From 7a83026997582f5ec23a292dd0b0a4248bc1c141 Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Sat, 19 Sep 2020 18:58:52 +0100
Subject: [PATCH] privsep: Fold capsicum and pledge entry points into
 ps_entersandbox

---
 src/privsep-bpf.c     | 13 +------------
 src/privsep-control.c | 13 +------------
 src/privsep-inet.c    | 23 +++--------------------
 src/privsep.c         | 36 +++++++++++++++++++++++-------------
 src/privsep.h         |  4 +++-
 5 files changed, 31 insertions(+), 58 deletions(-)

diff --git a/src/privsep-bpf.c b/src/privsep-bpf.c
index 3025fda8..9009083e 100644
--- a/src/privsep-bpf.c
+++ b/src/privsep-bpf.c
@@ -53,10 +53,6 @@
 #include "logerr.h"
 #include "privsep.h"
 
-#ifdef HAVE_CAPSICUM
-#include <sys/capsicum.h>
-#endif
-
 static void
 ps_bpf_recvbpf(void *arg)
 {
@@ -244,14 +240,7 @@ ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg)
 		ps_freeprocess(psp);
 		return -1;
 	case 0:
-#ifdef HAVE_CAPSICUM
-		if (cap_enter() == -1 && errno != ENOSYS)
-			logerr("%s: cap_enter", __func__);
-#endif
-#ifdef HAVE_PLEDGE
-		if (pledge("stdio", NULL) == -1)
-			logerr("%s: pledge", __func__);
-#endif
+		ps_entersandbox("stdio");
 		break;
 	default:
 #ifdef PRIVSEP_DEBUG
diff --git a/src/privsep-control.c b/src/privsep-control.c
index 01a8acd7..8d8534dc 100644
--- a/src/privsep-control.c
+++ b/src/privsep-control.c
@@ -36,10 +36,6 @@
 #include "logerr.h"
 #include "privsep.h"
 
-#ifdef HAVE_CAPSICUM
-#include <sys/capsicum.h>
-#endif
-
 static int
 ps_ctl_startcb(void *arg)
 {
@@ -267,14 +263,7 @@ ps_ctl_start(struct dhcpcd_ctx *ctx)
 	    ps_ctl_listen, ctx) == -1)
 		return -1;
 
-#ifdef HAVE_CAPSICUM
-	if (cap_enter() == -1 && errno != ENOSYS)
-		logerr("%s: cap_enter", __func__);
-#endif
-#ifdef HAVE_PLEDGE
-	if (pledge("stdio inet", NULL) == -1)
-		logerr("%s: pledge", __func__);
-#endif
+	ps_entersandbox("stdio inet");
 	return 0;
 }
 
diff --git a/src/privsep-inet.c b/src/privsep-inet.c
index 89ba79e0..bac3a7b1 100644
--- a/src/privsep-inet.c
+++ b/src/privsep-inet.c
@@ -47,10 +47,6 @@
 #include "logerr.h"
 #include "privsep.h"
 
-#ifdef HAVE_CAPSICUM
-#include <sys/capsicum.h>
-#endif
-
 #ifdef INET
 static void
 ps_inet_recvbootp(void *arg)
@@ -337,14 +333,8 @@ ps_inet_start(struct dhcpcd_ctx *ctx)
 	    ps_inet_startcb, NULL,
 	    PSF_DROPPRIVS);
 
-#ifdef HAVE_CAPSICUM
-	if (pid == 0 && cap_enter() == -1 && errno != ENOSYS)
-		logerr("%s: cap_enter", __func__);
-#endif
-#ifdef HAVE_PLEDGE
-	if (pid == 0 && pledge("stdio", NULL) == -1)
-		logerr("%s: pledge", __func__);
-#endif
+	if (pid == 0)
+		ps_entersandbox("stdio");
 
 	return pid;
 }
@@ -570,14 +560,7 @@ ps_inet_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg)
 		ps_freeprocess(psp);
 		return -1;
 	case 0:
-#ifdef HAVE_CAPSICUM
-		if (cap_enter() == -1 && errno != ENOSYS)
-			logerr("%s: cap_enter", __func__);
-#endif
-#ifdef HAVE_PLEDGE
-		if (pledge("stdio", NULL) == -1)
-			logerr("%s: pledge", __func__);
-#endif
+		ps_entersandbox("stdio");
 		break;
 	default:
 		break;
diff --git a/src/privsep.c b/src/privsep.c
index f92ef45b..1841fb36 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -489,6 +489,28 @@ started_net:
 	return 1;
 }
 
+int
+ps_entersandbox(const char *_pledge)
+{
+
+#ifdef HAVE_CAPSICUM
+	if (cap_enter() == -1 && errno != ENOSYS) {
+		logerr("%s: cap_enter", __func__);
+		return -1;
+	}
+#endif
+#ifdef HAVE_PLEDGE
+	if (pledge(_pledge, NULL) == -1) {
+		logerr("%s: pledge", __func__);
+		return -1;
+	}
+#else
+	UNUSED(_pledge);
+#endif
+
+	return 0;
+}
+
 int
 ps_mastersandbox(struct dhcpcd_ctx *ctx)
 {
@@ -508,20 +530,8 @@ ps_mastersandbox(struct dhcpcd_ctx *ctx)
 		return -1;
 	}
 #endif
-#ifdef HAVE_CAPSICUM
-	if (cap_enter() == -1 && errno != ENOSYS) {
-		logerr("%s: cap_enter", __func__);
-		return -1;
-	}
-#endif
-#ifdef HAVE_PLEDGE
-	if (pledge("stdio route", NULL) == -1) {
-		logerr("%s: pledge", __func__);
-		return -1;
-	}
-#endif
 
-	return 0;
+	return ps_entersandbox("stdio route");
 }
 
 int
diff --git a/src/privsep.h b/src/privsep.h
index c7895432..8d73af0e 100644
--- a/src/privsep.h
+++ b/src/privsep.h
@@ -92,7 +92,6 @@
 #define	IN_PRIVSEP_SE(ctx)	\
 	(((ctx)->options & (DHCPCD_PRIVSEP | DHCPCD_FORKED)) == DHCPCD_PRIVSEP)
 
-
 #if defined(PRIVSEP) && defined(HAVE_CAPSICUM)
 #define PRIVSEP_RIGHTS
 #endif
@@ -168,6 +167,7 @@ TAILQ_HEAD(ps_process_head, ps_process);
 int ps_init(struct dhcpcd_ctx *);
 int ps_start(struct dhcpcd_ctx *);
 int ps_stop(struct dhcpcd_ctx *);
+int ps_entersandbox(const char *);
 int ps_mastersandbox(struct dhcpcd_ctx *);
 
 int ps_unrollmsg(struct msghdr *, struct ps_msghdr *, const void *, size_t);
@@ -185,6 +185,7 @@ ssize_t ps_recvpsmsg(struct dhcpcd_ctx *, int,
 
 /* Internal privsep functions. */
 int ps_setbuf_fdpair(int []);
+
 #ifdef PRIVSEP_RIGHTS
 int ps_rights_limit_ioctl(int);
 int ps_rights_limit_fd_fctnl(int);
@@ -192,6 +193,7 @@ int ps_rights_limit_fd_rdonly(int);
 int ps_rights_limit_fd(int);
 int ps_rights_limit_fdpair(int []);
 #endif
+
 pid_t ps_dostart(struct dhcpcd_ctx * ctx,
     pid_t *priv_pid, int *priv_fd,
     void (*recv_msg)(void *), void (*recv_unpriv_msg),
-- 
2.47.3