Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
index 58ffb843a8717c9f659d95db465b0c56a9f3a3b3..dec1b355f212e5da6ee535b90b5c81e25887b210 100644 |
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
@@ -35,6 +35,9 @@ |
// PNaCl toolchain does not provide sys/ioctl.h header. |
#if !defined(OS_NACL_NONSFI) |
#include <sys/ioctl.h> |
+#if defined(USE_OZONE) |
+#include <drm.h> |
+#endif |
#endif |
#if defined(OS_ANDROID) |
@@ -150,9 +153,21 @@ ResultExpr RestrictPrctl() { |
} |
ResultExpr RestrictIoctl() { |
- const Arg<int> request(1); |
- return Switch(request).CASES((TCGETS, FIONREAD), Allow()).Default( |
- CrashSIGSYSIoctl()); |
+// The type of DRM_IOCTL_XXX macro is long unsigned int. |
+#if defined(USE_OZONE) |
+ auto reference_type = DRM_IOCTL_MODE_MAP_DUMB; |
+#else |
+ auto reference_type = TCGETS; |
+#endif |
+ const Arg<decltype(reference_type)> request(1); |
+ return Switch(request) |
+ .CASES(((decltype(reference_type))TCGETS, FIONREAD), Allow()) |
+#if defined(USE_OZONE) |
+ .CASES((DRM_IOCTL_MODE_DESTROY_DUMB, DRM_IOCTL_MODE_MAP_DUMB, |
+ DRM_IOCTL_PRIME_FD_TO_HANDLE), |
+ Allow()) |
+#endif |
+ .Default(CrashSIGSYSIoctl()); |
} |
ResultExpr RestrictMmapFlags() { |