Bug 1320834 - Reduce prctl policy for desktop content processes. r=gcp
This removes the allow-all override in the content policy, which means it will
fall back to the more restrictive prctl policy in SandboxPolicyCommon.
MozReview-Commit-ID: CncoGi0HLxR
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -528,21 +528,16 @@ private:
}
public:
explicit ContentSandboxPolicy(SandboxBrokerClient* aBroker,
const std::vector<int>& aSyscallWhitelist)
: mBroker(aBroker),
mSyscallWhitelist(aSyscallWhitelist) {}
~ContentSandboxPolicy() override = default;
- ResultExpr PrctlPolicy() const override {
- // Ideally this should be restricted to a whitelist, but content
- // uses enough things that it's not trivial to determine it.
- return Allow();
- }
Maybe<ResultExpr> EvaluateSocketCall(int aCall) const override {
switch(aCall) {
case SYS_RECVFROM:
case SYS_SENDTO:
case SYS_SENDMMSG: // libresolv via libasyncns; see bug 1355274
return Some(Allow());
case SYS_SOCKETPAIR: {
@@ -840,21 +835,16 @@ public:
case __NR_wait4:
#ifdef __NR_waitpid
case __NR_waitpid:
#endif
// NSPR will start a thread to wait for child processes even if
// fork() fails; see bug 227246 and bug 1299581.
return Error(ECHILD);
-#ifdef __NR_arch_prctl
- case __NR_arch_prctl:
-#endif
- return Allow();
-
case __NR_eventfd2:
case __NR_inotify_init:
case __NR_inotify_init1:
case __NR_inotify_add_watch:
case __NR_inotify_rm_watch:
return Allow();
#ifdef __NR_memfd_create