Bug 1480755 - Add support for new Mesa device probing. r=jld, a=RyanVM
authorGian-Carlo Pascutto <gcp@mozilla.com>
Wed, 22 Aug 2018 01:52:44 +0000
changeset 481061 264fcd3206a6b20ef1508a6c6ae351ef281da303
parent 481060 0d676b757477df5e88d28b3e07f5d199db2e0fe6
child 481062 6cbbaad0935bc276da68a79559a7dbb7419baf23
push id1757
push userffxbld-merge
push dateFri, 24 Aug 2018 17:02:43 +0000
treeherdermozilla-release@736023aebdb1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld, RyanVM
bugs1480755
milestone62.0
Bug 1480755 - Add support for new Mesa device probing. r=jld, a=RyanVM MozReview-Commit-ID: CD9ATGHUOZ1 Differential Revision: https://phabricator.services.mozilla.com/D3910
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -57,16 +57,19 @@ static const int access = SandboxBroker:
 #endif
 
 static void
 AddMesaSysfsPaths(SandboxBroker::Policy* aPolicy)
 {
   // Bug 1384178: Mesa driver loader
   aPolicy->AddPrefix(rdonly, "/sys/dev/char/226:");
 
+  // Bug 1480755: Mesa tries to probe /sys paths in turn
+  aPolicy->AddAncestors("/sys/dev/char/");
+
   // Bug 1401666: Mesa driver loader part 2: Mesa <= 12 using libudev
   if (auto dir = opendir("/dev/dri")) {
     while (auto entry = readdir(dir)) {
       if (entry->d_name[0] != '.') {
         nsPrintfCString devPath("/dev/dri/%s", entry->d_name);
         struct stat sb;
         if (stat(devPath.get(), &sb) == 0 && S_ISCHR(sb.st_mode)) {
           // For both the DRI node and its parent (the physical
@@ -78,20 +81,32 @@ AddMesaSysfsPaths(SandboxBroker::Policy*
                                     minor(sb.st_rdev),
                                     suffix);
             // libudev will expand the symlink but not do full
             // canonicalization, so it will leave in ".." path
             // components that will be realpath()ed in the
             // broker.  To match this, allow the canonical paths.
             UniqueFreePtr<char[]> realSysPath(realpath(sysPath.get(), nullptr));
             if (realSysPath) {
-              nsPrintfCString ueventPath("%s/uevent", realSysPath.get());
-              nsPrintfCString configPath("%s/config", realSysPath.get());
-              aPolicy->AddPath(rdonly, ueventPath.get());
-              aPolicy->AddPath(rdonly, configPath.get());
+              static const Array<const char*, 7> kMesaAttrSuffixes = {
+                "revision",
+                "vendor",
+                "device",
+                "subsystem_vendor",
+                "subsystem_device",
+                "uevent",
+                "config"
+              };
+              for (const auto attrSuffix : kMesaAttrSuffixes) {
+                nsPrintfCString attrPath("%s/%s", realSysPath.get(), attrSuffix);
+                aPolicy->AddPath(rdonly, attrPath.get());
+              }
+              // Allowing stat-ing the parent dirs
+              nsPrintfCString basePath("%s/", realSysPath.get());
+              aPolicy->AddAncestors(basePath.get());
             }
           }
         }
       }
     }
     closedir(dir);
   }
 }