|
|
fc1bf47 |
diff -up firefox-101.0/security/sandbox/linux/SandboxFilter.cpp.D146271.diff firefox-101.0/security/sandbox/linux/SandboxFilter.cpp
|
|
|
fc1bf47 |
--- firefox-101.0/security/sandbox/linux/SandboxFilter.cpp.D146271.diff 2022-05-27 01:16:59.000000000 +0200
|
|
|
fc1bf47 |
+++ firefox-101.0/security/sandbox/linux/SandboxFilter.cpp 2022-06-09 09:59:35.569235176 +0200
|
|
|
fc1bf47 |
@@ -125,28 +125,12 @@ namespace mozilla {
|
|
|
fc1bf47 |
// denied if no broker client is provided by the concrete class.
|
|
|
fc1bf47 |
class SandboxPolicyCommon : public SandboxPolicyBase {
|
|
|
fc1bf47 |
protected:
|
|
|
fc1bf47 |
- enum class ShmemUsage : uint8_t {
|
|
|
fc1bf47 |
- MAY_CREATE,
|
|
|
fc1bf47 |
- ONLY_USE,
|
|
|
fc1bf47 |
- };
|
|
|
fc1bf47 |
-
|
|
|
fc1bf47 |
- enum class AllowUnsafeSocketPair : uint8_t {
|
|
|
fc1bf47 |
- NO,
|
|
|
fc1bf47 |
- YES,
|
|
|
fc1bf47 |
- };
|
|
|
fc1bf47 |
-
|
|
|
fc1bf47 |
+ // Subclasses can assign these in their constructors to loosen the
|
|
|
fc1bf47 |
+ // default settings.
|
|
|
fc1bf47 |
SandboxBrokerClient* mBroker = nullptr;
|
|
|
fc1bf47 |
bool mMayCreateShmem = false;
|
|
|
fc1bf47 |
bool mAllowUnsafeSocketPair = false;
|
|
|
fc1bf47 |
|
|
|
fc1bf47 |
- explicit SandboxPolicyCommon(SandboxBrokerClient* aBroker,
|
|
|
fc1bf47 |
- ShmemUsage aShmemUsage,
|
|
|
fc1bf47 |
- AllowUnsafeSocketPair aAllowUnsafeSocketPair)
|
|
|
fc1bf47 |
- : mBroker(aBroker),
|
|
|
fc1bf47 |
- mMayCreateShmem(aShmemUsage == ShmemUsage::MAY_CREATE),
|
|
|
fc1bf47 |
- mAllowUnsafeSocketPair(aAllowUnsafeSocketPair ==
|
|
|
fc1bf47 |
- AllowUnsafeSocketPair::YES) {}
|
|
|
fc1bf47 |
-
|
|
|
fc1bf47 |
SandboxPolicyCommon() = default;
|
|
|
fc1bf47 |
|
|
|
fc1bf47 |
typedef const sandbox::arch_seccomp_data& ArgsRef;
|
|
|
fc1bf47 |
@@ -1228,11 +1212,13 @@ class ContentSandboxPolicy : public Sand
|
|
|
fc1bf47 |
public:
|
|
|
fc1bf47 |
ContentSandboxPolicy(SandboxBrokerClient* aBroker,
|
|
|
fc1bf47 |
ContentProcessSandboxParams&& aParams)
|
|
|
fc1bf47 |
- : SandboxPolicyCommon(aBroker, ShmemUsage::MAY_CREATE,
|
|
|
fc1bf47 |
- AllowUnsafeSocketPair::YES),
|
|
|
fc1bf47 |
- mParams(std::move(aParams)),
|
|
|
fc1bf47 |
+ : mParams(std::move(aParams)),
|
|
|
fc1bf47 |
mAllowSysV(PR_GetEnv("MOZ_SANDBOX_ALLOW_SYSV") != nullptr),
|
|
|
fc1bf47 |
- mUsingRenderDoc(PR_GetEnv("RENDERDOC_CAPTUREOPTS") != nullptr) {}
|
|
|
fc1bf47 |
+ mUsingRenderDoc(PR_GetEnv("RENDERDOC_CAPTUREOPTS") != nullptr) {
|
|
|
fc1bf47 |
+ mBroker = aBroker;
|
|
|
fc1bf47 |
+ mMayCreateShmem = true;
|
|
|
fc1bf47 |
+ mAllowUnsafeSocketPair = true;
|
|
|
fc1bf47 |
+ }
|
|
|
fc1bf47 |
|
|
|
fc1bf47 |
~ContentSandboxPolicy() override = default;
|
|
|
fc1bf47 |
|
|
|
fc1bf47 |
@@ -1762,9 +1748,10 @@ UniquePtr<sandbox::bpf_dsl::Policy> GetM
|
|
|
fc1bf47 |
// segments, so it may need file brokering.
|
|
|
fc1bf47 |
class RDDSandboxPolicy final : public SandboxPolicyCommon {
|
|
|
fc1bf47 |
public:
|
|
|
fc1bf47 |
- explicit RDDSandboxPolicy(SandboxBrokerClient* aBroker)
|
|
|
fc1bf47 |
- : SandboxPolicyCommon(aBroker, ShmemUsage::MAY_CREATE,
|
|
|
fc1bf47 |
- AllowUnsafeSocketPair::NO) {}
|
|
|
fc1bf47 |
+ explicit RDDSandboxPolicy(SandboxBrokerClient* aBroker) {
|
|
|
fc1bf47 |
+ mBroker = aBroker;
|
|
|
fc1bf47 |
+ mMayCreateShmem = true;
|
|
|
fc1bf47 |
+ }
|
|
|
fc1bf47 |
|
|
|
fc1bf47 |
#ifndef ANDROID
|
|
|
fc1bf47 |
Maybe<ResultExpr> EvaluateIpcCall(int aCall, int aArgShift) const override {
|
|
|
fc1bf47 |
@@ -1875,9 +1862,10 @@ UniquePtr<sandbox::bpf_dsl::Policy> GetD
|
|
|
fc1bf47 |
// the SocketProcess sandbox looks like.
|
|
|
fc1bf47 |
class SocketProcessSandboxPolicy final : public SandboxPolicyCommon {
|
|
|
fc1bf47 |
public:
|
|
|
fc1bf47 |
- explicit SocketProcessSandboxPolicy(SandboxBrokerClient* aBroker)
|
|
|
fc1bf47 |
- : SandboxPolicyCommon(aBroker, ShmemUsage::MAY_CREATE,
|
|
|
fc1bf47 |
- AllowUnsafeSocketPair::NO) {}
|
|
|
fc1bf47 |
+ explicit SocketProcessSandboxPolicy(SandboxBrokerClient* aBroker) {
|
|
|
fc1bf47 |
+ mBroker = aBroker;
|
|
|
fc1bf47 |
+ mMayCreateShmem = true;
|
|
|
fc1bf47 |
+ }
|
|
|
fc1bf47 |
|
|
|
fc1bf47 |
static intptr_t FcntlTrap(const sandbox::arch_seccomp_data& aArgs,
|
|
|
fc1bf47 |
void* aux) {
|
|
|
fc1bf47 |
@@ -2013,9 +2001,10 @@ UniquePtr<sandbox::bpf_dsl::Policy> GetS
|
|
|
fc1bf47 |
|
|
|
fc1bf47 |
class UtilitySandboxPolicy : public SandboxPolicyCommon {
|
|
|
fc1bf47 |
public:
|
|
|
fc1bf47 |
- explicit UtilitySandboxPolicy(SandboxBrokerClient* aBroker)
|
|
|
fc1bf47 |
- : SandboxPolicyCommon(aBroker, ShmemUsage::MAY_CREATE,
|
|
|
fc1bf47 |
- AllowUnsafeSocketPair::NO) {}
|
|
|
fc1bf47 |
+ explicit UtilitySandboxPolicy(SandboxBrokerClient* aBroker) {
|
|
|
fc1bf47 |
+ mBroker = aBroker;
|
|
|
fc1bf47 |
+ mMayCreateShmem = true;
|
|
|
fc1bf47 |
+ }
|
|
|
fc1bf47 |
|
|
|
fc1bf47 |
ResultExpr PrctlPolicy() const override {
|
|
|
fc1bf47 |
Arg<int> op(0);
|