Bug 1480755 - Add support for new Mesa device probing. r=jld
authorGian-Carlo Pascutto <gcp@mozilla.com>
Wed, 22 Aug 2018 01:52:44 +0000
changeset 481167 8a34342120f17e0bca6336b9a7038f481d6b8588
parent 481166 a660ab08bc27adf18a5214583b2d6566b3dfe3a4
child 481168 db66903f54cc0b27224255efab79cef50ca16540
push id232
push userfmarier@mozilla.com
push dateWed, 05 Sep 2018 20:45:54 +0000
reviewersjld
bugs1480755
milestone63.0a1
Bug 1480755 - Add support for new Mesa device probing. r=jld MozReview-Commit-ID: CD9ATGHUOZ1 Differential Revision: https://phabricator.services.mozilla.com/D3910
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -58,16 +58,19 @@ static const int access = SandboxBroker:
 #endif
 
 static void
 AddMesaSysfsPaths(SandboxBroker::Policy* aPolicy)
 {
   // Bug 1384178: Mesa driver loader
   aPolicy->AddPrefix(rdonly, "/sys/dev/char/226:");
 
+  // Bug 1480755: Mesa tries to probe /sys paths in turn
+  aPolicy->AddAncestors("/sys/dev/char/");
+
   // Bug 1401666: Mesa driver loader part 2: Mesa <= 12 using libudev
   if (auto dir = opendir("/dev/dri")) {
     while (auto entry = readdir(dir)) {
       if (entry->d_name[0] != '.') {
         nsPrintfCString devPath("/dev/dri/%s", entry->d_name);
         struct stat sb;
         if (stat(devPath.get(), &sb) == 0 && S_ISCHR(sb.st_mode)) {
           // For both the DRI node and its parent (the physical
@@ -79,20 +82,32 @@ AddMesaSysfsPaths(SandboxBroker::Policy*
                                     minor(sb.st_rdev),
                                     suffix);
             // libudev will expand the symlink but not do full
             // canonicalization, so it will leave in ".." path
             // components that will be realpath()ed in the
             // broker.  To match this, allow the canonical paths.
             UniqueFreePtr<char[]> realSysPath(realpath(sysPath.get(), nullptr));
             if (realSysPath) {
-              nsPrintfCString ueventPath("%s/uevent", realSysPath.get());
-              nsPrintfCString configPath("%s/config", realSysPath.get());
-              aPolicy->AddPath(rdonly, ueventPath.get());
-              aPolicy->AddPath(rdonly, configPath.get());
+              static const Array<const char*, 7> kMesaAttrSuffixes = {
+                "revision",
+                "vendor",
+                "device",
+                "subsystem_vendor",
+                "subsystem_device",
+                "uevent",
+                "config"
+              };
+              for (const auto attrSuffix : kMesaAttrSuffixes) {
+                nsPrintfCString attrPath("%s/%s", realSysPath.get(), attrSuffix);
+                aPolicy->AddPath(rdonly, attrPath.get());
+              }
+              // Allowing stat-ing the parent dirs
+              nsPrintfCString basePath("%s/", realSysPath.get());
+              aPolicy->AddAncestors(basePath.get());
             }
           }
         }
       }
     }
     closedir(dir);
   }
 }