Bug 1500297 - Fix Linux content sandbox level 1. r=gcp
authorJed Davis <jld@mozilla.com>
Wed, 27 Feb 2019 15:23:25 +0000
changeset 461530 bacaa3d582814d0a1ba3769de92e68a01d16a777
parent 461529 da83e69c73310999b5c68b769b614351f279ca34
child 461531 56f39977c72c62e0fdff0e5f68e72d6091b221db
push id79177
push userjedavis@mozilla.com
push dateWed, 27 Feb 2019 20:39:46 +0000
treeherderautoland@493b443954fe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1500297, 1365257
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1500297 - Fix Linux content sandbox level 1. r=gcp Level 1 is meant to enable some seccomp-bpf filtering, but still allow direct access to the filesystem, and level 2 is where brokering starts. This was accidentally broken in 1365257 (making "level 1" act like level 2); this patch fixes that. This feature obviously isn't used much given how long nobody noticed it was broken, but it's useful to have around for troubleshooting, and it's actually easier to fix it than edit it out of the documentation. Differential Revision: https://phabricator.services.mozilla.com/D14519
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -413,18 +413,18 @@ SandboxBrokerPolicyFactory::SandboxBroke
 UniquePtr<SandboxBroker::Policy> SandboxBrokerPolicyFactory::GetContentPolicy(
     int aPid, bool aFileProcess) {
   // Policy entries that vary per-process (currently the only reason
   // that can happen is because they contain the pid) are added here,
   // as well as entries that depend on preferences or paths not available
   // in early startup.
 
   MOZ_ASSERT(NS_IsMainThread());
-  // File broker usage is controlled through a pref.
-  if (!IsContentSandboxEnabled()) {
+  // The file broker is used at level 2 and up.
+  if (GetEffectiveContentSandboxLevel() <= 1) {
     return nullptr;
   }
 
   MOZ_ASSERT(mCommonContentPolicy);
   UniquePtr<SandboxBroker::Policy> policy(
       new SandboxBroker::Policy(*mCommonContentPolicy));
 
   const int level = GetEffectiveContentSandboxLevel();