From: drh <drh@noemail.net>
Date: Wed, 10 Aug 2011 01:52:12 +0000 (+0000)
Subject: Make the openDirectory routine in os_unix.c overrideable so that it can
X-Git-Tag: version-3.7.8~77
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=90315a24179a23538b9a906a066d484cd782e3d8;p=thirdparty%2Fsqlite.git

Make the openDirectory routine in os_unix.c overrideable so that it can
be turned into a harmless no-op for the chromium sandbox.

FossilOrigin-Name: 6b236069e1ea3c99ff0a007a790d4baebda70b13
---

diff --git a/manifest b/manifest
index f45162b281..83e86d4850 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\scommand-line\sutilities\s"offsets.c"\sand\s"extract.c"\sfor\suse\sin\nlow-level\sanalyzsis\sof\sdatabase\sfiles.
-D 2011-08-09T18:14:36.327
+C Make\sthe\sopenDirectory\sroutine\sin\sos_unix.c\soverrideable\sso\sthat\sit\scan\nbe\sturned\sinto\sa\sharmless\sno-op\sfor\sthe\schromium\ssandbox.
+D 2011-08-10T01:52:12.736
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 1e6988b3c11dee9bd5edc0c804bd4468d74a9cdc
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -165,7 +165,7 @@ F src/os.c fcc717427a80b2ed225373f07b642dc1aad7490b
 F src/os.h 9dbed8c2b9c1f2f2ebabc09e49829d4777c26bf9
 F src/os_common.h 65a897143b64667d23ed329a7984b9b405accb58
 F src/os_os2.c 4a75888ba3dfc820ad5e8177025972d74d7f2440
-F src/os_unix.c d059bd9c8b72b41316d6af803cac6a0501fa0a43
+F src/os_unix.c 0177d9f411d96f99218c69759a98393baa674b76
 F src/os_win.c 4eb6fa00ee28f6d7bad0526edcbe5a60d297c67a
 F src/pager.c 120550e7ef01dafaa2cbb4a0528c0d87c8f12b41
 F src/pager.h 3f8c783de1d4706b40b1ac15b64f5f896bcc78d1
@@ -688,7 +688,7 @@ F test/subselect.test d24fd8757daf97dafd2e889c73ea4c4272dcf4e4
 F test/substr.test 18f57c4ca8a598805c4d64e304c418734d843c1a
 F test/superlock.test 5d7a4954b0059c903f82c7b67867bc5451a7c082
 F test/sync.test a34cd43e98b7fb84eabbf38f7ed8f7349b3f3d85
-F test/syscall.test a9d065ad1ef5f32446b1cb585a0e085b4e0996f5
+F test/syscall.test 966addf703faee6a5d509abe6d8885e393e552fd
 F test/sysfault.test c79441d88d23696fbec7b147dba98d42a04f523f
 F test/table.test 50c47f5fe9c112e92723af27cd735e6c92de6f85
 F test/tableapi.test 2674633fa95d80da917571ebdd759a14d9819126
@@ -957,7 +957,7 @@ F tool/symbols.sh caaf6ccc7300fd43353318b44524853e222557d5
 F tool/tostr.awk 11760e1b94a5d3dcd42378f3cc18544c06cfa576
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
 F tool/warnings.sh 2ebae31e1eb352696f3c2f7706a34c084b28c262
-P 713b1b7dc1296e9cee42aeaad8c85528155f721d
-R 2b57d3d9e69c84bb70b8008d7b543857
+P dfa22ed4387f9526b74d5265503c7c8e9d559903
+R bf22196e9aa98f18724e5d2624f7dcbf
 U drh
-Z 0ae7593144f65695d7975cca33773c01
+Z 2ec35109792cc0dc5d4f7cebd4d85034
diff --git a/manifest.uuid b/manifest.uuid
index 1f303a17be..ec7b7e54a0 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-dfa22ed4387f9526b74d5265503c7c8e9d559903
\ No newline at end of file
+6b236069e1ea3c99ff0a007a790d4baebda70b13
\ No newline at end of file
diff --git a/src/os_unix.c b/src/os_unix.c
index 567dcf90c5..857ed58a9f 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -298,6 +298,9 @@ static int posixOpen(const char *zFile, int flags, int mode){
   return open(zFile, flags, mode);
 }
 
+/* Forward reference */
+static int openDirectory(const char*, int*);
+
 /*
 ** Many system calls are accessed through pointer-to-functions so that
 ** they may be overridden at runtime to facilitate fault injection during
@@ -397,6 +400,9 @@ static struct unix_syscall {
   { "unlink",       (sqlite3_syscall_ptr)unlink,           0 },
 #define osUnlink    ((int(*)(const char*))aSyscall[16].pCurrent)
 
+  { "openDirectory",    (sqlite3_syscall_ptr)openDirectory,      0 },
+#define osOpenDirectory ((int(*)(const char*,int*))aSyscall[17].pCurrent)
+
 }; /* End of the overrideable system calls */
 
 /*
@@ -3252,6 +3258,19 @@ static int full_fsync(int fd, int fullSync, int dataOnly){
 ** or SQLITE_CANTOPEN is returned and *pFd is set to an undefined
 ** value.
 **
+** The directory file descriptor is used for only one thing - to
+** fsync() a directory to make sure file creation and deletion events
+** are flushed to disk.  Such fsyncs are not needed on newer
+** journaling filesystems, but are required on older filesystems.
+**
+** This routine can be overridden using the xSetSysCall interface.
+** The ability to override this routine was added in support of the
+** chromium sandbox.  Opening a directory is a security risk (we are
+** told) so making it overrideable allows the chromium sandbox to
+** replace this routine with a harmless no-op.  To make this routine
+** a no-op, replace it with a stub that returns SQLITE_OK but leaves
+** *pFd set to a negative number.
+**
 ** If SQLITE_OK is returned, the caller is responsible for closing
 ** the file descriptor *pFd using close().
 */
@@ -3318,16 +3337,15 @@ static int unixSync(sqlite3_file *id, int flags){
   }
 
   /* Also fsync the directory containing the file if the DIRSYNC flag
-  ** is set.  This is a one-time occurrance.  Many systems (examples: AIX
-  ** or any process running inside a chromium sandbox) are unable to fsync a
-  ** directory, so ignore errors.
+  ** is set.  This is a one-time occurrance.  Many systems (examples: AIX)
+  ** are unable to fsync a directory, so ignore errors on the fsync.
   */
   if( pFile->ctrlFlags & UNIXFILE_DIRSYNC ){
     int dirfd;
     OSTRACE(("DIRSYNC %s (have_fullfsync=%d fullsync=%d)\n", pFile->zPath,
             HAVE_FULLFSYNC, isFullsync));
-    openDirectory(pFile->zPath, &dirfd);
-    if( dirfd>=0 ){
+    rc = osOpenDirectory(pFile->zPath, &dirfd);
+    if( rc==SQLITE_OK && dirfd>=0 ){
       full_fsync(dirfd, 0, 0);
       robust_close(pFile, dirfd, __LINE__);
     }
@@ -5146,7 +5164,7 @@ static int unixDelete(
 #ifndef SQLITE_DISABLE_DIRSYNC
   if( dirSync ){
     int fd;
-    rc = openDirectory(zPath, &fd);
+    rc = osOpenDirectory(zPath, &fd);
     if( rc==SQLITE_OK ){
 #if OS_VXWORKS
       if( fsync(fd)==-1 )
@@ -6719,7 +6737,7 @@ int sqlite3_os_init(void){
 
   /* Double-check that the aSyscall[] array has been constructed
   ** correctly.  See ticket [bb3a86e890c8e96ab] */
-  assert( ArraySize(aSyscall)==17 );
+  assert( ArraySize(aSyscall)==18 );
 
   /* Register all VFSes defined in the aVfs[] array */
   for(i=0; i<(sizeof(aVfs)/sizeof(sqlite3_vfs)); i++){
diff --git a/test/syscall.test b/test/syscall.test
index 024c4db0c1..201bd63647 100644
--- a/test/syscall.test
+++ b/test/syscall.test
@@ -59,7 +59,7 @@ do_test 2.1.2 { test_syscall exists nosuchcall } 0
 foreach s {
     open close access getcwd stat fstat ftruncate
     fcntl read pread write pwrite fchmod fallocate
-    pread64 pwrite64 unlink
+    pread64 pwrite64 unlink openDirectory
 } {
   if {[test_syscall exists $s]} {lappend syscall_list $s}
 }