Chromium Code Reviews Chromium Code Reviews
Issue 1253363004:
ozone gbm: whitelist 3 DRM ioctl code for native GpuMemoryBuffer. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
| diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
| index 58ffb843a8717c9f659d95db465b0c56a9f3a3b3..7dae38763748051bfbde7f8415ea37865e998dce 100644 |
| --- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
| +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc |
| @@ -35,6 +35,9 @@ |
| // PNaCl toolchain does not provide sys/ioctl.h header. |
| #if !defined(OS_NACL_NONSFI) |
| #include <sys/ioctl.h> |
| +#if defined(USE_VGEM_MAP) |
| +#include <libdrm/vgem_drm.h> |
| +#endif |
| #endif |
| #if defined(OS_ANDROID) |
| @@ -150,9 +153,15 @@ ResultExpr RestrictPrctl() { |
| } |
| ResultExpr RestrictIoctl() { |
| - const Arg<int> request(1); |
| - return Switch(request).CASES((TCGETS, FIONREAD), Allow()).Default( |
| - CrashSIGSYSIoctl()); |
| + const Arg<unsigned int> request(1); |
| + return Switch(request) |
| + .CASES((static_cast<unsigned int>(TCGETS), FIONREAD), Allow()) |
|
spang
2015/08/21 17:28:51
Why unsigned int rather than unsigned long? The ac
mdempsky
2015/08/21 17:39:47
Annoying. POSIX and the Linux man pages say reque
dshwang
2015/08/21 18:26:33
Thx for investigation. I rollback this code to ens
|
| +#if defined(USE_VGEM_MAP) |
| + .CASES((DRM_IOCTL_GEM_CLOSE, DRM_IOCTL_VGEM_MODE_MAP_DUMB, |
| + DRM_IOCTL_PRIME_FD_TO_HANDLE), |
| + Allow()) |
| +#endif |
| + .Default(CrashSIGSYSIoctl()); |
| } |
| ResultExpr RestrictMmapFlags() { |
