TMPDIR")) && (n = strlen(s)) < PATH_MAX) {
|
||||
if ((s = getenv("TMPDIR")) && (n = strlen(s)) < PATH_MAX / 2) {
|
||||
memcpy(kTmpPath, s, n);
|
||||
if (n && kTmpPath[n - 1] != '/') {
|
||||
kTmpPath[n + 0] = '/';
|
||||
|
|
|
@ -8,6 +8,7 @@ struct timespec {
|
|||
};
|
||||
|
||||
int sys_futex(int *, int, int, const struct timespec *, int *);
|
||||
int64_t _timespec_tonanos(struct timespec) pureconst;
|
||||
int64_t _timespec_tomicros(struct timespec) pureconst;
|
||||
int64_t _timespec_tomillis(struct timespec) pureconst;
|
||||
struct timespec _timespec_frommicros(int64_t) pureconst;
|
||||
|
|
|
@ -93,13 +93,15 @@ _Thread_local static struct {
|
|||
} State;
|
||||
|
||||
static int unveil_final(void) {
|
||||
int rc;
|
||||
int e, rc;
|
||||
struct sock_fprog sandbox = {
|
||||
.filter = kUnveilBlacklist,
|
||||
.len = ARRAYLEN(kUnveilBlacklist),
|
||||
};
|
||||
if ((rc = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) != -1 &&
|
||||
(rc = landlock_restrict_self(State.fd, 0)) != -1 &&
|
||||
e = errno;
|
||||
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
|
||||
errno = e;
|
||||
if ((rc = landlock_restrict_self(State.fd, 0)) != -1 &&
|
||||
(rc = sys_close(State.fd)) != -1 &&
|
||||
(rc = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &sandbox)) != -1) {
|
||||
State.fd = 0;
|
||||
|
@ -117,9 +119,11 @@ static int err_close(int rc, int fd) {
|
|||
static int unveil_init(void) {
|
||||
int rc, fd;
|
||||
State.fs_mask = UNVEIL_READ | UNVEIL_WRITE | UNVEIL_EXEC | UNVEIL_CREATE;
|
||||
if ((rc = landlock_create_ruleset(0, 0, LANDLOCK_CREATE_RULESET_VERSION)) <
|
||||
0) {
|
||||
if (errno == EOPNOTSUPP) errno = ENOSYS;
|
||||
if ((rc = landlock_create_ruleset(0, 0, LANDLOCK_CREATE_RULESET_VERSION)) ==
|
||||
-1) {
|
||||
if (errno == EOPNOTSUPP) {
|
||||
errno = ENOSYS;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
if (rc < 2) {
|
||||
|
@ -250,7 +254,7 @@ int sys_unveil_linux(const char *path, const char *permissions) {
|
|||
}
|
||||
|
||||
/**
|
||||
* Restricts filesystem operations, e.g.
|
||||
* Makes files accessible, e.g.
|
||||
*
|
||||
* unveil(".", "r"); // current directory + children are visible
|
||||
* unveil("/etc", "r"); // make /etc readable too
|
||||
|
@ -264,6 +268,10 @@ int sys_unveil_linux(const char *path, const char *permissions) {
|
|||
* should become unhidden. When you're finished, you call `unveil(0,0)`
|
||||
* which commits your policy.
|
||||
*
|
||||
* This function requires OpenBSD or Linux 5.13+. We don't consider lack
|
||||
* of system support to be an ENOSYS error, because the files will still
|
||||
* become unveiled. Therefore we return 0 in such cases.
|
||||
*
|
||||
* There are some differences between unveil() on Linux versus OpenBSD.
|
||||
*
|
||||
* 1. Build your policy and lock it in one go. On OpenBSD, policies take
|
||||
|
@ -333,8 +341,6 @@ int sys_unveil_linux(const char *path, const char *permissions) {
|
|||
* the pledge promise "cpath".
|
||||
*
|
||||
* @return 0 on success, or -1 w/ errno
|
||||
* @raise ENOSYS if host os isn't Linux or OpenBSD
|
||||
* @raise ENOSYS if Landlock isn't supported on this kernel
|
||||
* @raise EINVAL if one argument is set and the other is not
|
||||
* @raise EINVAL if an invalid character in `permissions` was found
|
||||
* @raise EPERM if unveil() is called after locking
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue