Kernel+Userland: Add "settime" pledge promise for setting system time

We now require the "settime" promise from pledged processes who want to
change the system time.

Base/usr/share/man/man2/pledge.md

@@ -44,6 +44,7 @@ If `promises` or `execpromises` is null, the corresponding value is unchanged.
 * `shared_buffer`: Shared memory buffers (\*)
 * `chroot`: The [`chroot(2)`](chroot.md) syscall (\*)
 * `video`: May use [`ioctl(2)`](ioctl.md) and [`mmap(2)`](mmap.md) on framebuffer video devices
+* `settime`: Changing the system time and date
 
 Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`.
 

Kernel/Process.cpp

@@ -4360,7 +4360,7 @@ int Process::sys$clock_gettime(clockid_t clock_id, timespec* user_ts)
 
 int Process::sys$clock_settime(clockid_t clock_id, timespec* user_ts)
 {
-    REQUIRE_PROMISE(stdio);
+    REQUIRE_PROMISE(settime);
 
     if (!is_superuser())
         return -EPERM;

Kernel/Process.h

@@ -53,24 +53,25 @@ void kgettimeofday(timeval&);
 
 extern VirtualAddress g_return_to_ring3_from_signal_trampoline;
 
-#define ENUMERATE_PLEDGE_PROMISES      \
-    __ENUMERATE_PLEDGE_PROMISE(stdio)  \
-    __ENUMERATE_PLEDGE_PROMISE(rpath)  \
-    __ENUMERATE_PLEDGE_PROMISE(wpath)  \
-    __ENUMERATE_PLEDGE_PROMISE(cpath)  \
-    __ENUMERATE_PLEDGE_PROMISE(dpath)  \
-    __ENUMERATE_PLEDGE_PROMISE(inet)   \
-    __ENUMERATE_PLEDGE_PROMISE(id)     \
-    __ENUMERATE_PLEDGE_PROMISE(proc)   \
-    __ENUMERATE_PLEDGE_PROMISE(exec)   \
-    __ENUMERATE_PLEDGE_PROMISE(unix)   \
-    __ENUMERATE_PLEDGE_PROMISE(fattr)  \
-    __ENUMERATE_PLEDGE_PROMISE(tty)    \
-    __ENUMERATE_PLEDGE_PROMISE(chown)  \
-    __ENUMERATE_PLEDGE_PROMISE(chroot) \
-    __ENUMERATE_PLEDGE_PROMISE(thread) \
-    __ENUMERATE_PLEDGE_PROMISE(video)  \
-    __ENUMERATE_PLEDGE_PROMISE(accept) \
+#define ENUMERATE_PLEDGE_PROMISES       \
+    __ENUMERATE_PLEDGE_PROMISE(stdio)   \
+    __ENUMERATE_PLEDGE_PROMISE(rpath)   \
+    __ENUMERATE_PLEDGE_PROMISE(wpath)   \
+    __ENUMERATE_PLEDGE_PROMISE(cpath)   \
+    __ENUMERATE_PLEDGE_PROMISE(dpath)   \
+    __ENUMERATE_PLEDGE_PROMISE(inet)    \
+    __ENUMERATE_PLEDGE_PROMISE(id)      \
+    __ENUMERATE_PLEDGE_PROMISE(proc)    \
+    __ENUMERATE_PLEDGE_PROMISE(exec)    \
+    __ENUMERATE_PLEDGE_PROMISE(unix)    \
+    __ENUMERATE_PLEDGE_PROMISE(fattr)   \
+    __ENUMERATE_PLEDGE_PROMISE(tty)     \
+    __ENUMERATE_PLEDGE_PROMISE(chown)   \
+    __ENUMERATE_PLEDGE_PROMISE(chroot)  \
+    __ENUMERATE_PLEDGE_PROMISE(thread)  \
+    __ENUMERATE_PLEDGE_PROMISE(video)   \
+    __ENUMERATE_PLEDGE_PROMISE(accept)  \
+    __ENUMERATE_PLEDGE_PROMISE(settime) \
     __ENUMERATE_PLEDGE_PROMISE(shared_buffer)
 
 enum class Pledge : u32 {

Userland/date.cpp

@@ -26,13 +26,14 @@
 
 #include <AK/String.h>
 #include <LibCore/DateTime.h>
+#include <LibCore/DateTime.h>
 #include <stdio.h>
 #include <string.h>
 #include <time.h>
 
 int main(int argc, char** argv)
 {
-    if (pledge("stdio", nullptr) < 0) {
+    if (pledge("stdio settime", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -47,10 +48,14 @@ int main(int argc, char** argv)
         bool ok;
         timespec ts = { String(argv[2]).to_uint(ok), 0 };
         if (!ok) {
-            printf("date: Invalid timestamp value\n");
+            fprintf(stderr, "date: Invalid timestamp value");
             return 1;
         }
-        return clock_settime(CLOCK_REALTIME, &ts);
+        if (clock_settime(CLOCK_REALTIME, &ts) < 0) {
+            perror("clock_settime");
+            return 1;
+        }
+        return 0;
     }
 
     printf("%s\n", Core::DateTime::from_timestamp(now).to_string().characters());