mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 04:05:32 +00:00
Bug 1386404
- Intercept access to /tmp and rewrite to content process tempdir. r=jld
MozReview-Commit-ID: 2h9hw6opYof --HG-- extra : rebase_source : 821381f48b822415ae3d477341071099e7c1db54
This commit is contained in:
parent
88fc2f8563
commit
12fb914457
@ -28,6 +28,9 @@
|
||||
#include "mozilla/NullPtr.h"
|
||||
#include "mozilla/Sprintf.h"
|
||||
#include "mozilla/ipc/FileDescriptor.h"
|
||||
#include "nsDirectoryServiceDefs.h"
|
||||
#include "nsAppDirectoryServiceDefs.h"
|
||||
#include "SpecialSystemDirectory.h"
|
||||
#include "sandbox/linux/system_headers/linux_syscalls.h"
|
||||
|
||||
namespace mozilla {
|
||||
@ -515,6 +518,34 @@ SandboxBroker::ConvertToRealPath(char* aPath, size_t aBufSize, size_t aPathLen)
|
||||
return aPathLen;
|
||||
}
|
||||
|
||||
size_t
|
||||
SandboxBroker::RemapTempDirs(char* aPath, size_t aBufSize, size_t aPathLen)
|
||||
{
|
||||
nsAutoCString path(aPath);
|
||||
static const nsLiteralCString tempPrefix(NS_LITERAL_CSTRING("/tmp"));
|
||||
|
||||
if (StringBeginsWith(path, tempPrefix)) {
|
||||
size_t prefixLen = tempPrefix.Length();
|
||||
const nsDependentCSubstring cutPath =
|
||||
Substring(path, prefixLen, path.Length() - prefixLen);
|
||||
// Only now try to get the content process temp dir
|
||||
nsCOMPtr<nsIFile> tmpDir;
|
||||
nsresult rv = NS_GetSpecialDirectory(NS_APP_CONTENT_PROCESS_TEMP_DIR,
|
||||
getter_AddRefs(tmpDir));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsAutoCString tmpPath;
|
||||
rv = tmpDir->GetNativePath(tmpPath);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
tmpPath.Append(cutPath);
|
||||
base::strlcpy(aPath, tmpPath.get(), aBufSize);
|
||||
return strlen(aPath);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return aPathLen;
|
||||
}
|
||||
|
||||
nsCString
|
||||
SandboxBroker::ReverseSymlinks(const nsACString& aPath)
|
||||
{
|
||||
@ -675,6 +706,7 @@ SandboxBroker::ThreadMain(void)
|
||||
|
||||
// Look up the first pathname but first translate relative paths.
|
||||
pathLen = ConvertToRealPath(pathBuf, sizeof(pathBuf), pathLen);
|
||||
pathLen = RemapTempDirs(pathBuf, sizeof(pathBuf), pathLen);
|
||||
perms = mPolicy->Lookup(nsDependentCString(pathBuf, pathLen));
|
||||
|
||||
// We don't have read permissions on the requested dir.
|
||||
|
@ -143,6 +143,8 @@ class SandboxBroker final
|
||||
void AuditDenial(int aOp, int aFlags, int aPerms, const char* aPath);
|
||||
// Remap relative paths to absolute paths.
|
||||
size_t ConvertToRealPath(char* aPath, size_t aBufSize, size_t aPathLen);
|
||||
// Remap references to /tmp and friends to the content process tempdir
|
||||
size_t RemapTempDirs(char* aPath, size_t aBufSize, size_t aPathLen);
|
||||
nsCString ReverseSymlinks(const nsACString& aPath);
|
||||
// Retrieves permissions for the path the original symlink sits in.
|
||||
int SymlinkPermissions(const char* aPath, const size_t aPathLen);
|
||||
|
@ -231,8 +231,6 @@ SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory()
|
||||
#endif
|
||||
policy->AddDir(rdonly, "/usr/share");
|
||||
policy->AddDir(rdonly, "/usr/local/share");
|
||||
policy->AddDir(rdonly, "/usr/tmp");
|
||||
policy->AddDir(rdonly, "/var/tmp");
|
||||
// Various places where fonts reside
|
||||
policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts");
|
||||
policy->AddDir(rdonly, "/nix/store");
|
||||
|
Loading…
Reference in New Issue
Block a user