Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
index 58ffb843a8717c9f659d95db465b0c56a9f3a3b3..7dae38763748051bfbde7f8415ea37865e998dce 100644 |
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
@@ -35,6 +35,9 @@ |
// PNaCl toolchain does not provide sys/ioctl.h header. |
#if !defined(OS_NACL_NONSFI) |
#include <sys/ioctl.h> |
+#if defined(USE_VGEM_MAP) |
+#include <libdrm/vgem_drm.h> |
+#endif |
#endif |
#if defined(OS_ANDROID) |
@@ -150,9 +153,15 @@ ResultExpr RestrictPrctl() { |
} |
ResultExpr RestrictIoctl() { |
- const Arg<int> request(1); |
- return Switch(request).CASES((TCGETS, FIONREAD), Allow()).Default( |
- CrashSIGSYSIoctl()); |
+ const Arg<unsigned int> request(1); |
+ return Switch(request) |
+ .CASES((static_cast<unsigned int>(TCGETS), FIONREAD), Allow()) |
spang
2015/08/21 17:28:51
Why unsigned int rather than unsigned long? The ac
mdempsky
2015/08/21 17:39:47
Annoying. POSIX and the Linux man pages say reque
dshwang
2015/08/21 18:26:33
Thx for investigation. I rollback this code to ens
|
+#if defined(USE_VGEM_MAP) |
+ .CASES((DRM_IOCTL_GEM_CLOSE, DRM_IOCTL_VGEM_MODE_MAP_DUMB, |
+ DRM_IOCTL_PRIME_FD_TO_HANDLE), |
+ Allow()) |
+#endif |
+ .Default(CrashSIGSYSIoctl()); |
} |
ResultExpr RestrictMmapFlags() { |