ozone gbm: whitelist 3 DRM ioctl code for native GpuMemoryBuffer.

sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 58ffb843a8717c9f659d95db465b0c56a9f3a3b3..f5d2abf9fd180f704dccca6c148c732d2813c386 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -35,6 +35,9 @@
 // PNaCl toolchain does not provide sys/ioctl.h header.
 #if !defined(OS_NACL_NONSFI)
 #include <sys/ioctl.h>
+#if defined(USE_VGEM_MAP)
+#include <libdrm/vgem_drm.h>
+#endif
 #endif
 
 #if defined(OS_ANDROID)
@@ -150,9 +153,21 @@ ResultExpr RestrictPrctl() {
 }
 
 ResultExpr RestrictIoctl() {
-  const Arg<int> request(1);
-  return Switch(request).CASES((TCGETS, FIONREAD), Allow()).Default(
-      CrashSIGSYSIoctl());
+// The type of DRM_IOCTL_XXX macro is long unsigned int.
+#if defined(USE_VGEM_MAP)
+  auto reference_type = DRM_IOCTL_GEM_CLOSE;
+#else
+  auto reference_type = TCGETS;

[spang, 2015/08/21 15:55:15]

If decltype(TCGETS) is actually too narrow, then it isn't correct and should
never be used.

Maybe we should just cast to "unsigned long" like the ioctl() declaration
actually says?

[dshwang, 2015/08/21 16:37:40]

that's better idea. ioctl() gets "unsigned long" request, but TCGETS macro is
just int.
Done.

+#endif
+  const Arg<decltype(reference_type)> request(1);
+  return Switch(request)
+      .CASES(((decltype(reference_type))TCGETS, FIONREAD), Allow())
+#if defined(USE_VGEM_MAP)
+      .CASES((DRM_IOCTL_GEM_CLOSE, DRM_IOCTL_VGEM_MODE_MAP_DUMB,
+              DRM_IOCTL_PRIME_FD_TO_HANDLE),
+             Allow())
+#endif
+      .Default(CrashSIGSYSIoctl());
 }
 
 ResultExpr RestrictMmapFlags() {