Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith

Relatively harmless syscalls: * dup, used by mozilla::ipc::Shmem * getuid, for android::IPCThreadState, used in audio decode * nanosleep, used by android::AudioTrack Of potential concern: * sched_setscheduler, used by audio threads in e.g. CubeVid This might be restrictable somewhat by inspecting its arguments. Of serious concern: * unlink, as a workaround for bug 906996 (q.v.). Note that we already allow open(), including for writing (temporary files, /dev/genlock on qcom devices, probably more), so allowing unlink won't make the situation much worse.
2013-09-06 09:13:59 -04:00 · 2013-09-06 09:13:59 -04:00 · bc85533cf4
--- a/security/sandbox/seccomp_filter.h
+++ b/security/sandbox/seccomp_filter.h
@ -69,18 +69,24 @@
  ALLOW_SYSCALL(munmap), \
  ALLOW_SYSCALL(mmap2), \
  ALLOW_SYSCALL(mprotect), \
+  ALLOW_SYSCALL(dup), \
+  ALLOW_SYSCALL(getuid32), \
+  ALLOW_SYSCALL(nanosleep), \
  /* Must remove all of the following in the future, when no longer used */ \
  /* open() is for some legacy APIs such as font loading. */ \
+  /* See bug 906996 for removing unlink(). */ \
  ALLOW_SYSCALL(open), \
  ALLOW_SYSCALL(fstat64), \
  ALLOW_SYSCALL(stat64), \
  ALLOW_SYSCALL(prctl), \
  ALLOW_SYSCALL(access), \
  ALLOW_SYSCALL(getdents64), \
+  ALLOW_SYSCALL(unlink), \
  /* Should remove all of the following in the future, if possible */ \
  ALLOW_SYSCALL(getpriority), \
  ALLOW_SYSCALL(setpriority), \
  ALLOW_SYSCALL(sigprocmask), \
+  ALLOW_SYSCALL(sched_setscheduler), \
  /* Always last and always OK calls */ \
  SECCOMP_WHITELIST_ADD \
  /* restart_syscall is called internally, generally when debugging */ \