mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 01:05:45 +00:00
Bug 1511560 - Allow dup and ftruncate (when needed) in SandboxPolicyCommon. r=gcp
File descriptors are sometimes dup()ed in the process of communicating them over IPC; some of this may be unnecessary (due to insufficient use of move-only types), but dup() is relatively harmless. It was previously allowed for both content and GMP, so this doesn't change anything. The handling of ftruncate is a little complicated -- it's used for IPC shared memory, but only when creating segments; so GMP doesn't allow it and should continue not allowing it, but content needs it and RDD will as well. As a result, the subclass indicates if it will be needed. Note that even when we have memfd_create support (bug 1440203), ftruncate is still necessary even though brokering may not. Depends on D14523 Differential Revision: https://phabricator.services.mozilla.com/D14524 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
bb4d6b8630
commit
6fc87bff63
@ -96,10 +96,19 @@ namespace mozilla {
|
||||
// denied if no broker client is provided by the concrete class.
|
||||
class SandboxPolicyCommon : public SandboxPolicyBase {
|
||||
protected:
|
||||
SandboxBrokerClient* mBroker;
|
||||
enum class ShmemUsage {
|
||||
MAY_CREATE,
|
||||
ONLY_USE,
|
||||
};
|
||||
|
||||
explicit SandboxPolicyCommon(SandboxBrokerClient* aBroker = nullptr)
|
||||
: mBroker(aBroker) {}
|
||||
SandboxBrokerClient* mBroker;
|
||||
ShmemUsage mShmemUsage;
|
||||
|
||||
explicit SandboxPolicyCommon(SandboxBrokerClient* aBroker,
|
||||
ShmemUsage aShmemUsage = ShmemUsage::MAY_CREATE)
|
||||
: mBroker(aBroker), mShmemUsage(aShmemUsage) {}
|
||||
|
||||
SandboxPolicyCommon() : SandboxPolicyCommon(nullptr, ShmemUsage::ONLY_USE) {}
|
||||
|
||||
typedef const sandbox::arch_seccomp_data& ArgsRef;
|
||||
|
||||
@ -493,6 +502,20 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
|
||||
CASES_FOR_lseek:
|
||||
return Allow();
|
||||
|
||||
CASES_FOR_ftruncate:
|
||||
switch (mShmemUsage) {
|
||||
case ShmemUsage::MAY_CREATE:
|
||||
return Allow();
|
||||
case ShmemUsage::ONLY_USE:
|
||||
return InvalidSyscall();
|
||||
default:
|
||||
MOZ_CRASH("unreachable");
|
||||
}
|
||||
|
||||
// Used by our fd/shm classes
|
||||
case __NR_dup:
|
||||
return Allow();
|
||||
|
||||
// Memory mapping
|
||||
CASES_FOR_mmap:
|
||||
case __NR_munmap:
|
||||
@ -982,7 +1005,6 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
|
||||
return Allow();
|
||||
|
||||
CASES_FOR_getdents:
|
||||
CASES_FOR_ftruncate:
|
||||
case __NR_writev:
|
||||
case __NR_pread64:
|
||||
# ifdef DESKTOP
|
||||
@ -1088,7 +1110,6 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
|
||||
case __NR_times:
|
||||
return Allow();
|
||||
|
||||
case __NR_dup:
|
||||
case __NR_dup2: // See ConnectTrapCommon
|
||||
return Allow();
|
||||
|
||||
@ -1366,9 +1387,6 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
|
||||
CASES_FOR_fcntl:
|
||||
return Trap(FcntlTrap, nullptr);
|
||||
|
||||
case __NR_dup:
|
||||
return Allow();
|
||||
|
||||
default:
|
||||
return SandboxPolicyCommon::EvaluateSyscall(sysno);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user