[tbb-commits] [tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
gk at torproject.org
gk at torproject.org
Tue Oct 17 12:12:39 UTC 2017
commit 458e18efb75ff80d270cc875ac7c200da705752c
Author: Jed Davis <jld at mozilla.com>
Date: Tue Apr 11 20:55:34 2017 -0600
Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
MozReview-Commit-ID: 2DeklSGsjUV
--HG--
extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf
---
security/sandbox/linux/SandboxFilter.cpp | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index 7e1771a62665..5ddd58029e85 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -496,6 +496,16 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
return 0;
}
+ static intptr_t SocketpairDatagramTrap(ArgsRef aArgs, void* aux) {
+ auto fds = reinterpret_cast<int*>(aArgs.args[3]);
+ // Return sequential packet sockets instead of the expected
+ // datagram sockets; see bug 1355274 for details.
+ if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds) != 0) {
+ return -errno;
+ }
+ return 0;
+ }
+
public:
explicit ContentSandboxPolicy(SandboxBrokerClient* aBroker):mBroker(aBroker) { }
virtual ~ContentSandboxPolicy() { }
@@ -508,6 +518,7 @@ public:
switch(aCall) {
case SYS_RECVFROM:
case SYS_SENDTO:
+ case SYS_SENDMMSG: // libresolv via libasyncns; see bug 1355274
return Some(Allow());
case SYS_SOCKETPAIR: {
@@ -517,9 +528,12 @@ public:
return Some(Allow());
}
Arg<int> domain(0), type(1);
- return Some(If(AllOf(domain == AF_UNIX,
- AnyOf(type == SOCK_STREAM, type == SOCK_SEQPACKET)),
- Allow())
+ return Some(If(domain == AF_UNIX,
+ Switch(type)
+ .Case(SOCK_STREAM, Allow())
+ .Case(SOCK_SEQPACKET, Allow())
+ .Case(SOCK_DGRAM, Trap(SocketpairDatagramTrap, nullptr))
+ .Default(InvalidSyscall()))
.Else(InvalidSyscall()));
}
More information about the tbb-commits
mailing list