File tracker-whitelist-dup2-dup3.patch of Package tracker

From e16fcd15984ee327d307b7d2cd96efbadf78fd84 Mon Sep 17 00:00:00 2001
From: Adrien Plazas <kekun.plazas@laposte.net>
Date: Mon, 11 Sep 2017 10:05:26 +0200
Subject: [PATCH] libtracker-common: Whitelist dup2/dup3

---
 src/libtracker-common/tracker-seccomp.c | 34 +++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c
index 0c7589550..ec873f5e0 100644
--- a/src/libtracker-common/tracker-seccomp.c
+++ b/src/libtracker-common/tracker-seccomp.c
@@ -38,9 +38,19 @@
 
 #include <seccomp.h>
 
-#define ALLOW_RULE(call) G_STMT_START { if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0) < 0) goto out; } G_STMT_END
-
-#define ERROR_RULE(call, error) G_STMT_START { if (seccomp_rule_add (ctx, SCMP_ACT_ERRNO (error), SCMP_SYS(call), 0) < 0) goto out; } G_STMT_END
+#define ALLOW_RULE(call) G_STMT_START { \
+	int allow_rule_syscall_number = seccomp_syscall_resolve_name (G_STRINGIFY (call)); \
+	if (allow_rule_syscall_number == __NR_SCMP_ERROR || \
+	    seccomp_rule_add (ctx, SCMP_ACT_ALLOW, allow_rule_syscall_number, 0) < 0) \
+		goto out; \
+} G_STMT_END
+
+#define ERROR_RULE(call, error) G_STMT_START { \
+	int error_rule_syscall_number = seccomp_syscall_resolve_name (G_STRINGIFY (call)); \
+	if (error_rule_syscall_number == __NR_SCMP_ERROR || \
+	    seccomp_rule_add (ctx, SCMP_ACT_ERRNO (error), error_rule_syscall_number, 0) < 0) \
+		goto out; \
+} G_STMT_END
 
 gboolean
 tracker_seccomp_init (void)
@@ -133,6 +143,8 @@ tracker_seccomp_init (void)
 	ALLOW_RULE (write);
 	ALLOW_RULE (writev);
 	ALLOW_RULE (dup);
+	ALLOW_RULE (dup2);
+	ALLOW_RULE (dup3);
 	/* Needed by some GStreamer modules doing crazy stuff, less
 	 * scary thanks to the restriction below about sockets being
 	 * local.
@@ -170,8 +182,8 @@ tracker_seccomp_init (void)
 	                      SCMP_CMP(0, SCMP_CMP_EQ, 2)) < 0)
 		goto out;
 
-	/* Special requirements for open, allow O_RDONLY calls, but fail
-	 * if write permissions are requested.
+	/* Special requirements for open/openat, allow O_RDONLY calls,
+         * but fail if write permissions are requested.
 	 */
 	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1,
 	                      SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0)
@@ -183,12 +195,14 @@ tracker_seccomp_init (void)
 	                      SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0)
 		goto out;
 
-	/* Special requirements for dup2/dup3, no fiddling with stdin/out/err */
-	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 1,
-	                      SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
+	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
+	                      SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0)
+		goto out;
+	if (seccomp_rule_add (ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
+	                      SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0)
 		goto out;
-	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 1,
-	                      SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
+	if (seccomp_rule_add (ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
+	                      SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0)
 		goto out;
 
 	g_debug ("Loading seccomp rules.");
-- 
2.14.1