diff options
Diffstat (limited to 'chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc')
| -rw-r--r-- | chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc index 76eb32493f5..13e71801f62 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc @@ -6,6 +6,7 @@ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" +#include <fcntl.h> #include <stddef.h> #include <stdint.h> #include <string.h> @@ -22,6 +23,7 @@ #include "sandbox/linux/seccomp-bpf/syscall.h" #include "sandbox/linux/services/syscall_wrappers.h" #include "sandbox/linux/system_headers/linux_seccomp.h" +#include "sandbox/linux/system_headers/linux_stat.h" #include "sandbox/linux/system_headers/linux_syscalls.h" #if defined(__mips__) @@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args, return -ENOSYS; } +intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args, + void* fs_denied_errno) { + if (args.nr == __NR_fstatat_default) { + if (*reinterpret_cast<const char*>(args.args[1]) == '\0' && + args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) { + return syscall(__NR_fstat_default, static_cast<int>(args.args[0]), + reinterpret_cast<default_stat_struct*>(args.args[2])); + } + return -reinterpret_cast<intptr_t>(fs_denied_errno); + } + + CrashSIGSYS_Handler(args, fs_denied_errno); + + // Should never be reached. + RAW_CHECK(false); + return -ENOSYS; +} + bpf_dsl::ResultExpr CrashSIGSYS() { return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL); } @@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() { return bpf_dsl::Trap(SIGSYSSchedHandler, NULL); } +bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) { + return bpf_dsl::Trap(SIGSYSFstatatHandler, + reinterpret_cast<void*>(fs_denied_errno)); +} + void AllocateCrashKeys() { #if !defined(OS_NACL_NONSFI) if (seccomp_crash_key) |