Commit 2af226f8 authored by Paul Adenot's avatar Paul Adenot
Browse files

Bug 1686681 - Dedup a copy-pasted block computing a constant about TTY. r=jld

parent 481376c0
Loading
Loading
Loading
Loading
+15 −24
Original line number Diff line number Diff line
@@ -92,6 +92,19 @@ static_assert(F_GET_SEALS == (F_LINUX_SPECIFIC_BASE + 10));
#  define DESKTOP
#endif

namespace {
  static const unsigned long kIoctlTypeMask = _IOC_TYPEMASK << _IOC_TYPESHIFT;
  static const unsigned long kTtyIoctls = TIOCSTI & kIoctlTypeMask;
  // On some older architectures (but not x86 or ARM), ioctls are
  // assigned type fields differently, and the TIOC/TC/FIO group
  // isn't all the same type.  If/when we support those archs,
  // this would need to be revised (but really this should be a
  // default-deny policy; see below).
  static_assert(kTtyIoctls == (TCSETA & kIoctlTypeMask) &&
      kTtyIoctls == (FIOASYNC & kIoctlTypeMask),
      "tty-related ioctls use the same type");
};

// This file defines the seccomp-bpf system call filter policies.
// See also SandboxFilterUtil.h, for the CASES_FOR_* macros and
// SandboxFilterBase::Evaluate{Socket,Ipc}Call.
@@ -1298,19 +1311,8 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
          return Allow();
        }
#endif
        static const unsigned long kTypeMask = _IOC_TYPEMASK << _IOC_TYPESHIFT;
        static const unsigned long kTtyIoctls = TIOCSTI & kTypeMask;
        // On some older architectures (but not x86 or ARM), ioctls are
        // assigned type fields differently, and the TIOC/TC/FIO group
        // isn't all the same type.  If/when we support those archs,
        // this would need to be revised (but really this should be a
        // default-deny policy; see below).
        static_assert(kTtyIoctls == (TCSETA & kTypeMask) &&
                          kTtyIoctls == (FIOASYNC & kTypeMask),
                      "tty-related ioctls use the same type");

        Arg<unsigned long> request(1);
        auto shifted_type = request & kTypeMask;
        auto shifted_type = request & kIoctlTypeMask;

        // Rust's stdlib seems to use FIOCLEX instead of equivalent fcntls.
        return If(request == FIOCLEX, Allow())
@@ -1799,19 +1801,8 @@ class SocketProcessSandboxPolicy final : public SandboxPolicyCommon {
        return Allow();

      case __NR_ioctl: {
        static const unsigned long kTypeMask = _IOC_TYPEMASK << _IOC_TYPESHIFT;
        static const unsigned long kTtyIoctls = TIOCSTI & kTypeMask;
        // On some older architectures (but not x86 or ARM), ioctls are
        // assigned type fields differently, and the TIOC/TC/FIO group
        // isn't all the same type.  If/when we support those archs,
        // this would need to be revised (but really this should be a
        // default-deny policy; see below).
        static_assert(kTtyIoctls == (TCSETA & kTypeMask) &&
                          kTtyIoctls == (FIOASYNC & kTypeMask),
                      "tty-related ioctls use the same type");

        Arg<unsigned long> request(1);
        auto shifted_type = request & kTypeMask;
        auto shifted_type = request & kIoctlTypeMask;

        // Rust's stdlib seems to use FIOCLEX instead of equivalent fcntls.
        return If(request == FIOCLEX, Allow())