Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed
authorChris Pearce <cpearce@mozilla.com>
Tue, 12 Apr 2016 16:12:21 +1200
changeset 330611 b8fb2ac78142ad28d90a9cc9fbc590aac6824527
parent 330610 e46009d07dbc6195f2762717e52ddeea5218cc24
child 330612 b4e76b374690de4baf1c6ece8acc13a995faadac
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjed
bugs1245789
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed MozReview-Commit-ID: C6bpItv1qpi
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -140,17 +140,21 @@ public:
   }
 
   virtual ResultExpr EvaluateSyscall(int sysno) const override {
     switch (sysno) {
       // Timekeeping
     case __NR_clock_gettime: {
       Arg<clockid_t> clk_id(0);
       return If(clk_id == CLOCK_MONOTONIC, Allow())
+        .ElseIf(clk_id == CLOCK_MONOTONIC_COARSE, Allow())
+        .ElseIf(clk_id == CLOCK_PROCESS_CPUTIME_ID, Allow())
         .ElseIf(clk_id == CLOCK_REALTIME, Allow())
+        .ElseIf(clk_id == CLOCK_REALTIME_COARSE, Allow())
+        .ElseIf(clk_id == CLOCK_THREAD_CPUTIME_ID, Allow())
         .Else(InvalidSyscall());
     }
     case __NR_gettimeofday:
 #ifdef __NR_time
     case __NR_time:
 #endif
     case __NR_nanosleep:
       return Allow();
@@ -175,16 +179,17 @@ public:
       // Metadata of opened files
     CASES_FOR_fstat:
       return Allow();
 
       // Simple I/O
     case __NR_write:
     case __NR_read:
     case __NR_writev: // see SandboxLogging.cpp
+    CASES_FOR_lseek:
       return Allow();
 
       // Memory mapping
     CASES_FOR_mmap:
     case __NR_munmap:
       return Allow();
 
       // Signal handling
@@ -512,17 +517,16 @@ public:
       // Workaround for bug 964455:
       return Error(EINVAL);
 
     CASES_FOR_select:
     case __NR_pselect6:
       return Allow();
 
     CASES_FOR_getdents:
-    CASES_FOR_lseek:
     CASES_FOR_ftruncate:
     case __NR_writev:
     case __NR_pread64:
 #ifdef DESKTOP
     case __NR_readahead:
 #endif
       return Allow();
 
@@ -675,16 +679,33 @@ class GMPSandboxPolicy : public SandboxP
     int fd = plugin->mFd.exchange(-1);
     if (fd < 0) {
       SANDBOX_LOG_ERROR("multiple opens of media plugin file unimplemented");
       return -ENOSYS;
     }
     return fd;
   }
 
+  static intptr_t SchedTrap(const sandbox::arch_seccomp_data& aArgs,
+                            void* aux)
+  {
+    const pid_t tid = syscall(__NR_gettid);
+    if (aArgs.args[0] == static_cast<uint64_t>(tid)) {
+      return syscall(aArgs.nr,
+                     0,
+                     aArgs.args[1],
+                     aArgs.args[2],
+                     aArgs.args[3],
+                     aArgs.args[4],
+                     aArgs.args[5]);
+    }
+    SANDBOX_LOG_ERROR("unsupported tid in SchedTrap");
+    return BlockedSyscallTrap(aArgs, nullptr);
+  }
+
   SandboxOpenedFile* mPlugin;
 public:
   explicit GMPSandboxPolicy(SandboxOpenedFile* aPlugin)
   : mPlugin(aPlugin)
   {
     MOZ_ASSERT(aPlugin->mPath[0] == '/', "plugin path should be absolute");
   }
 
@@ -706,16 +727,28 @@ public:
       Arg<int> advice(2);
       return If(advice == MADV_DONTNEED, Allow())
 #ifdef MOZ_ASAN
         .ElseIf(advice == MADV_NOHUGEPAGE, Allow())
         .ElseIf(advice == MADV_DONTDUMP, Allow())
 #endif
         .Else(InvalidSyscall());
     }
+    case __NR_brk:
+    case __NR_geteuid:
+      return Allow();
+    case __NR_sched_getparam:
+    case __NR_sched_getscheduler:
+    case __NR_sched_get_priority_min:
+    case __NR_sched_get_priority_max:
+    case __NR_sched_setscheduler: {
+      Arg<pid_t> pid(0);
+      return If(pid == 0, Allow())
+        .Else(Trap(SchedTrap, nullptr));
+    }
 
     default:
       return SandboxPolicyCommon::EvaluateSyscall(sysno);
     }
   }
 };
 
 UniquePtr<sandbox::bpf_dsl::Policy>