Kernel: Don't check pledges or veil against code coverage data files

Coverage tools like LLVM's source-based coverage or GNU's --coverage need to be able to write out coverage files from any binary, regardless of its security posture. Not ignoring these pledges and veils means we can't get our coverage data out without playing some serious tricks. However this is pretty terrible for normal exeuction, so only skip these checks when we explicitly configured userspace for coverage.
2025-12-25 10:48:41 +00:00 · 2022-03-04 18:05:24 -07:00
parent 5120b39d0e
commit f08e91f67e
3 changed files with 30 additions and 8 deletions
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@@ -771,6 +771,13 @@ ErrorOr<void> VirtualFileSystem::validate_path_against_process_veil(StringView p
    VERIFY(!path.contains("/../"sv) && !path.ends_with("/.."sv));
    VERIFY(!path.contains("/./"sv) && !path.ends_with("/."sv));

+#ifdef SKIP_PATH_VALIDATION_FOR_COVERAGE_INSTRUMENTATION
+    // Skip veil validation against profile data when coverage is enabled for userspace
+    // so that all processes can write out coverage data even with veils in place
+    if (KLexicalPath::basename(path).ends_with(".profraw"sv))
+        return {};
+#endif
+
    auto& unveiled_path = find_matching_unveiled_path(path);
    if (unveiled_path.permissions() == UnveilAccess::None) {
        dbgln("Rejecting path '{}' since it hasn't been unveiled.", path);