From 620a1be1636b53a39a5b740abd695b4e85e9ba3a Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Tue, 9 May 2017 14:55:26 +0200
Subject: libtracker-common: Whitelist openat()

With the same caveats than open().

https://bugzilla.gnome.org/show_bug.cgi?id=782514
---
 src/libtracker-common/tracker-seccomp.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c
index 1af380c..ec873f5 100644
--- a/src/libtracker-common/tracker-seccomp.c
+++ b/src/libtracker-common/tracker-seccomp.c
@@ -182,8 +182,8 @@ tracker_seccomp_init (void)
 	                      SCMP_CMP(0, SCMP_CMP_EQ, 2)) < 0)
 		goto out;
 
-	/* Special requirements for open, allow O_RDONLY calls, but fail
-	 * if write permissions are requested.
+	/* Special requirements for open/openat, allow O_RDONLY calls,
+         * but fail if write permissions are requested.
 	 */
 	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1,
 	                      SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0)
@@ -195,6 +195,16 @@ tracker_seccomp_init (void)
 	                      SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0)
 		goto out;
 
+	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
+	                      SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0)
+		goto out;
+	if (seccomp_rule_add (ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
+	                      SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0)
+		goto out;
+	if (seccomp_rule_add (ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
+	                      SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0)
+		goto out;
+
 	g_debug ("Loading seccomp rules.");
 
 	if (seccomp_load (ctx) >= 0)
-- 
cgit v0.12