Hi,
here's two simple diffs (one for the kernel, one for the pledge.2
manpage) that allow me to use my webcam again within firefox when
pledged,, adding 'video' to the main process pledges.
The kernel changes are similar to what was done for 'audio' pledge, and
i took the ioctl list from the ones found in the mozilla codebase:
https://dxr.mozilla.org/mozilla-central/search?q=vidioc&redirect=false
Comments and feedback welcome. Of course, to test it using firefox, you
still need to grant your user access to /dev/video*.
On a sidenote, i noticed the 'disklabel' pledge is not documented in the
manpage, there might be others..
Landry
Index: kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.230
diff -u -r1.230 kern_pledge.c
--- kern_pledge.c 28 Apr 2018 12:49:21 -0000 1.230
+++ kern_pledge.c 24 May 2018 17:00:16 -0000
@@ -42,6 +42,7 @@
#include <sys/dkio.h>
#include <sys/mtio.h>
#include <sys/audioio.h>
+#include <sys/videoio.h>
#include <net/bpf.h>
#include <net/route.h>
#include <net/if.h>
@@ -391,6 +392,7 @@
{ "tmppath", PLEDGE_TMPPATH },
{ "tty", PLEDGE_TTY },
{ "unix", PLEDGE_UNIX },
+ { "video", PLEDGE_VIDEO },
{ "vminfo", PLEDGE_VMINFO },
{ "vmm", PLEDGE_VMM },
{ "wpath", PLEDGE_WPATH },
@@ -1087,6 +1089,30 @@
break;
}
}
+
+ if ((p->p_p->ps_pledge & PLEDGE_VIDEO)) {
+ switch (com) {
+ case VIDIOC_QUERYCAP:
+ case VIDIOC_ENUM_FMT:
+ case VIDIOC_S_FMT:
+ case VIDIOC_G_PARM:
+ case VIDIOC_S_PARM:
+ case VIDIOC_REQBUFS:
+ case VIDIOC_QBUF:
+ case VIDIOC_DQBUF:
+ case VIDIOC_QUERYBUF:
+ case VIDIOC_STREAMON:
+ case VIDIOC_STREAMOFF:
+ case VIDIOC_ENUM_FRAMESIZES:
+ case VIDIOC_ENUM_FRAMEINTERVALS:
+ if (fp->f_type == DTYPE_VNODE &&
+ vp->v_type == VCHR &&
+ cdevsw[major(vp->v_rdev)].d_open == videoopen)
+ return (0);
+ break;
+ }
+ }
+
#if NPF > 0
if ((p->p_p->ps_pledge & PLEDGE_PF)) {
Index: pledge.2
===================================================================
RCS file: /cvs/src/lib/libc/sys/pledge.2,v
retrieving revision 1.52
diff -u -r1.52 pledge.2
--- pledge.2 16 Mar 2018 07:11:03 -0000 1.52
+++ pledge.2 24 May 2018 17:08:42 -0000
@@ -116,6 +116,7 @@
.Va route ,
.Va tape ,
.Va tty ,
+.Va video ,
and
.Va vmm .
.It Xo
@@ -547,6 +548,26 @@
.Dv AUDIO_SETPAR ,
.Dv AUDIO_START ,
.Dv AUDIO_STOP
+.It Va video
+Allows a subset of
+.Xr ioctl 2
+operations on
+.Xr video 4
+devices:
+.Pp
+.Dv VIDIOC_DQBUF ,
+.Dv VIDIOC_ENUM_FMT ,
+.Dv VIDIOC_ENUM_FRAMEINTERVALS ,
+.Dv VIDIOC_ENUM_FRAMESIZES ,
+.Dv VIDIOC_G_PARM ,
+.Dv VIDIOC_QBUF ,
+.Dv VIDIOC_QUERYBUF ,
+.Dv VIDIOC_QUERYCAP ,
+.Dv VIDIOC_S_FMT ,
+.Dv VIDIOC_S_PARM ,
+.Dv VIDIOC_STREAMOFF ,
+.Dv VIDIOC_STREAMON ,
+.Dv VIDIOC_REQBUFS
.It Va bpf
Allow
.Dv BIOCGSTATS
