Add patch: Allow restricted clock_nanosleep in Linux sandbox

References:
- https://bugreports.qt.io/browse/QTBUG-81313
- https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/292352
- https://bugzilla.redhat.com/show_bug.cgi?id=1812482
- https://bugzilla.redhat.com/show_bug.cgi?id=1773289

qt5-qtwebengine.spec

@@ -44,7 +44,7 @@
 Summary: Qt5 - QtWebEngine components
 Name:    qt5-qtwebengine
 Version: 5.13.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 
 # See LICENSE.GPL LICENSE.LGPL LGPL_EXCEPTION.txt, for details
 # See also http://qt-project.org/doc/qt-5.0/qtdoc/licensing.html
@@ -92,6 +92,13 @@ Patch25: qtwebengine-everywhere-5.13.2-missing-semicolon-in-blink.patch
 Patch26: qtwebengine-everywhere-5.13.2-use-python2.patch
 # Fix missing include in chromium
 Patch27: qtwebengine-everywhere-5.13.2-fix-chromium-headers.patch
+# Fix for clock_nanosleep
+# https://bugreports.qt.io/browse/QTBUG-81313
+# https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/292352
+# Qt: https://codereview.qt-project.org/gitweb?p=qt/qtwebengine-chromium.git;a=patch;h=2c37da9ad4fe7d5b1911ba991798e508c81ba5ef
+# Chromium: https://chromium.googlesource.com/chromium/src/+/54407b422a9cbf775a68c1d57603c0ecac8ce0d7%5E%21/#F0
+# Didn't apply cleanly, manually ported
+Patch28: qtwebengine-everywhere-5.13.2-allow-restricted-clock_nanosleep-in-Linux-sandbox-manual.patch
 
 ## Upstream patches:
 # qtwebengine-chromium
@@ -380,6 +387,8 @@ popd
 %patch26 -p1 -b .use-python2
 %patch27 -p1 -b .fix-chromium
 
+%patch28 -p0 -b .allow-clock_nanosleep
+
 # the xkbcommon config/feature was renamed in 5.12, so need to adjust QT_CONFIG references
 # when building on older Qt releases
 %if "%{_qt5_version}" < "5.12.0"
@@ -597,6 +606,9 @@ done
 
 
 %changelog
+* Wed Mar 25 2020 Ankur Sinha <ankursinha AT fedoraproject DOT org> - 5.13.2-4
+- Add patch to allow clock_nanosleep in Linux sandbox (Chromium)
+
 * Fri Feb 21 2020 Troy Dawson <tdawson@redhat.com> - 5.13.2-3
 - Patch 3rd party chromium, fix FTBFS (#1799084)
 

qtwebengine-everywhere-5.13.2-allow-restricted-clock_nanosleep-in-Linux-sandbox-manual.patch

@@ -0,0 +1,129 @@
+diff -ur ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+--- ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc	2020-03-25 12:57:05.214021490 +0000
++++ ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc	2020-03-25 12:58:35.813396054 +0000
+@@ -137,7 +137,7 @@
+     return Allow();
+ #endif
+ 
+-  if (sysno == __NR_clock_gettime) {
++  if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
+     return RestrictClockID();
+   }
+ 
+diff -ur ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+--- ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc	2020-03-25 12:57:05.214021490 +0000
++++ ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc	2020-03-25 13:01:05.971702078 +0000
+@@ -393,6 +393,18 @@
+   syscall(SYS_clock_gettime, CLOCK_MONOTONIC_RAW, &ts);
+ }
+ 
++BPF_DEATH_TEST_C(BaselinePolicy,
++                 ClockNanosleepWithDisallowedClockCrashes,
++                 DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()),
++                 BaselinePolicy) {
++  struct timespec ts;
++  struct timespec out_ts;
++  ts.tv_sec = 0;
++  ts.tv_nsec = 0;
++  syscall(SYS_clock_nanosleep, (~0) | CLOCKFD, 0, &ts, &out_ts);
++}
++
++
+ #if !defined(GRND_RANDOM)
+ #define GRND_RANDOM 2
+ #endif
+diff -ur ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
+--- ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h	2020-03-25 12:57:05.213021508 +0000
++++ ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h	2020-03-25 13:03:32.058081155 +0000
+@@ -86,12 +86,13 @@
+ // process).
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictGetrusage();
+ 
+-// Restrict |clk_id| for clock_getres(), clock_gettime() and clock_settime().
+-// We allow accessing only CLOCK_MONOTONIC, CLOCK_PROCESS_CPUTIME_ID,
+-// CLOCK_REALTIME, and CLOCK_THREAD_CPUTIME_ID.  In particular, this disallows
+-// access to arbitrary per-{process,thread} CPU-time clock IDs (such as those
+-// returned by {clock,pthread}_getcpuclockid), which can leak information
+-// about the state of the host OS.
++// Restrict |clk_id| for clock_getres(), clock_gettime(), clock_settime(), and
++// clock_nanosleep(). We allow accessing only CLOCK_BOOTTIME,
++// CLOCK_MONOTONIC{,_RAW,_COARSE}, CLOCK_PROCESS_CPUTIME_ID,
++// CLOCK_REALTIME{,_COARSE}, and CLOCK_THREAD_CPUTIME_ID.  In particular, on
++// non-Android platforms this disallows access to arbitrary per-{process,thread}
++// CPU-time clock IDs (such as those returned by {clock,pthread}_getcpuclockid),
++// which can leak information about the state of the host OS.
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictClockID();
+ 
+ // Restrict the flags argument to getrandom() to allow only no flags, or
+diff -ur ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+--- ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc	2020-03-25 12:57:05.213021508 +0000
++++ ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc	2020-03-25 13:06:05.643325692 +0000
+@@ -59,6 +59,7 @@
+     switch (sysno) {
+       case __NR_clock_gettime:
+       case __NR_clock_getres:
++      case __NR_clock_nanosleep:
+         return RestrictClockID();
+       default:
+         return Allow();
+@@ -99,6 +100,25 @@
+ #endif
+ }
+ 
++void CheckClockNanosleep(clockid_t clockid) {
++  struct timespec ts;
++  struct timespec out_ts;
++  ts.tv_sec = 0;
++  ts.tv_nsec = 0;
++  clock_nanosleep(clockid, 0, &ts, &out_ts);
++}
++
++BPF_TEST_C(ParameterRestrictions,
++           clock_nanosleep_allowed,
++           RestrictClockIdPolicy) {
++  CheckClockNanosleep(CLOCK_MONOTONIC);
++  CheckClockNanosleep(CLOCK_MONOTONIC_COARSE);
++  CheckClockNanosleep(CLOCK_MONOTONIC_RAW);
++  CheckClockNanosleep(CLOCK_BOOTTIME);
++  CheckClockNanosleep(CLOCK_REALTIME);
++  CheckClockNanosleep(CLOCK_REALTIME_COARSE);
++}
++
+ BPF_DEATH_TEST_C(ParameterRestrictions,
+                  clock_gettime_crash_monotonic_raw,
+                  DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+@@ -107,6 +127,17 @@
+   syscall(SYS_clock_gettime, CLOCK_MONOTONIC_RAW, &ts);
+ }
+ 
++BPF_DEATH_TEST_C(ParameterRestrictions,
++                 clock_nanosleep_crash_clock_fd,
++                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
++                 RestrictClockIdPolicy) {
++  struct timespec ts;
++  struct timespec out_ts;
++  ts.tv_sec = 0;
++  ts.tv_nsec = 0;
++  syscall(SYS_clock_nanosleep, (~0) | CLOCKFD, 0, &ts, &out_ts);
++}
++
+ #if !defined(OS_ANDROID)
+ BPF_DEATH_TEST_C(ParameterRestrictions,
+                  clock_gettime_crash_cpu_clock,
+diff -ur ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+--- ../qtwebengine-everywhere-src-5.13.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc	2020-03-25 12:57:05.213021508 +0000
++++ ./src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc	2020-03-25 13:06:50.881514077 +0000
+@@ -35,9 +35,10 @@
+       return true;
+     case __NR_adjtimex:         // Privileged.
+     case __NR_clock_adjtime:    // Privileged.
+-    case __NR_clock_getres:     // Could be allowed.
+-    case __NR_clock_gettime:
+-    case __NR_clock_nanosleep:  // Could be allowed.
++    case __NR_clock_getres:     // Allowed only on Android with parameters
++                                // filtered by RestrictClokID().
++    case __NR_clock_gettime:    // Parameters filtered by RestrictClockID().
++    case __NR_clock_nanosleep:  // Parameters filtered by RestrictClockID().
+     case __NR_clock_settime:    // Privileged.
+ #if defined(__i386__) || \
+     (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))