mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1511560 - Move syscalls for adjusting memory mapping properties into SandboxPolicyCommon. r=gcp 

madvise is used by our malloc (and probably others), and mprotect is
used with shared memory, including when created by another process, so
the common policy should include those rules.

Depends on D14521

Differential Revision: https://phabricator.services.mozilla.com/D14522

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Jed Davis 2019-02-23 00:44:08 +00:00
Родитель 6acf27b81f
Коммит 2dfa36102d
1 изменённых файлов: 20 добавлений и 16 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

36
security/sandbox/linux/SandboxFilter.cpp
Просмотреть файл

@ -447,7 +447,24 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
case __NR_munmap:
return Allow();
// Signal handling
// ipc::Shmem; also, glibc when creating threads:
case __NR_mprotect:
return Allow();
// madvise hints used by malloc; see bug 1303813 and bug 1364533
case __NR_madvise: {
Arg<int> advice(2);
return If(advice == MADV_DONTNEED, Allow())
.ElseIf(advice == MADV_FREE, Allow())
.ElseIf(advice == MADV_HUGEPAGE, Allow())
.ElseIf(advice == MADV_NOHUGEPAGE, Allow())
#ifdef MOZ_ASAN
.ElseIf(advice == MADV_DONTDUMP, Allow())
#endif
.Else(InvalidSyscall());
}
// Signal handling
#if defined(ANDROID) || defined(MOZ_ASAN)
case __NR_sigaltstack:
#endif
@ -1052,8 +1069,9 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
.Default(SandboxPolicyCommon::EvaluateSyscall(sysno));
}
case __NR_mprotect:
case __NR_brk:
// FIXME(bug 1510861) are we using any hints that aren't allowed
// in SandboxPolicyCommon now?
case __NR_madvise:
// libc's realloc uses mremap (Bug 1286119); wasm does too (bug
// 1342385).
@ -1335,20 +1353,6 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
case __NR_openat:
return Trap(OpenTrap, mFiles);
// ipc::Shmem
case __NR_mprotect:
return Allow();
case __NR_madvise: {
Arg<int> advice(2);
return If(advice == MADV_DONTNEED, Allow())
.ElseIf(advice == MADV_FREE, Allow())
.ElseIf(advice == MADV_HUGEPAGE, Allow())
.ElseIf(advice == MADV_NOHUGEPAGE, Allow())
# ifdef MOZ_ASAN
.ElseIf(advice == MADV_DONTDUMP, Allow())
# endif
.Else(InvalidSyscall());
}
case __NR_brk:
CASES_FOR_geteuid:
return Allow();