commit 458e18efb75ff80d270cc875ac7c200da705752c Author: Jed Davis jld@mozilla.com Date: Tue Apr 11 20:55:34 2017 -0600
Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
MozReview-Commit-ID: 2DeklSGsjUV
--HG-- extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf --- security/sandbox/linux/SandboxFilter.cpp | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index 7e1771a62665..5ddd58029e85 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -496,6 +496,16 @@ class ContentSandboxPolicy : public SandboxPolicyCommon { return 0; }
+ static intptr_t SocketpairDatagramTrap(ArgsRef aArgs, void* aux) { + auto fds = reinterpret_cast<int*>(aArgs.args[3]); + // Return sequential packet sockets instead of the expected + // datagram sockets; see bug 1355274 for details. + if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds) != 0) { + return -errno; + } + return 0; + } + public: explicit ContentSandboxPolicy(SandboxBrokerClient* aBroker):mBroker(aBroker) { } virtual ~ContentSandboxPolicy() { } @@ -508,6 +518,7 @@ public: switch(aCall) { case SYS_RECVFROM: case SYS_SENDTO: + case SYS_SENDMMSG: // libresolv via libasyncns; see bug 1355274 return Some(Allow());
case SYS_SOCKETPAIR: { @@ -517,9 +528,12 @@ public: return Some(Allow()); } Arg<int> domain(0), type(1); - return Some(If(AllOf(domain == AF_UNIX, - AnyOf(type == SOCK_STREAM, type == SOCK_SEQPACKET)), - Allow()) + return Some(If(domain == AF_UNIX, + Switch(type) + .Case(SOCK_STREAM, Allow()) + .Case(SOCK_SEQPACKET, Allow()) + .Case(SOCK_DGRAM, Trap(SocketpairDatagramTrap, nullptr)) + .Default(InvalidSyscall())) .Else(InvalidSyscall())); }