Provide sealing flags if not defined in the headers

Also adjust naming of MFD_ constants PiperOrigin-RevId: 559091482 Change-Id: I74271aee443a6d174950fd258bd238587cb4c75e
2024-03-22 13:11:30 +08:00 · 2023-08-22 06:20:49 -07:00 · 2023-08-22 06:20:49 -07:00 · c4660f8a6e
commit c4660f8a6e
parent e75be07bb0
2 changed files with 11 additions and 3 deletions
--- a/sandboxed_api/embed_file.cc
+++ b/sandboxed_api/embed_file.cc
@ -31,6 +31,14 @@ namespace sapi {

 namespace {

+#ifndef F_ADD_SEALS
+#define F_ADD_SEALS 1033
+#define F_SEAL_SEAL 0x0001
+#define F_SEAL_SHRINK 0x0002
+#define F_SEAL_GROW 0x0004
+#define F_SEAL_WRITE 0x0008
+#endif
+
 bool SealFile(int fd) {
  constexpr int kMaxRetries = 10;
  for (int i = 0; i < kMaxRetries; ++i) {
--- a/sandboxed_api/sandbox2/util.cc
+++ b/sandboxed_api/sandbox2/util.cc
@ -248,10 +248,10 @@ pid_t ForkWithFlags(int flags) {
 bool CreateMemFd(int* fd, const char* name) {
  // Usually defined in linux/memfd.h. Define it here to avoid dependency on
  // UAPI headers.
-  constexpr uintptr_t MFD_CLOEXEC = 0x0001;
-  constexpr uintptr_t MFD_ALLOW_SEALING = 0x0002;
+  constexpr uintptr_t kMfdCloseOnExec = 0x0001;
+  constexpr uintptr_t kMfdAllowSealing = 0x0002;
  int tmp_fd = Syscall(__NR_memfd_create, reinterpret_cast<uintptr_t>(name),
-                       MFD_CLOEXEC | MFD_ALLOW_SEALING);
+                       kMfdCloseOnExec | kMfdAllowSealing);
  if (tmp_fd < 0) {
    if (errno == ENOSYS) {
      SAPI_RAW_LOG(ERROR,