# HG changeset patch # User Jed Davis # Date 1598606638 0 # Node ID a65fc6aca1f2337cb5e8e69f50b539d3c0de95ab # Parent a6c226548fa02c3ac4681499103cd85217c6de07 Bug 1660901 - Support the fstat-like subset of fstatat in the Linux sandbox policies. r=gcp, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D88499 diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -238,16 +238,22 @@ class SandboxPolicyCommon : public Sandb } static intptr_t StatAtTrap(ArgsRef aArgs, void* aux) { auto broker = static_cast(aux); auto fd = static_cast(aArgs.args[0]); auto path = reinterpret_cast(aArgs.args[1]); auto buf = reinterpret_cast(aArgs.args[2]); auto flags = static_cast(aArgs.args[3]); + + if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 && + strcmp(path, "") == 0) { + return ConvertError(fstatsyscall(fd, buf)); + } + if (fd != AT_FDCWD && path[0] != '/') { SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, %d)", fd, path, buf, flags); return BlockedSyscallTrap(aArgs, nullptr); } if ((flags & ~AT_SYMLINK_NOFOLLOW) != 0) { SANDBOX_LOG_ERROR("unsupported flags %d in fstatat(%d, \"%s\", %p, %d)", (flags & ~AT_SYMLINK_NOFOLLOW), fd, path, buf, flags); diff --git a/security/sandbox/linux/broker/SandboxBrokerUtils.h b/security/sandbox/linux/broker/SandboxBrokerUtils.h --- a/security/sandbox/linux/broker/SandboxBrokerUtils.h +++ b/security/sandbox/linux/broker/SandboxBrokerUtils.h @@ -14,17 +14,19 @@ // On 32-bit Linux, stat calls are translated by libc into stat64 // calls. We'll intercept those and handle them in the stat functions // but must be sure to use the right structure layout. #if defined(__NR_stat64) typedef struct stat64 statstruct; # define statsyscall stat64 # define lstatsyscall lstat64 +# define fstatsyscall fstat64 #elif defined(__NR_stat) typedef struct stat statstruct; # define statsyscall stat # define lstatsyscall lstat +# define fstatsyscall fstat #else # error Missing stat syscall include. #endif #endif // mozilla_SandboxBrokerUtils_h