add restricted filesystem access to sel_ldr

src/trusted/service_runtime/nacl_syscall_common.c

Index: src/trusted/service_runtime/nacl_syscall_common.c
diff --git a/src/trusted/service_runtime/nacl_syscall_common.c b/src/trusted/service_runtime/nacl_syscall_common.c
index 4a19502c52ceb198b07054532eb055a5b5a998ec..4fa07133d4e5605af5df2d13a3f19051f9f7f811 100644
--- a/src/trusted/service_runtime/nacl_syscall_common.c
+++ b/src/trusted/service_runtime/nacl_syscall_common.c
@@ -12,6 +12,7 @@
 
 #include <errno.h>
 #include <stdio.h>
+#include <string.h>
 
 #include "native_client/src/include/build_config.h"
 
@@ -91,6 +92,22 @@ void NaClInsecurelyBypassAllAclChecks(void) {
   NaClAclBypassChecks = 1;
 }
 
+char *NaClRootFolder = NULL;
+size_t NaClRootFolderLen = 0;
+
+void NaClMountRootFolder(char *root) {
+  /*
+   * TODO(jtolds): sanitize root, make sure it's well-formed, and does not
+   * end with a trailing slash.

[jtolds, 2015/06/25 23:05:05]

hmm, i guess we'll need to use a path separator. not sure how this prefix
approach works with windows and drive letters. do binaries inside native client
use backslashes and drive letters?

[Mark Seaborn, 2015/06/25 23:55:08]

I also don't know what the exact rules would need to be for Windows.

It would be reasonable to make this functionality Unix-only for this CL.  So
"-m" could report an error on Windows.

+   */
+  NaClRootFolder = strdup(root);
+  NaClRootFolderLen = strlen(NaClRootFolder);
+}
+
+int NaClFileAccessEnabled(void) {
+  return NaClAclBypassChecks || (NaClRootFolder != NULL);
+}
+
 int NaClHighResolutionTimerEnabled(void) {
   return NaClAclBypassChecks;
 }
@@ -705,7 +722,7 @@ int32_t NaClSysSysconf(struct NaClAppThread *natp,
       break;
     }
     case NACL_ABI__SC_NACL_FILE_ACCESS_ENABLED: {
-      result_value = NaClAclBypassChecks;
+      result_value = NaClFileAccessEnabled();
       break;
     }
     case NACL_ABI__SC_NACL_LIST_MAPPINGS_ENABLED: {