Bug 1559368 - When determining sandbox capabilities, check for the specific X11 socket that would be used. r=gcp

Differential Revision: https://phabricator.services.mozilla.com/D40915

--HG--
extra : moz-landing-system : lando

security/sandbox/linux/launch/SandboxLaunch.cpp

@@ -100,14 +100,28 @@ static bool IsDisplayLocal() {
     //
     // Unfortunately, the Xorg client libraries prefer the abstract
     // addresses, so this isn't directly detectable by inspecting the
-    // parent process's socket.  Instead, this checks for the
-    // directory the sockets are stored in, which typically won't
-    // exist in a container with a private /tmp that isn't running its
-    // own X server.
-    if (access("/tmp/.X11-unix", X_OK) != 0) {
-      NS_ERROR(
-          "/tmp/.X11-unix is inaccessible; can't isolate network"
-          " namespace in content processes");
+    // parent process's socket.  Instead, parse the DISPLAY env var
+    // (which was updated if necessary in nsAppRunner.cpp) to get the
+    // display number and construct the socket path, falling back to
+    // testing the directory in case that doesn't work.  (See bug
+    // 1565972 and bug 1559368 for cases where we need to test the
+    // specific socket.)
+    const char* const displayStr = PR_GetEnv("DISPLAY");
+    nsAutoCString socketPath("/tmp/.X11-unix");
+    int accessFlags = X_OK;
+    int displayNum;
+    // sscanf ignores trailing text, so display names with a screen
+    // number (e.g., ":0.2") will parse correctly.
+    if (displayStr && (sscanf(displayStr, ":%d", &displayNum) == 1 ||
+                       sscanf(displayStr, "unix:%d", &displayNum) == 1)) {
+      socketPath.AppendPrintf("/X%d", displayNum);
+      accessFlags = R_OK | W_OK;
+    }
+    if (access(socketPath.get(), accessFlags) != 0) {
+      SANDBOX_LOG_ERROR(
+          "%s is inaccessible (%s); can't isolate network namespace in"
+          " content processes",
+          socketPath.get(), strerror(errno));
       return false;
     }
   }