rdrview: Add seccomp rules

2022-03-07 10:55:24 +09:00 · 2022-03-07 10:55:24 +09:00 · f240349b97
parent 213739bf38
commit f240349b97
2 changed files with 47 additions and 0 deletions
--- a/packages/rdrview/add-seccomp-rules.patch
+++ b/packages/rdrview/add-seccomp-rules.patch
@ -0,0 +1,39 @@
+https://github.com/eafer/rdrview/pull/28
+
+From bc65f4430b34a05499d12fb846f61f58297efb2e Mon Sep 17 00:00:00 2001
+From: Tee KOBAYASHI <xtkoba@gmail.com>
+Date: Mon, 7 Mar 2022 10:39:40 +0900
+Subject: [PATCH] Add seccomp rules for Android
+
+---
+ src/sandbox.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/sandbox.c b/src/sandbox.c
+index ee0f676..c46f0a2 100644
+--- a/src/sandbox.c
+++ b/src/sandbox.c
+@@ -23,6 +23,10 @@
+ 
+ #include <seccomp.h>
+ 
+#ifdef __ANDROID__
+#include <sys/mman.h>
+#endif
+
+ static void do_start_sandbox(void)
+ {
+ 	scmp_filter_ctx ctx;
+@@ -44,6 +48,12 @@ static void do_start_sandbox(void)
+ 	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
+ 	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 0);
+ 	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
+#ifdef __ANDROID__
+	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(madvise), 1,
+	                         SCMP_A2_32(SCMP_CMP_EQ, MADV_DONTNEED, 0));
+	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 1,
+	                         SCMP_A2_32(SCMP_CMP_MASKED_EQ, ~(PROT_READ|PROT_WRITE), 0));
+#endif
+ 
+ 	fail |= seccomp_load(ctx);
+ 	if (fail)
--- a/packages/rdrview/build.sh
+++ b/packages/rdrview/build.sh
@ -4,6 +4,7 @@ TERMUX_PKG_LICENSE="Apache-2.0"
 TERMUX_PKG_MAINTAINER="@termux"
 _COMMIT=9bde19f9e53562790b363bb2e3b15707c8c67676
 TERMUX_PKG_VERSION=2021.09.12
+TERMUX_PKG_REVISION=1
 TERMUX_PKG_SRCURL=https://github.com/eafer/rdrview.git
 TERMUX_PKG_GIT_BRANCH=master
 TERMUX_PKG_DEPENDS="libcurl, libiconv, libseccomp, libxml2"
@ -12,6 +13,13 @@ TERMUX_PKG_BUILD_IN_SRC=true
 termux_step_post_get_source() {
 	git fetch --unshallow
 	git checkout $_COMMIT
+
+	local version="$(git log -1 --format=%cs | sed 's/-/./g')"
+	if [ "$version" != "$TERMUX_PKG_VERSION" ]; then
+		echo -n "ERROR: The specified version \"$TERMUX_PKG_VERSION\""
+		echo " is different from what is expected to be: \"$version\""
+		return 1
+	fi
 }

 termux_step_pre_configure() {