diff options
| author | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-11 21:46:07 +0000 |
|---|---|---|
| committer | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-11 21:46:07 +0000 |
| commit | 0fb2bd939380e4d46bad10eb597bff4980ca7db2 (patch) | |
| tree | 79d017b24dfb4d91059b856da7b8ad43764d76e6 /sandbox/linux/seccomp/ioctl.cc | |
| parent | 135b165d2bca7a9a7302eb4f771dc713c8100edb (diff) | |
| download | chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.zip chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.tar.gz chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.tar.bz2 | |
Initial version of the Seccomp sandbox. Imported from http://code.google.com/p/seccompsandbox/
Make the seccomp sandbox dependant on the --enable-seccomp-sandbox flag
Review URL: http://codereview.chromium.org/165310
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23087 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux/seccomp/ioctl.cc')
| -rw-r--r-- | sandbox/linux/seccomp/ioctl.cc | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/sandbox/linux/seccomp/ioctl.cc b/sandbox/linux/seccomp/ioctl.cc new file mode 100644 index 0000000..ac630a7 --- /dev/null +++ b/sandbox/linux/seccomp/ioctl.cc @@ -0,0 +1,52 @@ +#include "debug.h" +#include "sandbox_impl.h" + +namespace playground { + +int Sandbox::sandbox_ioctl(int d, int req, void *arg) { + Debug::syscall(__NR_ioctl, "Executing handler"); + struct { + int sysnum; + long long cookie; + IOCtl ioctl_req; + } __attribute__((packed)) request; + request.sysnum = __NR_ioctl; + request.cookie = cookie(); + request.ioctl_req.d = d; + request.ioctl_req.req = req; + request.ioctl_req.arg = arg; + + long rc; + SysCalls sys; + if (write(sys, processFdPub(), &request, sizeof(request)) != + sizeof(request) || + read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) { + die("Failed to forward ioctl() request [sandbox]"); + } + return static_cast<int>(rc); +} + +bool Sandbox::process_ioctl(int parentProc, int sandboxFd, int threadFdPub, + int threadFd, SecureMem::Args* mem) { + // Read request + IOCtl ioctl_req; + SysCalls sys; + if (read(sys, sandboxFd, &ioctl_req, sizeof(ioctl_req)) !=sizeof(ioctl_req)){ + die("Failed to read parameters for ioctl() [process]"); + } + int rc = -EINVAL; + switch (ioctl_req.req) { + case TCGETS: + case TIOCGWINSZ: + SecureMem::sendSystemCall(threadFdPub, false, -1, mem, __NR_ioctl, + ioctl_req.d, ioctl_req.req, ioctl_req.arg); + return true; + default: + std::cerr << "Unsupported ioctl: 0x" << std::hex << ioctl_req.req << + std::endl; + SecureMem::abandonSystemCall(threadFd, rc); + return false; + } +} + +} // namespace |