Bug 1912328 - Permit stat for allowed files in GMP process sandbox. r=gcp,gerard-majax

After updating the Widevine plugin to 4.10.2830.0, we would crash on startup of the plugin because it attempted to use the stat syscall. Allow uses of stat for files that we have already opened / allowed access to in the GMP sandbox. Differential Revision: https://phabricator.services.mozilla.com/D218855
2024-08-09 12:33:00 +00:00 · 2024-08-09 12:33:00 +00:00 · 7eb8c3f022
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@ -1693,6 +1693,18 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
    return fd;
  }

+  static intptr_t StatTrap(const sandbox::arch_seccomp_data& aArgs, void* aux) {
+    const auto* const files = static_cast<const SandboxOpenedFiles*>(aux);
+    const auto* path = reinterpret_cast<const char*>(aArgs.args[0]);
+    int fd = files->GetDesc(path);
+    if (fd < 0) {
+      // SandboxOpenedFile::GetDesc already logged about this, if appropriate.
+      return -ENOENT;
+    }
+    auto* buf = reinterpret_cast<statstruct*>(aArgs.args[1]);
+    return fstat(fd, buf);
+  }
+
  static intptr_t UnameTrap(const sandbox::arch_seccomp_data& aArgs,
                            void* aux) {
    const auto buf = reinterpret_cast<struct utsname*>(aArgs.args[0]);
@ -1740,6 +1752,9 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
      case __NR_openat:
        return Trap(OpenTrap, mFiles);

+      CASES_FOR_stat:
+        return Trap(StatTrap, mFiles);
+
      case __NR_brk:
        return Allow();
      case __NR_sched_get_priority_min: