Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(243)

Unified Diff: src/trusted/service_runtime/sys_fdio.c

Issue 1211173002: add restricted filesystem access to sel_ldr Base URL: https://chromium.googlesource.com/native_client/src/native_client.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: src/trusted/service_runtime/sys_fdio.c
diff --git a/src/trusted/service_runtime/sys_fdio.c b/src/trusted/service_runtime/sys_fdio.c
index dfa5c5b30584d292298546200a93549d90ca0076..7de268cf86d5e974d4897595e249c0c466d07598 100644
--- a/src/trusted/service_runtime/sys_fdio.c
+++ b/src/trusted/service_runtime/sys_fdio.c
@@ -135,7 +135,7 @@ int32_t NaClSysGetdents(struct NaClAppThread *natp,
"%"NACL_PRIuS"[0x%"NACL_PRIxS"])\n"),
(uintptr_t) natp, d, dirp, count, count);
- if (!NaClAclBypassChecks) {
+ if (!NaClAclBypassChecks && NaClRootFolder == NULL) {
jtolds 2015/06/25 23:05:05 definitely worried the most about Getdents here. D
Mark Seaborn 2015/06/25 23:55:09 The ".." entries reported by getdents() don't conv
/*
* Filesystem access is disabled, so disable the getdents() syscall.
* We do this for security hardening, though it should be redundant,
@@ -416,7 +416,7 @@ int32_t NaClSysFstat(struct NaClAppThread *natp,
retval = (*((struct NaClDescVtbl const *) ndp->base.vtbl)->
Fstat)(ndp, &result);
if (0 == retval) {
- if (!NaClAclBypassChecks) {
+ if (!NaClAclBypassChecks && NaClRootFolder == NULL) {
result.nacl_abi_st_ino = NACL_FAKE_INODE_NUM;
}
if (!NaClCopyOutToUser(nap, nasp, &result, sizeof result)) {

Powered by Google App Engine
This is Rietveld 408576698