Bug 1408493 - Don't restrict ioctl() in sandboxed content if ALSA might be used. r?gcp
MozReview-Commit-ID: 61AmLLcPaWw
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -709,16 +709,20 @@ public:
case __NR_writev:
case __NR_pread64:
#ifdef DESKTOP
case __NR_pwrite64:
case __NR_readahead:
#endif
return Allow();
+#ifdef MOZ_ALSA
+ case __NR_ioctl:
+ return Allow();
+#else
case __NR_ioctl: {
static const unsigned long kTypeMask = _IOC_TYPEMASK << _IOC_TYPESHIFT;
static const unsigned long kTtyIoctls = TIOCSTI & kTypeMask;
// On some older architectures (but not x86 or ARM), ioctls are
// assigned type fields differently, and the TIOC/TC/FIO group
// isn't all the same type. If/when we support those archs,
// this would need to be revised (but really this should be a
// default-deny policy; see below).
@@ -737,16 +741,17 @@ public:
// Bug 1408498: libgio uses FIONREAD on inotify fds.
// (We should stop using inotify: bug 1408497.)
.ElseIf(request == FIONREAD, Allow())
// Allow anything that isn't a tty ioctl, for now; bug 1302711
// will cover changing this to a default-deny policy.
.ElseIf(shifted_type != kTtyIoctls, Allow())
.Else(SandboxPolicyCommon::EvaluateSyscall(sysno));
}
+#endif // !MOZ_ALSA
CASES_FOR_fcntl:
// Some fcntls have significant side effects like sending
// arbitrary signals, and there's probably nontrivial kernel
// attack surface; this should be locked down more if possible.
return Allow();
case __NR_mprotect: