c18n: Add sysctl controls for compartmentalisation

sys/cheri/cheri.h

@@ -168,6 +168,9 @@ extern u_int	security_cheri_debugger_on_sandbox_syscall;
 extern u_int	security_cheri_syscall_violations;
 extern u_int	security_cheri_bound_legacy_capabilities;
 extern u_int	cheri_cloadtags_stride;
+#ifdef __aarch64__
+extern bool	security_cheri_lib_based_c18n_default;
+#endif
 
 #ifdef __CHERI_PURE_CAPABILITY__
 /*

sys/cheri/cheri_sysctl.c

@@ -70,6 +70,17 @@ SYSCTL_INT(_security_cheri, OID_AUTO, bound_legacy_capabilities,
     CTLFLAG_RWTUN, &security_cheri_bound_legacy_capabilities, 0,
     "Set bounds on userspace capabilities created by legacy ABIs.");
 
+#ifdef __aarch64__
+/*
+ * Set the default state of library-based compartmentalisation (c18n) in
+ * userspace.
+ */
+bool security_cheri_lib_based_c18n_default = false;
+SYSCTL_BOOL(_security_cheri, OID_AUTO, lib_based_c18n_default, CTLFLAG_RWTUN,
+    &security_cheri_lib_based_c18n_default, 0,
+    "Userspace library-based compartmentalisation default");
+#endif
+
 #ifdef CHERI_CAPREVOKE
 /*
  * Set the default state of revocation in userspace.  This is used to

sys/kern/imgact_elf.c

@@ -1849,7 +1849,7 @@ __elfN(freebsd_copyout_auxargs)(struct image_params *imgp, uintcap_t base)
 	 * ELF_BSDF_CHERI_C18N tells the runtime linker to enable library-based
 	 * compartmentalisation.
 	 *
-	 * Precedence: procctl, ELF note.
+	 * Precedence: procctl, ELF note, system default.
 	 * In case of conflicting flags, disable wins.
 	 */
 	if ((imgp->proc->p_flag2 & P2_CHERI_C18N_MASK) != 0) {
@@ -1860,7 +1860,8 @@ __elfN(freebsd_copyout_auxargs)(struct image_params *imgp, uintcap_t base)
 		if ((imgp->proc->p_fctl0 &
 		    NT_FREEBSD_FCTL_CHERI_C18N_DISABLE) == 0)
 			bsdflags |= ELF_BSDF_CHERI_C18N;
-	}
+	} else if (security_cheri_lib_based_c18n_default)
+		bsdflags |= ELF_BSDF_CHERI_C18N;
 #endif
 #if defined(__ELF_CHERI) && defined(CHERI_CAPREVOKE)
 	/*