Bug 1384986 - Fix PulseAudio breakage caused by read restrictions. r?gcp draft
authorJed Davis <jld@mozilla.com>
Thu, 27 Jul 2017 12:41:22 -0600
changeset 617126 179171cf51c10c88228c3c023454daaaf1f76d78
parent 617125 97838e43a15a3129a803fa2964da72aaabf7f41b
child 639708 854adc6501d376b14b3d3f02b19d11a62d600c8a
push id70933
push userbmo:jld@mozilla.com
push dateThu, 27 Jul 2017 23:58:56 +0000
reviewersgcp
bugs1384986
milestone56.0a1
Bug 1384986 - Fix PulseAudio breakage caused by read restrictions. r?gcp MozReview-Commit-ID: 518mslh9xy
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
security/sandbox/linux/broker/moz.build
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -74,24 +74,31 @@ SandboxBrokerPolicyFactory::SandboxBroke
   policy->AddDir(rdwr, "/dev/dri");
 
 #ifdef MOZ_ALSA
   // Bug 1309098: ALSA support
   policy->AddDir(rdwr, "/dev/snd");
 #endif
 
 #ifdef MOZ_WIDGET_GTK
-  // Bug 1321134: DConf's single bit of shared memory
   if (const auto userDir = g_get_user_runtime_dir()) {
+    // Bug 1321134: DConf's single bit of shared memory
     // The leaf filename is "user" by default, but is configurable.
     nsPrintfCString shmPath("%s/dconf/", userDir);
     policy->AddPrefix(rdwrcr, shmPath.get());
     policy->AddAncestors(Move(shmPath));
+#ifdef MOZ_PULSEAUDIO
+    // PulseAudio, if it can't get server info from X11, will break
+    // unless it can open this directory (or create it, but in our use
+    // case we know it already exists).  See bug 1335329.
+    nsPrintfCString pulsePath("%s/pulse", userDir);
+    policy->AddPath(rdonly, pulsePath.get());
+#endif // MOZ_PULSEAUDIO
   }
-#endif
+#endif // MOZ_WIDGET_GTK
 
   // Read permissions
   // No read blocking at level 2 and below
   if (Preferences::GetInt("security.sandbox.content.level") <= 2) {
     policy->AddDir(rdonly, "/");
     mCommonContentPolicy.reset(policy);
     return;
   }
@@ -106,16 +113,23 @@ SandboxBrokerPolicyFactory::SandboxBroke
   policy->AddDir(rdonly, "/usr/lib32");
   policy->AddDir(rdonly, "/usr/lib64");
   policy->AddDir(rdonly, "/usr/X11R6/lib/X11/fonts");
   policy->AddDir(rdonly, "/usr/tmp");
   policy->AddDir(rdonly, "/var/tmp");
   policy->AddDir(rdonly, "/sys/devices/cpu");
   policy->AddDir(rdonly, "/sys/devices/system/cpu");
 
+#ifdef MOZ_PULSEAUDIO
+  // See bug 1384986 comment #1.
+  if (const auto xauth = PR_GetEnv("XAUTHORITY")) {
+    policy->AddPath(rdonly, xauth);
+  }
+#endif
+
   // Configuration dirs in the homedir that we want to allow read
   // access to.
   mozilla::Array<const char*, 3> confDirs = {
     ".config",
     ".themes",
     ".fonts",
   };
 
--- a/security/sandbox/linux/broker/moz.build
+++ b/security/sandbox/linux/broker/moz.build
@@ -14,16 +14,18 @@ SOURCES += [
     'SandboxBroker.cpp',
     'SandboxBrokerCommon.cpp',
     'SandboxBrokerPolicyFactory.cpp',
     'SandboxBrokerRealpath.cpp',
 ]
 
 if CONFIG['MOZ_ALSA']:
     DEFINES['MOZ_ALSA'] = True
+if CONFIG['MOZ_PULSEAUDIO']:
+    DEFINES['MOZ_PULSEAUDIO'] = True
 
 LOCAL_INCLUDES += [
     '/security/sandbox/linux', # SandboxLogging.h, SandboxInfo.h
 ]
 
 # Need this for mozilla::ipc::FileDescriptor etc.
 include('/ipc/chromium/chromium-config.mozbuild')