io_jail: Add InvalidPath error

parse_seccomp_filters in libminijail will unhelpfully abort() if the
path doesn't exist. Check that the policy file exists so that there's
a semi-useful error message.

BUG=none
TEST=crosvm run without seccomp policy in current directory; no abort

Change-Id: Ie1123e8cae3f6a27bbd5a3128161364401e8d4b2
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/585829
Reviewed-by: Dylan Reid <dgreid@chromium.org>

1 files changed, 6 insertions, 0 deletions

diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs
index d225e85..b71cd7c 100644
--- a/io_jail/src/lib.rs
+++ b/io_jail/src/lib.rs
@@ -22,6 +22,8 @@ pub enum Error {
     BindMount(i32),
     /// minjail_new failed, this is an allocation failure.
     CreatingMinijail,
+    /// The path doesn't exist.
+    InvalidPath,
     /// The path or name string passed in didn't parse to a valid CString.
     InvalidCString,
     /// Failed to call dup2 to set stdin, stdout, or stderr to /dev/null.
@@ -129,6 +131,10 @@ impl Minijail {
         unsafe { libminijail::minijail_set_seccomp_filter_tsync(self.jail); }
     }
     pub fn parse_seccomp_filters(&mut self, path: &Path) -> Result<()> {
+        if !path.is_file() {
+            return Err(Error::InvalidPath);
+        }
+
         let pathstring = path.as_os_str().to_str().ok_or(Error::InvalidCString)?;
         let filename = CString::new(pathstring).map_err(|_| Error::InvalidCString)?;
         unsafe {