mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 12:15:33 +00:00
Bug 1386558 - Check sandboxing level 2 after permissions are available. r=jld
MozReview-Commit-ID: 9Pqwk45pJbe --HG-- extra : rebase_source : 1c21f21d04cddd6c00e5f495c6686c671aa9cac1
This commit is contained in:
parent
36784f22aa
commit
60d25346d1
@ -214,7 +214,9 @@ SandboxBroker::Policy::AddDir(int aPerms, const char* aPath)
|
|||||||
// be opened. We're guaranteed to have a trailing / now,
|
// be opened. We're guaranteed to have a trailing / now,
|
||||||
// so just cut that.
|
// so just cut that.
|
||||||
path.Truncate(path.Length() - 1);
|
path.Truncate(path.Length() - 1);
|
||||||
Policy::AddPath(aPerms, path.get(), AddAlways);
|
if (!path.IsEmpty()) {
|
||||||
|
Policy::AddPath(aPerms, path.get(), AddAlways);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -88,12 +88,6 @@ SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory()
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
// Read permissions
|
// Read permissions
|
||||||
// No read blocking at level 2 and below
|
|
||||||
if (Preferences::GetInt("security.sandbox.content.level") <= 2) {
|
|
||||||
policy->AddDir(rdonly, "/");
|
|
||||||
mCommonContentPolicy.reset(policy);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
policy->AddPath(rdonly, "/dev/urandom");
|
policy->AddPath(rdonly, "/dev/urandom");
|
||||||
policy->AddPath(rdonly, "/proc/cpuinfo");
|
policy->AddPath(rdonly, "/proc/cpuinfo");
|
||||||
policy->AddPath(rdonly, "/proc/meminfo");
|
policy->AddPath(rdonly, "/proc/meminfo");
|
||||||
@ -233,29 +227,37 @@ SandboxBrokerPolicyFactory::GetContentPolicy(int aPid, bool aFileProcess)
|
|||||||
UniquePtr<SandboxBroker::Policy>
|
UniquePtr<SandboxBroker::Policy>
|
||||||
policy(new SandboxBroker::Policy(*mCommonContentPolicy));
|
policy(new SandboxBroker::Policy(*mCommonContentPolicy));
|
||||||
|
|
||||||
|
// Read any extra paths that will get write permissions,
|
||||||
|
// configured by the user or distro
|
||||||
|
AddDynamicPathList(policy.get(),
|
||||||
|
"security.sandbox.content.write_path_whitelist",
|
||||||
|
rdwr);
|
||||||
|
|
||||||
|
// No read blocking at level 2 and below.
|
||||||
|
// file:// processes also get global read permissions
|
||||||
|
// This requires accessing user preferences so we can only do it now.
|
||||||
|
// Our constructor is initialized before user preferences are read in.
|
||||||
|
if (GetEffectiveContentSandboxLevel() <= 2 || aFileProcess) {
|
||||||
|
policy->AddDir(rdonly, "/");
|
||||||
|
return policy;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Read permissions only from here on!
|
||||||
|
// Whitelisted for reading by the user/distro
|
||||||
|
AddDynamicPathList(policy.get(),
|
||||||
|
"security.sandbox.content.read_path_whitelist",
|
||||||
|
rdonly);
|
||||||
|
|
||||||
// Bug 1198550: the profiler's replacement for dl_iterate_phdr
|
// Bug 1198550: the profiler's replacement for dl_iterate_phdr
|
||||||
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/maps", aPid).get());
|
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/maps", aPid).get());
|
||||||
|
|
||||||
// Bug 1198552: memory reporting.
|
// Bug 1198552: memory reporting.
|
||||||
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/statm", aPid).get());
|
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/statm", aPid).get());
|
||||||
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/smaps", aPid).get());
|
policy->AddPath(rdonly, nsPrintfCString("/proc/%d/smaps", aPid).get());
|
||||||
// Now read any extra paths, this requires accessing user preferences
|
|
||||||
// so we can only do it now. Our constructor is initialized before
|
|
||||||
// user preferences are read in.
|
|
||||||
AddDynamicPathList(policy.get(),
|
|
||||||
"security.sandbox.content.read_path_whitelist",
|
|
||||||
rdonly);
|
|
||||||
AddDynamicPathList(policy.get(),
|
|
||||||
"security.sandbox.content.write_path_whitelist",
|
|
||||||
rdwr);
|
|
||||||
|
|
||||||
// file:// processes get global read permissions
|
// userContent.css and the extensions dir sit in the profile, which is
|
||||||
if (aFileProcess) {
|
// normally blocked and we can't get the profile dir earlier in startup,
|
||||||
policy->AddDir(rdonly, "/");
|
// so this must happen here.
|
||||||
}
|
|
||||||
|
|
||||||
// userContent.css sits in the profile, which is normally blocked
|
|
||||||
// and we can't get the profile dir earlier
|
|
||||||
nsCOMPtr<nsIFile> profileDir;
|
nsCOMPtr<nsIFile> profileDir;
|
||||||
nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
|
nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
|
||||||
getter_AddRefs(profileDir));
|
getter_AddRefs(profileDir));
|
||||||
|
Loading…
Reference in New Issue
Block a user