From f7164352607342195c009ed60545ea27fc393b76 Mon Sep 17 00:00:00 2001
From: Justine Tunney <jtunney@gmail.com>
Date: Tue, 19 Jul 2022 02:54:10 -0700
Subject: [PATCH] Whitelist some more system calls with pledge()

---
 libc/mem/pledge.c     | 39 +++++++++++++++++++++++++++++++++------
 libc/sysv/syscalls.sh |  3 +--
 2 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/libc/mem/pledge.c b/libc/mem/pledge.c
index 0cc55acf0..3370982c7 100644
--- a/libc/mem/pledge.c
+++ b/libc/mem/pledge.c
@@ -50,7 +50,13 @@
 #define LOCK      0x8000
 #define TTY       0x8000
 
-#define OFF(f)         offsetof(struct seccomp_data, f)
+// TODO(jart): fix chibicc
+#ifdef __chibicc__
+#define OFF(f) -1
+#else
+#define OFF(f) offsetof(struct seccomp_data, f)
+#endif
+
 #define PLEDGE(pledge) pledge, ARRAYLEN(pledge)
 
 struct Filter {
@@ -105,8 +111,13 @@ static const uint16_t kPledgeLinuxStdio[] = {
     __NR_linux_getresuid,          //
     __NR_linux_getitimer,          //
     __NR_linux_setitimer,          //
+    __NR_linux_timerfd_create,     //
+    __NR_linux_timerfd_settime,    //
+    __NR_linux_timerfd_gettime,    //
     __NR_linux_gettimeofday,       //
     __NR_linux_copy_file_range,    //
+    __NR_linux_sendfile,           //
+    __NR_linux_vmsplice,           //
     __NR_linux_splice,             //
     __NR_linux_lseek,              //
     __NR_linux_tee,                //
@@ -114,6 +125,7 @@ static const uint16_t kPledgeLinuxStdio[] = {
     __NR_linux_mmap,               //
     __NR_linux_msync,              //
     __NR_linux_munmap,             //
+    __NR_linux_mincore,            //
     __NR_linux_madvise,            //
     __NR_linux_fadvise,            //
     __NR_linux_mprotect,           //
@@ -123,10 +135,20 @@ static const uint16_t kPledgeLinuxStdio[] = {
     __NR_linux_pipe,               //
     __NR_linux_pipe2,              //
     __NR_linux_poll,               //
+    __NR_linux_ppoll,              //
     __NR_linux_select,             //
+    __NR_linux_pselect6,           //
+    __NR_linux_epoll_create,       //
+    __NR_linux_epoll_create1,      //
+    __NR_linux_epoll_ctl,          //
+    __NR_linux_epoll_wait,         //
+    __NR_linux_epoll_pwait,        //
+    __NR_linux_epoll_pwait2,       //
     __NR_linux_recvfrom,           //
     __NR_linux_sendto | ADDRLESS,  //
     __NR_linux_ioctl,              //
+    __NR_linux_alarm,              //
+    __NR_linux_pause,              //
     __NR_linux_shutdown,           //
     __NR_linux_sigaction,          //
     __NR_linux_sigaltstack,        //
@@ -138,6 +160,7 @@ static const uint16_t kPledgeLinuxStdio[] = {
     __NR_linux_wait4,              //
     __NR_linux_uname,              //
     __NR_linux_prctl,              //
+    __NR_linux_sched_yield,        //
 };
 
 static const uint16_t kPledgeLinuxFlock[] = {
@@ -275,6 +298,7 @@ static const uint16_t kPledgeLinuxProc[] = {
 static const uint16_t kPledgeLinuxThread[] = {
     __NR_linux_clone,            //
     __NR_linux_futex,            //
+    __NR_linux_tgkill,           //
     __NR_linux_set_robust_list,  //
     __NR_linux_get_robust_list,  //
 };
@@ -1206,11 +1230,14 @@ static void FixupOpenbsdPromises(char *p) {
  *   weird flags aren't allowed), mprotect (PROT_EXEC isn't allowed),
  *   msync, munmap, nanosleep, pipe, pipe2, read, readv, pread, recv,
  *   poll, recvfrom, preadv, write, writev, pwrite, pwritev, select,
- *   send, sendto (only if addr is null), setitimer, shutdown, sigaction
- *   (but SIGSYS is forbidden), sigaltstack, sigprocmask, sigreturn,
- *   sigsuspend, umask, socketpair, ioctl(FIONREAD), ioctl(FIONBIO),
- *   ioctl(FIOCLEX), ioctl(FIONCLEX), fcntl(F_GETFD), fcntl(F_SETFD),
- *   fcntl(F_GETFL), fcntl(F_SETFL).
+ *   pselect6, copy_file_range, sendfile, splice, vmsplice, alarm,
+ *   pause, send, sendto (only if addr is null), setitimer, shutdown,
+ *   sigaction (but SIGSYS is forbidden), sigaltstack, sigprocmask,
+ *   sigreturn, sigsuspend, umask, mincore, socketpair, ioctl(FIONREAD),
+ *   ioctl(FIONBIO), ioctl(FIOCLEX), ioctl(FIONCLEX), fcntl(F_GETFD),
+ *   fcntl(F_SETFD), fcntl(F_GETFL), fcntl(F_SETFL), sched_yield,
+ *   epoll_create, epoll_create1, epoll_ctl, epoll_wait, epoll_pwait,
+ *   epoll_pwait2.
  *
  * - "rpath" (read-only path ops) allows chdir, getcwd, open(O_RDONLY),
  *   openat(O_RDONLY), stat, fstat, lstat, fstatat, access,
diff --git a/libc/sysv/syscalls.sh b/libc/sysv/syscalls.sh
index 5a65c2fea..680872a83 100755
--- a/libc/sysv/syscalls.sh
+++ b/libc/sysv/syscalls.sh
@@ -58,8 +58,7 @@ scall	sys_writev		0x0790790792079014	globl hidden
 scall	sys_access		0x0210210212021015	globl hidden
 scall	__sys_pipe		0x02a10721e202a016	globl hidden # NOTE: pipe2() on FreeBSD; XNU is pipe(void)→eax:edx
 scall	sys_select		0x1a104705d205d017	globl hidden
-scall	pselect			0x1b406e20a218afff	globl
-scall	pselect6		0xfffffffffffff10e	globl
+scall	pselect			0x1b406e20a218a10e	globl # pselect6() on gnu/systemd
 scall	sys_sched_yield		0x15e12a14bf25d018	globl hidden # select() on XNU (previously swtch() but removed in 12.4)
 scall	__sys_mremap		0x19bffffffffff019	globl hidden
 scall	sys_mincore		0x04e04e04e204e01b	globl hidden