extra/chromium/patches/musl-sandbox.patch

   1 diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
   2 index cc0e91b..8836e77 100644
   3 --- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
   4 +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
   5 @@ -130,21 +130,11 @@ namespace sandbox {
   6  // present (as in newer versions of posix_spawn).
   7  ResultExpr RestrictCloneToThreadsAndEPERMFork() {
   8    const Arg<unsigned long> flags(0);
   9 -
  10 -  // TODO(mdempsky): Extend DSL to support (flags & ~mask1) == mask2.
  11 -  const uint64_t kAndroidCloneMask = CLONE_VM | CLONE_FS | CLONE_FILES |
  12 -                                     CLONE_SIGHAND | CLONE_THREAD |
  13 -                                     CLONE_SYSVSEM;
  14 -  const uint64_t kObsoleteAndroidCloneMask = kAndroidCloneMask | CLONE_DETACHED;
  15 -
  16 -  const uint64_t kGlibcPthreadFlags =
  17 -      CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_THREAD |
  18 -      CLONE_SYSVSEM | CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID;
  19 -  const BoolExpr glibc_test = flags == kGlibcPthreadFlags;
  20 -
  21 -  const BoolExpr android_test =
  22 -      AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
  23 -            flags == kGlibcPthreadFlags);
  24 +  const int required = CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
  25 +                       CLONE_THREAD | CLONE_SYSVSEM;
  26 +  const int safe = CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |
  27 +                   CLONE_DETACHED;
  28 +  const BoolExpr thread_clone_ok = (flags&~safe)==required;
  29
  30    // The following two flags are the two important flags in any vfork-emulating
  31    // clone call. EPERM any clone call that contains both of them.
  32 @@ -154,7 +144,7 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
  33        AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
  34              (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
  35
  36 -  return If(IsAndroid() ? android_test : glibc_test, Allow())
  37 +  return If(thread_clone_ok, Allow())
  38        .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
  39        .Else(CrashSIGSYSClone());
  40  }
  41 diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
  42 index 96c9f49..225823c 100644
  43 --- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
  44 +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
  45 @@ -417,6 +417,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
  46  #if defined(__i386__)
  47      case __NR_waitpid:
  48  #endif
  49 +    case __NR_set_tid_address:
  50        return true;
  51      case __NR_clone:  // Should be parameter-restricted.
  52      case __NR_setns:  // Privileged.
  53 @@ -429,7 +430,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
  54  #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
  55      case __NR_set_thread_area:
  56  #endif
  57 -    case __NR_set_tid_address:
  58      case __NR_unshare:
  59  #if !defined(__mips__) && !defined(__aarch64__)
  60      case __NR_vfork:
  61 @@ -543,6 +543,8 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
  62      case __NR_mlock:
  63      case __NR_munlock:
  64      case __NR_munmap:
  65 +    case __NR_mremap:
  66 +    case __NR_membarrier:
  67        return true;
  68      case __NR_madvise:
  69      case __NR_mincore:
  70 @@ -560,7 +562,6 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
  71      case __NR_modify_ldt:
  72  #endif
  73      case __NR_mprotect:
  74 -    case __NR_mremap:
  75      case __NR_msync:
  76      case __NR_munlockall:
  77      case __NR_readahead:
  78 diff --git a/sandbox/linux/system_headers/arm64_linux_syscalls.h b/sandbox/linux/system_headers/arm64_linux_syscalls.h
  79 index a242c18..bb80da6 100644
  80 --- a/sandbox/linux/system_headers/arm64_linux_syscalls.h
  81 +++ b/sandbox/linux/system_headers/arm64_linux_syscalls.h
  82 @@ -1063,6 +1063,10 @@
  83  #define __NR_memfd_create 279
  84  #endif
  85
  86 +#if !defined(__NR_membarrier)
  87 +#define __NR_membarrier 283
  88 +#endif
  89 +
  90  #if !defined(__NR_bpf)
  91  #define __NR_bpf 280
  92  #endif
  93 diff --git a/sandbox/linux/system_headers/arm_linux_syscalls.h b/sandbox/linux/system_headers/arm_linux_syscalls.h
  94 index 85da6f4..7a26b31 100644
  95 --- a/sandbox/linux/system_headers/arm_linux_syscalls.h
  96 +++ b/sandbox/linux/system_headers/arm_linux_syscalls.h
  97 @@ -1385,6 +1385,10 @@
  98  #define __NR_memfd_create (__NR_SYSCALL_BASE+385)
  99  #endif
 100
 101 +#if !defined(__NR_membarrier)
 102 +#define __NR_membarrier (__NR_SYSCALL_BASE+389)
 103 +#endif
 104 +
 105  #if !defined(__NR_bpf)
 106  #define __NR_bpf (__NR_SYSCALL_BASE+386)
 107  #endif
 108 diff --git a/sandbox/linux/system_headers/linux_syscalls.h b/sandbox/linux/system_headers/linux_syscalls.h
 109 index 2b78a0c..b6fedb5 100644
 110 --- a/sandbox/linux/system_headers/linux_syscalls.h
 111 +++ b/sandbox/linux/system_headers/linux_syscalls.h
 112 @@ -10,6 +10,7 @@
 113  #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
 114
 115  #include "build/build_config.h"
 116 +#include <sys/syscall.h>
 117
 118  #if defined(__x86_64__)
 119  #include "sandbox/linux/system_headers/x86_64_linux_syscalls.h"
 120 diff --git a/sandbox/linux/system_headers/mips64_linux_syscalls.h b/sandbox/linux/system_headers/mips64_linux_syscalls.h
 121 index ec75815..5515270 100644
 122 --- a/sandbox/linux/system_headers/mips64_linux_syscalls.h
 123 +++ b/sandbox/linux/system_headers/mips64_linux_syscalls.h
 124 @@ -1271,4 +1271,8 @@
 125  #define __NR_memfd_create (__NR_Linux + 314)
 126  #endif
 127
 128 +#if !defined(__NR_membarrier)
 129 +#define __NR_membarrier (__NR_Linux  318)
 130 +#endif
 131 +
 132  #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_
 133 diff --git a/sandbox/linux/system_headers/mips_linux_syscalls.h b/sandbox/linux/system_headers/mips_linux_syscalls.h
 134 index 50d9ea1..0caffae 100644
 135 --- a/sandbox/linux/system_headers/mips_linux_syscalls.h
 136 +++ b/sandbox/linux/system_headers/mips_linux_syscalls.h
 137 @@ -1685,4 +1685,8 @@
 138  #define __NR_mount_setattr (__NR_Linux + 442)
 139  #endif
 140
 141 +#if !defined(__NR_membarrier)
 142 +#define __NR_membarrier (__NR_Linux  358)
 143 +#endif
 144 +
 145  #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_
 146 diff --git a/sandbox/linux/system_headers/x86_64_linux_syscalls.h b/sandbox/linux/system_headers/x86_64_linux_syscalls.h
 147 index b0ae0a2..8b12029 100644
 148 --- a/sandbox/linux/system_headers/x86_64_linux_syscalls.h
 149 +++ b/sandbox/linux/system_headers/x86_64_linux_syscalls.h
 150 @@ -1350,5 +1350,9 @@
 151  #define __NR_rseq 334
 152  #endif
 153
 154 +#if !defined(__NR_membarrier)
 155 +#define __NR_membarrier 324
 156 +#endif
 157 +
 158  #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_
 159
 160 diff --git a/sandbox/policy/linux/bpf_renderer_policy_linux.cc b/sandbox/policy/linux/bpf_renderer_policy_linux.cc
 161 index f789e92..5cc0861 100644
 162 --- a/sandbox/policy/linux/bpf_renderer_policy_linux.cc
 163 +++ b/sandbox/policy/linux/bpf_renderer_policy_linux.cc
 164 @@ -97,11 +97,11 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {
 165      case __NR_sysinfo:
 166      case __NR_times:
 167      case __NR_uname:
 168 -      return Allow();
 169 -    case __NR_sched_getaffinity:
 170      case __NR_sched_getparam:
 171      case __NR_sched_getscheduler:
 172      case __NR_sched_setscheduler:
 173 +        return Allow();
 174 +    case __NR_sched_getaffinity:
 175        return RestrictSchedTarget(GetPolicyPid(), sysno);
 176      case __NR_prlimit64:
 177        // See crbug.com/662450 and setrlimit comment above.