Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(750)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp/ioctl.cc

Issue 371047: Allow the seccomp sandbox to be enabled, even if the suid sandbox has... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp/exit.cc ('k') | sandbox/linux/seccomp/ipc.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Property Changes:
Added: svn:eol-style
+ LF
OLDNEW
1 #include "debug.h" 1 #include "debug.h"
2 #include "sandbox_impl.h" 2 #include "sandbox_impl.h"
3 3
4 namespace playground { 4 namespace playground {
5 5
6 int Sandbox::sandbox_ioctl(int d, int req, void *arg) { 6 int Sandbox::sandbox_ioctl(int d, int req, void *arg) {
7 Debug::syscall(__NR_ioctl, "Executing handler"); 7 Debug::syscall(__NR_ioctl, "Executing handler");
8 struct { 8 struct {
9 int sysnum; 9 int sysnum;
10 long long cookie; 10 long long cookie;
11 IOCtl ioctl_req; 11 IOCtl ioctl_req;
12 } __attribute__((packed)) request; 12 } __attribute__((packed)) request;
13 request.sysnum = __NR_ioctl; 13 request.sysnum = __NR_ioctl;
14 request.cookie = cookie(); 14 request.cookie = cookie();
15 request.ioctl_req.d = d; 15 request.ioctl_req.d = d;
16 request.ioctl_req.req = req; 16 request.ioctl_req.req = req;
17 request.ioctl_req.arg = arg; 17 request.ioctl_req.arg = arg;
18 18
19 long rc; 19 long rc;
20 SysCalls sys; 20 SysCalls sys;
21 if (write(sys, processFdPub(), &request, sizeof(request)) != 21 if (write(sys, processFdPub(), &request, sizeof(request)) !=
22 sizeof(request) || 22 sizeof(request) ||
23 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) { 23 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) {
24 die("Failed to forward ioctl() request [sandbox]"); 24 die("Failed to forward ioctl() request [sandbox]");
25 } 25 }
26 return static_cast<int>(rc); 26 return static_cast<int>(rc);
27 } 27 }
28 28
29 bool Sandbox::process_ioctl(int parentProc, int sandboxFd, int threadFdPub, 29 bool Sandbox::process_ioctl(int parentMapsFd, int sandboxFd, int threadFdPub,
30 int threadFd, SecureMem::Args* mem) { 30 int threadFd, SecureMem::Args* mem) {
31 // Read request 31 // Read request
32 IOCtl ioctl_req; 32 IOCtl ioctl_req;
33 SysCalls sys; 33 SysCalls sys;
34 if (read(sys, sandboxFd, &ioctl_req, sizeof(ioctl_req)) !=sizeof(ioctl_req)){ 34 if (read(sys, sandboxFd, &ioctl_req, sizeof(ioctl_req)) !=sizeof(ioctl_req)){
35 die("Failed to read parameters for ioctl() [process]"); 35 die("Failed to read parameters for ioctl() [process]");
36 } 36 }
37 int rc = -EINVAL; 37 int rc = -EINVAL;
38 switch (ioctl_req.req) { 38 switch (ioctl_req.req) {
39 case TCGETS: 39 case TCGETS:
40 case TIOCGWINSZ: 40 case TIOCGWINSZ:
41 SecureMem::sendSystemCall(threadFdPub, false, -1, mem, __NR_ioctl, 41 SecureMem::sendSystemCall(threadFdPub, false, -1, mem, __NR_ioctl,
42 ioctl_req.d, ioctl_req.req, ioctl_req.arg); 42 ioctl_req.d, ioctl_req.req, ioctl_req.arg);
43 return true; 43 return true;
44 default: 44 default:
45 std::cerr << "Unsupported ioctl: 0x" << std::hex << ioctl_req.req << 45 std::cerr << "Unsupported ioctl: 0x" << std::hex << ioctl_req.req <<
46 std::endl; 46 std::endl;
47 SecureMem::abandonSystemCall(threadFd, rc); 47 SecureMem::abandonSystemCall(threadFd, rc);
48 return false; 48 return false;
49 } 49 }
50 } 50 }
51 51
52 } // namespace 52 } // namespace
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp/exit.cc ('k') | sandbox/linux/seccomp/ipc.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698