From 848b9ff6251ef125d394026d08c1a183395171f9 Mon Sep 17 00:00:00 2001
From: Zach Reizner <zachr@google.com>
Date: Fri, 30 Jun 2017 15:46:25 -0700
Subject: [PATCH] io_jail: add bind mount

This will be used by some device jails to get access to unix sockets
after being jailed.

TEST=None
BUG=None

Change-Id: I870bfb155b275769ccb3248b1441e7c0b8f20ad7
Reviewed-on: https://chromium-review.googlesource.com/558447
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
---
 io_jail/src/lib.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs
index 04b8070c97..d225e85a20 100644
--- a/io_jail/src/lib.rs
+++ b/io_jail/src/lib.rs
@@ -18,6 +18,8 @@ use std::str::FromStr;
 
 #[derive(Debug)]
 pub enum Error {
+    // minijail failed to accept bind mount.
+    BindMount(i32),
     /// minjail_new failed, this is an allocation failure.
     CreatingMinijail,
     /// The path or name string passed in didn't parse to a valid CString.
@@ -208,6 +210,17 @@ impl Minijail {
     pub fn mount_tmp_size(&mut self, size: usize) {
         unsafe { libminijail::minijail_mount_tmp_size(self.jail, size); }
     }
+    pub fn mount_bind(&mut self, src: &Path, dest: &Path, writable: bool) -> Result<()> {
+        let src = src.as_os_str().to_str().ok_or(Error::InvalidCString)?;
+        let src = CString::new(src).map_err(|_| Error::InvalidCString)?;
+        let dest = dest.as_os_str().to_str().ok_or(Error::InvalidCString)?;
+        let dest = CString::new(dest).map_err(|_| Error::InvalidCString)?;
+        let ret = unsafe { libminijail::minijail_bind(self.jail, src.as_ptr(), dest.as_ptr(), writable as _) };
+        if ret < 0 {
+            return Err(Error::BindMount(ret));
+        }
+        Ok(())
+    }
 
     /// Enters the previously configured minijail.
     /// `enter` is unsafe because it closes all open FD for this process.  That