91 lines
2.8 KiB
Diff
91 lines
2.8 KiB
Diff
|
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
|
||
|
--- a/security/sandbox/linux/SandboxFilter.cpp
|
||
|
+++ b/security/sandbox/linux/SandboxFilter.cpp
|
||
|
@@ -699,10 +699,18 @@
|
||
|
Maybe<ResultExpr> EvaluateSocketCall(int aCall,
|
||
|
bool aHasArgs) const override {
|
||
|
switch (aCall) {
|
||
|
case SYS_RECVMSG:
|
||
|
case SYS_SENDMSG:
|
||
|
+ // These next four aren't needed for IPC or other core
|
||
|
+ // functionality at the time of this writing, but they're
|
||
|
+ // subsets of recvmsg/sendmsg so there's nothing gained by not
|
||
|
+ // allowing them here (and simplifying subclasses).
|
||
|
+ case SYS_RECVFROM:
|
||
|
+ case SYS_SENDTO:
|
||
|
+ case SYS_RECV:
|
||
|
+ case SYS_SEND:
|
||
|
return Some(Allow());
|
||
|
|
||
|
case SYS_SOCKETPAIR: {
|
||
|
// We try to allow "safe" (always connected) socketpairs when using the
|
||
|
// file broker, or for content processes, but we may need to fall back
|
||
|
@@ -1253,12 +1261,10 @@
|
||
|
~ContentSandboxPolicy() override = default;
|
||
|
|
||
|
Maybe<ResultExpr> EvaluateSocketCall(int aCall,
|
||
|
bool aHasArgs) const override {
|
||
|
switch (aCall) {
|
||
|
- case SYS_RECVFROM:
|
||
|
- case SYS_SENDTO:
|
||
|
case SYS_SENDMMSG: // libresolv via libasyncns; see bug 1355274
|
||
|
return Some(Allow());
|
||
|
|
||
|
#ifdef ANDROID
|
||
|
case SYS_SOCKET:
|
||
|
@@ -1268,18 +1274,21 @@
|
||
|
case SYS_CONNECT:
|
||
|
if (BelowLevel(4)) {
|
||
|
return Some(Allow());
|
||
|
}
|
||
|
return SandboxPolicyCommon::EvaluateSocketCall(aCall, aHasArgs);
|
||
|
- case SYS_RECV:
|
||
|
- case SYS_SEND:
|
||
|
+
|
||
|
+ // FIXME (bug 1761134): sockopts should be filtered
|
||
|
case SYS_GETSOCKOPT:
|
||
|
case SYS_SETSOCKOPT:
|
||
|
+ // These next 3 were needed for X11; they may not be needed
|
||
|
+ // with X11 lockdown, but there's not much attack surface here.
|
||
|
case SYS_GETSOCKNAME:
|
||
|
case SYS_GETPEERNAME:
|
||
|
case SYS_SHUTDOWN:
|
||
|
return Some(Allow());
|
||
|
+
|
||
|
case SYS_ACCEPT:
|
||
|
case SYS_ACCEPT4:
|
||
|
if (mUsingRenderDoc) {
|
||
|
return Some(Allow());
|
||
|
}
|
||
|
@@ -1908,26 +1917,19 @@
|
||
|
}
|
||
|
|
||
|
Maybe<ResultExpr> EvaluateSocketCall(int aCall,
|
||
|
bool aHasArgs) const override {
|
||
|
switch (aCall) {
|
||
|
+ case SYS_SOCKET:
|
||
|
+ case SYS_CONNECT:
|
||
|
case SYS_BIND:
|
||
|
return Some(Allow());
|
||
|
|
||
|
- case SYS_SOCKET:
|
||
|
- return Some(Allow());
|
||
|
-
|
||
|
- case SYS_CONNECT:
|
||
|
- return Some(Allow());
|
||
|
-
|
||
|
- case SYS_RECVFROM:
|
||
|
- case SYS_SENDTO:
|
||
|
+ // FIXME(bug 1641401) do we really need this?
|
||
|
case SYS_SENDMMSG:
|
||
|
return Some(Allow());
|
||
|
|
||
|
- case SYS_RECV:
|
||
|
- case SYS_SEND:
|
||
|
case SYS_GETSOCKOPT:
|
||
|
case SYS_SETSOCKOPT:
|
||
|
case SYS_GETSOCKNAME:
|
||
|
case SYS_GETPEERNAME:
|
||
|
case SYS_SHUTDOWN:
|
||
|
|