Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith
authorJed Davis <jld@mozilla.com>
Fri, 06 Sep 2013 09:13:59 -0400
changeset 145979 cd4715bff79442fca8cdaaa78187a9979a24fc21
parent 145978 ca8ed6d8ad247193cb32b6fc8361e952d6fb9e77
child 145980 da84b8b1bf7778ee119ffdb485dc20e7bb321ea4
push id25231
push userryanvm@gmail.com
push dateSat, 07 Sep 2013 00:41:00 +0000
treeherdermozilla-central@aac620f1deb1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskang, bsmith
bugs908907, 906996
milestone26.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith Relatively harmless syscalls: * dup, used by mozilla::ipc::Shmem * getuid, for android::IPCThreadState, used in audio decode * nanosleep, used by android::AudioTrack Of potential concern: * sched_setscheduler, used by audio threads in e.g. CubeVid This might be restrictable somewhat by inspecting its arguments. Of serious concern: * unlink, as a workaround for bug 906996 (q.v.). Note that we already allow open(), including for writing (temporary files, /dev/genlock on qcom devices, probably more), so allowing unlink won't make the situation much worse.
security/sandbox/seccomp_filter.h
--- a/security/sandbox/seccomp_filter.h
+++ b/security/sandbox/seccomp_filter.h
@@ -64,27 +64,33 @@
   ALLOW_SYSCALL(rt_sigreturn), \
   ALLOW_SYSCALL(sigreturn), \
   ALLOW_SYSCALL(epoll_wait), \
   ALLOW_SYSCALL(futex), \
   ALLOW_SYSCALL(fcntl64), \
   ALLOW_SYSCALL(munmap), \
   ALLOW_SYSCALL(mmap2), \
   ALLOW_SYSCALL(mprotect), \
+  ALLOW_SYSCALL(dup), \
+  ALLOW_SYSCALL(getuid32), \
+  ALLOW_SYSCALL(nanosleep), \
   /* Must remove all of the following in the future, when no longer used */ \
   /* open() is for some legacy APIs such as font loading. */ \
+  /* See bug 906996 for removing unlink(). */ \
   ALLOW_SYSCALL(open), \
   ALLOW_SYSCALL(fstat64), \
   ALLOW_SYSCALL(stat64), \
   ALLOW_SYSCALL(prctl), \
   ALLOW_SYSCALL(access), \
   ALLOW_SYSCALL(getdents64), \
+  ALLOW_SYSCALL(unlink), \
   /* Should remove all of the following in the future, if possible */ \
   ALLOW_SYSCALL(getpriority), \
   ALLOW_SYSCALL(setpriority), \
   ALLOW_SYSCALL(sigprocmask), \
+  ALLOW_SYSCALL(sched_setscheduler), \
   /* Always last and always OK calls */ \
   SECCOMP_WHITELIST_ADD \
   /* restart_syscall is called internally, generally when debugging */ \
   ALLOW_SYSCALL(restart_syscall), \
   ALLOW_SYSCALL(exit_group), \
   ALLOW_SYSCALL(exit)