Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith
authorJed Davis <jld@mozilla.com>
Fri, 06 Sep 2013 09:13:59 -0400
changeset 145818 cd4715bff79442fca8cdaaa78187a9979a24fc21
parent 145817 ca8ed6d8ad247193cb32b6fc8361e952d6fb9e77
child 145819 da84b8b1bf7778ee119ffdb485dc20e7bb321ea4
push id785
push userryanvm@gmail.com
push dateFri, 06 Sep 2013 13:15:25 +0000
treeherderb2g-inbound@da84b8b1bf77 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskang, bsmith
bugs908907, 906996
milestone26.0a1
Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith Relatively harmless syscalls: * dup, used by mozilla::ipc::Shmem * getuid, for android::IPCThreadState, used in audio decode * nanosleep, used by android::AudioTrack Of potential concern: * sched_setscheduler, used by audio threads in e.g. CubeVid This might be restrictable somewhat by inspecting its arguments. Of serious concern: * unlink, as a workaround for bug 906996 (q.v.). Note that we already allow open(), including for writing (temporary files, /dev/genlock on qcom devices, probably more), so allowing unlink won't make the situation much worse.
security/sandbox/seccomp_filter.h
--- a/security/sandbox/seccomp_filter.h
+++ b/security/sandbox/seccomp_filter.h
@@ -64,27 +64,33 @@
   ALLOW_SYSCALL(rt_sigreturn), \
   ALLOW_SYSCALL(sigreturn), \
   ALLOW_SYSCALL(epoll_wait), \
   ALLOW_SYSCALL(futex), \
   ALLOW_SYSCALL(fcntl64), \
   ALLOW_SYSCALL(munmap), \
   ALLOW_SYSCALL(mmap2), \
   ALLOW_SYSCALL(mprotect), \
+  ALLOW_SYSCALL(dup), \
+  ALLOW_SYSCALL(getuid32), \
+  ALLOW_SYSCALL(nanosleep), \
   /* Must remove all of the following in the future, when no longer used */ \
   /* open() is for some legacy APIs such as font loading. */ \
+  /* See bug 906996 for removing unlink(). */ \
   ALLOW_SYSCALL(open), \
   ALLOW_SYSCALL(fstat64), \
   ALLOW_SYSCALL(stat64), \
   ALLOW_SYSCALL(prctl), \
   ALLOW_SYSCALL(access), \
   ALLOW_SYSCALL(getdents64), \
+  ALLOW_SYSCALL(unlink), \
   /* Should remove all of the following in the future, if possible */ \
   ALLOW_SYSCALL(getpriority), \
   ALLOW_SYSCALL(setpriority), \
   ALLOW_SYSCALL(sigprocmask), \
+  ALLOW_SYSCALL(sched_setscheduler), \
   /* Always last and always OK calls */ \
   SECCOMP_WHITELIST_ADD \
   /* restart_syscall is called internally, generally when debugging */ \
   ALLOW_SYSCALL(restart_syscall), \
   ALLOW_SYSCALL(exit_group), \
   ALLOW_SYSCALL(exit)