Bug 1372428 - Deal with fcntl() in media plugins. r=gcp, a=jcristau
authorJed Davis <jld@mozilla.com>
Fri, 07 Jul 2017 08:58:45 -0600
changeset 414357 01af915e2e85c9f116aa92ff5c2ea76dd7ca75fa
parent 414356 e5e3e626cdaf6b52570b242fe38c1d7f03079a22
child 414358 45afa550d6cc52effd06f7c42ca99d2ea68bcfa1
push id1490
push usermtabara@mozilla.com
push dateMon, 31 Jul 2017 14:08:16 +0000
treeherdermozilla-release@70e32e6bf15e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp, jcristau
bugs1372428
milestone55.0
Bug 1372428 - Deal with fcntl() in media plugins. r=gcp, a=jcristau MozReview-Commit-ID: 9kBowGtSPYO
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -957,16 +957,32 @@ class GMPSandboxPolicy : public SandboxP
     PodZero(buf);
     // The real uname() increases fingerprinting risk for no benefit.
     // This is close enough.
     strcpy(buf->sysname, "Linux");
     strcpy(buf->version, "3");
     return 0;
   };
 
+  static intptr_t FcntlTrap(const sandbox::arch_seccomp_data& aArgs,
+                            void* aux)
+  {
+    const auto cmd = static_cast<int>(aArgs.args[1]);
+    switch (cmd) {
+      // This process can't exec, so the actual close-on-exec flag
+      // doesn't matter; have it always read as true and ignore writes.
+    case F_GETFD:
+      return O_CLOEXEC;
+    case F_SETFD:
+      return 0;
+    default:
+      return -ENOSYS;
+    }
+  }
+
   SandboxOpenedFile* mPlugin;
 public:
   explicit GMPSandboxPolicy(SandboxOpenedFile* aPlugin)
   : mPlugin(aPlugin)
   {
     MOZ_ASSERT(aPlugin->mPath[0] == '/', "plugin path should be absolute");
   }
 
@@ -1010,16 +1026,18 @@ public:
 
     // For clock(3) on older glibcs; bug 1304220.
     case __NR_times:
       return Allow();
 
     // Bug 1372428
     case __NR_uname:
       return Trap(UnameTrap, nullptr);
+    CASES_FOR_fcntl:
+      return Trap(FcntlTrap, nullptr);
 
     default:
       return SandboxPolicyCommon::EvaluateSyscall(sysno);
     }
   }
 };
 
 UniquePtr<sandbox::bpf_dsl::Policy>