From 0fb2bd939380e4d46bad10eb597bff4980ca7db2 Mon Sep 17 00:00:00 2001
From: "markus@chromium.org"
 <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 11 Aug 2009 21:46:07 +0000
Subject: Initial version of the Seccomp sandbox. Imported from
 http://code.google.com/p/seccompsandbox/ Make the seccomp sandbox dependant
 on the --enable-seccomp-sandbox flag

Review URL: http://codereview.chromium.org/165310


git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23087 0039d316-1c4b-4281-b951-d872f2087c98
---
 sandbox/linux/seccomp/ioctl.cc | 52 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 sandbox/linux/seccomp/ioctl.cc

(limited to 'sandbox/linux/seccomp/ioctl.cc')

diff --git a/sandbox/linux/seccomp/ioctl.cc b/sandbox/linux/seccomp/ioctl.cc
new file mode 100644
index 0000000..ac630a7
--- /dev/null
+++ b/sandbox/linux/seccomp/ioctl.cc
@@ -0,0 +1,52 @@
+#include "debug.h"
+#include "sandbox_impl.h"
+
+namespace playground {
+
+int Sandbox::sandbox_ioctl(int d, int req, void *arg) {
+  Debug::syscall(__NR_ioctl, "Executing handler");
+  struct {
+    int       sysnum;
+    long long cookie;
+    IOCtl     ioctl_req;
+  } __attribute__((packed)) request;
+  request.sysnum        = __NR_ioctl;
+  request.cookie        = cookie();
+  request.ioctl_req.d   = d;
+  request.ioctl_req.req = req;
+  request.ioctl_req.arg = arg;
+
+  long rc;
+  SysCalls sys;
+  if (write(sys, processFdPub(), &request, sizeof(request)) !=
+      sizeof(request) ||
+      read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) {
+    die("Failed to forward ioctl() request [sandbox]");
+  }
+  return static_cast<int>(rc);
+}
+
+bool Sandbox::process_ioctl(int parentProc, int sandboxFd, int threadFdPub,
+                            int threadFd, SecureMem::Args* mem) {
+  // Read request
+  IOCtl ioctl_req;
+  SysCalls sys;
+  if (read(sys, sandboxFd, &ioctl_req, sizeof(ioctl_req)) !=sizeof(ioctl_req)){
+    die("Failed to read parameters for ioctl() [process]");
+  }
+  int rc = -EINVAL;
+  switch (ioctl_req.req) {
+    case TCGETS:
+    case TIOCGWINSZ:
+      SecureMem::sendSystemCall(threadFdPub, false, -1, mem, __NR_ioctl,
+                                ioctl_req.d, ioctl_req.req, ioctl_req.arg);
+      return true;
+    default:
+      std::cerr << "Unsupported ioctl: 0x" << std::hex << ioctl_req.req <<
+          std::endl;
+      SecureMem::abandonSystemCall(threadFd, rc);
+      return false;
+  }
+}
+
+} // namespace
-- 
cgit v1.1