Bug 1386404 - Only do the tmp remapping if needed. r=jld
☠☠ backed out by 27a4ccb808ea ☠ ☠
authorGian-Carlo Pascutto <gcp@mozilla.com>
Thu, 26 Oct 2017 18:02:10 +0200
changeset 389067 36556e1a5ac7629336c789f006be524030b45765
parent 389066 b136f90dc49f8c34b44246d8e3e4916bc5c5c24a
child 389068 f895a4c8197c2886a26ca02ef1b0f28e2897d880
push id32777
push userarchaeopteryx@coole-files.de
push dateMon, 30 Oct 2017 22:44:45 +0000
treeherdermozilla-central@dd0f265a1300 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1386404
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1386404 - Only do the tmp remapping if needed. r=jld This helps with getting the tests that are running out of /tmp to pass, who get confused if their paths change underneath them. It's also a bit faster. MozReview-Commit-ID: CWtngVNhA0t
security/sandbox/linux/broker/SandboxBroker.cpp
--- a/security/sandbox/linux/broker/SandboxBroker.cpp
+++ b/security/sandbox/linux/broker/SandboxBroker.cpp
@@ -701,28 +701,32 @@ SandboxBroker::ThreadMain(void)
       // enforced below.
       strncpy(pathBuf2, recvBuf + first_len + 1, kMaxPathLen + 1);
 
       // First string is guaranteed to be 0-terminated.
       pathLen = first_len;
 
       // Look up the first pathname but first translate relative paths.
       pathLen = ConvertToRealPath(pathBuf, sizeof(pathBuf), pathLen);
-      pathLen = RemapTempDirs(pathBuf, sizeof(pathBuf), pathLen);
       perms = mPolicy->Lookup(nsDependentCString(pathBuf, pathLen));
 
       // We don't have read permissions on the requested dir.
-      // Did we arrive from a symlink in a path that is not writable?
-      // Then try to figure out the original path and see if that is readable.
       if (!(perms & MAY_READ)) {
-          // Work on the original path,
-          // this reverses ConvertToRealPath above.
-          int symlinkPerms = SymlinkPermissions(recvBuf, first_len);
-          if (symlinkPerms > 0) {
-            perms = symlinkPerms;
+          // Was it a tempdir that we can remap?
+          pathLen = RemapTempDirs(pathBuf, sizeof(pathBuf), pathLen);
+          perms = mPolicy->Lookup(nsDependentCString(pathBuf, pathLen));
+          if (!(perms & MAY_READ)) {
+            // Did we arrive from a symlink in a path that is not writable?
+            // Then try to figure out the original path and see if that is
+            // readable. Work on the original path, this reverses
+            // ConvertToRealPath above.
+            int symlinkPerms = SymlinkPermissions(recvBuf, first_len);
+            if (symlinkPerms > 0) {
+              perms = symlinkPerms;
+            }
           }
       }
 
       // Same for the second path.
       pathLen2 = strnlen(pathBuf2, kMaxPathLen);
       if (pathLen2 > 0) {
         // Force 0 termination.
         pathBuf2[pathLen2] = '\0';