Skip to content

Commit e74e5de

Browse files
bentleybentley
committed
SDL: Add option to drop privileges with unveil()/pledge()
1 parent 6f336ce commit e74e5de

File tree

2 files changed

+107
-0
lines changed

2 files changed

+107
-0
lines changed

CMakeLists.txt

+10
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ if (NOT WIN32)
2323
set(USE_EDITLINE ON CACHE BOOL "Whether or not to enable the CLI-mode debugger")
2424
endif()
2525
set(USE_GDB_STUB ON CACHE BOOL "Whether or not to enable the GDB stub ARM debugger")
26+
set(USE_PLEDGE_UNVEIL OFF CACHE BOOL "Whether or not to drop privileges with pledge and unveil")
2627
set(USE_FFMPEG ON CACHE BOOL "Whether or not to enable FFmpeg support")
2728
set(USE_ZLIB ON CACHE BOOL "Whether or not to enable zlib support")
2829
set(USE_MINIZIP ON CACHE BOOL "Whether or not to enable external minizip support")
@@ -475,6 +476,10 @@ find_feature(USE_SQLITE3 "sqlite3")
475476
find_feature(USE_ELF "libelf")
476477
find_feature(ENABLE_PYTHON "PythonLibs")
477478

479+
if(USE_PLEDGE_UNVEIL)
480+
set(USE_EPOXY OFF)
481+
endif()
482+
478483
if(USE_FFMPEG)
479484
set(USE_LIBAVRESAMPLE ON)
480485
set(USE_LIBSWRESAMPLE ON)
@@ -515,6 +520,10 @@ if(USE_GDB_STUB)
515520
endif()
516521
source_group("Debugger" FILES ${DEBUGGER_SRC})
517522

523+
if(USE_PLEDGE_UNVEIL)
524+
list(APPEND FEATURES PLEDGE_UNVEIL)
525+
endif()
526+
518527
if(USE_FFMPEG)
519528
list(APPEND FEATURES FFMPEG)
520529
if(USE_LIBSWRESAMPLE)
@@ -1229,6 +1238,7 @@ if(NOT QUIET)
12291238
message(STATUS " CLI debugger: ${USE_EDITLINE}")
12301239
endif()
12311240
message(STATUS " GDB stub: ${USE_GDB_STUB}")
1241+
message(STATUS " pledge/unveil: ${USE_PLEDGE_UNVEIL}")
12321242
message(STATUS " Video recording: ${USE_FFMPEG}")
12331243
message(STATUS " GIF recording: ${USE_MAGICK}")
12341244
message(STATUS " Screenshot/advanced savestate support: ${USE_PNG}")

src/platform/sdl/main.c

+97
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,27 @@ static void mSDLDeinit(struct mSDLRenderer* renderer);
4444

4545
static int mSDLRun(struct mSDLRenderer* renderer, struct mArguments* args);
4646

47+
#ifdef USE_PLEDGE_UNVEIL
48+
#include <dirent.h>
49+
static bool mUnveil(struct mCore* core);
50+
static bool mPledgeBroad(struct mArguments* args);
51+
static bool mPledgeNarrow(struct mArguments* args);
52+
53+
struct VDirDE;
54+
struct VDirEntryDE {
55+
struct VDirEntry d;
56+
struct VDirDE* p;
57+
struct dirent* ent;
58+
};
59+
60+
struct VDirDE {
61+
struct VDir d;
62+
DIR* de;
63+
struct VDirEntryDE vde;
64+
char* path;
65+
};
66+
#endif
67+
4768
static struct VFile* _state = NULL;
4869

4970
static void _loadState(struct mCoreThread* thread) {
@@ -150,6 +171,15 @@ int main(int argc, char** argv) {
150171
renderer.player.bindings = &renderer.core->inputMap;
151172
mSDLInitBindingsGBA(&renderer.core->inputMap);
152173
mSDLInitEvents(&renderer.events);
174+
175+
#ifdef USE_PLEDGE_UNVEIL
176+
if (!mPledgeBroad(&args)) {
177+
freeArguments(&args);
178+
fprintf(stderr, "pledge\n");
179+
return 1;
180+
}
181+
#endif
182+
153183
mSDLEventsLoadConfig(&renderer.events, mCoreConfigGetInput(&renderer.core->config));
154184
mSDLAttachPlayer(&renderer.events, &renderer.player);
155185
mSDLPlayerLoadConfig(&renderer.player, mCoreConfigGetInput(&renderer.core->config));
@@ -247,6 +277,17 @@ int mSDLRun(struct mSDLRenderer* renderer, struct mArguments* args) {
247277
state->close(state);
248278
}
249279
}
280+
#ifdef USE_PLEDGE_UNVEIL
281+
if (!mUnveil(renderer->core)) {
282+
didFail = true;
283+
fprintf(stderr, "unveil\n");
284+
}
285+
286+
if (!mPledgeNarrow(args)) {
287+
didFail = true;
288+
fprintf(stderr, "pledge\n");
289+
}
290+
#endif
250291
renderer->runloop(renderer, &thread);
251292
mSDLPauseAudio(&renderer->audio);
252293
if (mCoreThreadHasCrashed(&thread)) {
@@ -295,3 +336,59 @@ static void mSDLDeinit(struct mSDLRenderer* renderer) {
295336

296337
SDL_Quit();
297338
}
339+
340+
#ifdef USE_PLEDGE_UNVEIL
341+
static bool mUnveil(struct mCore* core) {
342+
int slot, snret;
343+
char name[PATH_MAX];
344+
struct VDirDE *base = (struct VDirDE*) core->dirs.base;
345+
for (slot = 1; slot < 10; slot++) {
346+
snret = snprintf(name, sizeof(name), "%s/%s.ss%i", base->path, core->dirs.baseName, slot);
347+
if (snret == -1 || snret >= sizeof(name)) {
348+
return false;
349+
}
350+
if (unveil(name, "rwc") == -1) {
351+
return false;
352+
}
353+
}
354+
return true;
355+
}
356+
357+
static bool mPledgeBroad(struct mArguments *args) {
358+
if (args->debuggerType == DEBUGGER_CLI) {
359+
if (pledge("stdio rpath wpath cpath inet fattr unix dns tty drm audio unveil", NULL) == -1) {
360+
return false;
361+
}
362+
#ifdef USE_GDB_STUB
363+
} else if (args->debuggerType == DEBUGGER_GDB) {
364+
if (pledge("stdio rpath wpath cpath inet fattr unix dns drm audio unveil", NULL) == -1) {
365+
return false;
366+
}
367+
#endif
368+
} else {
369+
if (pledge("stdio rpath wpath cpath inet fattr unix dns drm audio unveil", NULL) == -1) {
370+
return false;
371+
}
372+
}
373+
return true;
374+
}
375+
376+
static bool mPledgeNarrow(struct mArguments *args) {
377+
if (args->debuggerType == DEBUGGER_CLI) {
378+
if (pledge("stdio rpath wpath cpath fattr tty drm audio", NULL) == -1) {
379+
return false;
380+
}
381+
#ifdef USE_GDB_STUB
382+
} else if (args->debuggerType == DEBUGGER_GDB) {
383+
if (pledge("stdio rpath wpath cpath inet fattr drm audio", NULL) == -1) {
384+
return false;
385+
}
386+
#endif
387+
} else {
388+
if (pledge("stdio rpath wpath cpath fattr drm audio", NULL) == -1) {
389+
return false;
390+
}
391+
}
392+
return true;
393+
}
394+
#endif

0 commit comments

Comments
 (0)