projects / packages / qt5-qtwebengine.git / blame
| Commit | Line | Data |
|---|---|---|
| 3b5e88b8 JP |
1 | diff -up qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.rh#1904652 qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc |
| 2 | --- qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.rh#1904652 2021-05-28 07:05:45.000000000 -0500 | |
| 3 | +++ qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-06-24 08:34:07.566783935 -0500 | |
| 4 | @@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de | |
| 5 | return RestrictKillTarget(current_pid, sysno); | |
| 6 | } | |
| 7 | ||
| 8 | +#if defined(__NR_newfstatat) | |
| 9 | + if (sysno == __NR_newfstatat) { | |
| 10 | + return RewriteFstatatSIGSYS(); | |
| 11 | + } | |
| 12 | +#endif | |
| 13 | + | |
| 14 | +#if defined(__NR_fstatat64) | |
| 15 | + if (sysno == __NR_fstatat64) { | |
| 16 | + return RewriteFstatatSIGSYS(); | |
| 17 | + } | |
| 18 | +#endif | |
| 19 | + | |
| 20 | if (SyscallSets::IsFileSystem(sysno) || | |
| 21 | SyscallSets::IsCurrentDirectory(sysno)) { | |
| 22 | return Error(fs_denied_errno); | |
| 23 | diff -up qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.rh#1904652 qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc | |
| 24 | --- qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.rh#1904652 2021-05-28 07:05:45.000000000 -0500 | |
| 25 | +++ qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-06-24 08:40:08.552334787 -0500 | |
| 26 | @@ -6,6 +6,8 @@ | |
| 27 | ||
| 28 | #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | |
| 29 | ||
| 30 | +#include <errno.h> | |
| 31 | +#include <fcntl.h> | |
| 32 | #include <stddef.h> | |
| 33 | #include <stdint.h> | |
| 34 | #include <string.h> | |
| 35 | @@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct | |
| 36 | return -ENOSYS; | |
| 37 | } | |
| 38 | ||
| 39 | +intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args, | |
| 40 | + void* aux) { | |
| 41 | + switch (args.nr) { | |
| 42 | +#if defined(__NR_newfstatat) | |
| 43 | + case __NR_newfstatat: | |
| 44 | +#endif | |
| 45 | +#if defined(__NR_fstatat64) | |
| 46 | + case __NR_fstatat64: | |
| 47 | +#endif | |
| 48 | +#if defined(__NR_newfstatat) || defined(__NR_fstatat64) | |
| 49 | + if (*reinterpret_cast<const char *>(args.args[1]) == '\0' | |
| 50 | + && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) { | |
| 51 | + return sandbox::sys_fstat64(static_cast<int>(args.args[0]), | |
| 52 | + reinterpret_cast<struct stat64 *>(args.args[2])); | |
| 53 | + } else { | |
| 54 | + errno = EACCES; | |
| 55 | + return -1; | |
| 56 | + } | |
| 57 | + break; | |
| 58 | +#endif | |
| 59 | + } | |
| 60 | + | |
| 61 | + CrashSIGSYS_Handler(args, aux); | |
| 62 | + | |
| 63 | + // Should never be reached. | |
| 64 | + RAW_CHECK(false); | |
| 65 | + return -ENOSYS; | |
| 66 | +} | |
| 67 | + | |
| 68 | bpf_dsl::ResultExpr CrashSIGSYS() { | |
| 69 | return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL); | |
| 70 | } | |
| 71 | @@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() | |
| 72 | return bpf_dsl::Trap(SIGSYSSchedHandler, NULL); | |
| 73 | } | |
| 74 | ||
| 75 | +bpf_dsl::ResultExpr RewriteFstatatSIGSYS() { | |
| 76 | + return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL); | |
| 77 | +} | |
| 78 | + | |
| 79 | void AllocateCrashKeys() { | |
| 80 | #if !defined(OS_NACL_NONSFI) | |
| 81 | if (seccomp_crash_key) | |
| 82 | diff -up qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.rh#1904652 qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h | |
| 83 | --- qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.rh#1904652 2021-05-28 07:05:45.000000000 -0500 | |
| 84 | +++ qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-06-24 08:39:31.205174337 -0500 | |
| 85 | @@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail | |
| 86 | // sched_setparam(), sched_setscheduler() | |
| 87 | SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args, | |
| 88 | void* aux); | |
| 89 | +// If the fstatat syscall is actually a disguised fstat, calls the regular fstat | |
| 90 | +// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler. | |
| 91 | +SANDBOX_EXPORT intptr_t | |
| 92 | + SIGSYSFstatatHandler(const struct arch_seccomp_data& args, void* aux); | |
| 93 | ||
| 94 | // Variants of the above functions for use with bpf_dsl. | |
| 95 | SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS(); | |
| 96 | @@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash | |
| 97 | SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex(); | |
| 98 | SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace(); | |
| 99 | SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS(); | |
| 100 | +SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(); | |
| 101 | ||
| 102 | // Allocates a crash key so that Seccomp information can be recorded. | |
| 103 | void AllocateCrashKeys(); | |
| 104 | diff -up qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc.rh#1904652 qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc | |
| 105 | --- qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc.rh#1904652 2021-05-28 07:05:45.000000000 -0500 | |
| 106 | +++ qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc 2021-06-24 08:34:07.567783940 -0500 | |
| 107 | @@ -261,4 +261,13 @@ int sys_sigaction(int signum, | |
| 108 | ||
| 109 | #endif // defined(MEMORY_SANITIZER) | |
| 110 | ||
| 111 | +SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf) | |
| 112 | +{ | |
| 113 | +#if defined(__NR_fstat64) | |
| 114 | + return syscall(__NR_fstat64, fd, buf); | |
| 115 | +#else | |
| 116 | + return syscall(__NR_fstat, fd, buf); | |
| 117 | +#endif | |
| 118 | +} | |
| 119 | + | |
| 120 | } // namespace sandbox | |
| 121 | diff -up qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h.rh#1904652 qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h | |
| 122 | --- qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h.rh#1904652 2021-05-28 07:05:45.000000000 -0500 | |
| 123 | +++ qtwebengine-everywhere-src-5.15.5/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h 2021-06-24 08:34:07.568783944 -0500 | |
| 124 | @@ -17,6 +17,7 @@ struct sock_fprog; | |
| 125 | struct rlimit64; | |
| 126 | struct cap_hdr; | |
| 127 | struct cap_data; | |
| 128 | +struct stat64; | |
| 129 | ||
| 130 | namespace sandbox { | |
| 131 | ||
| 132 | @@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig | |
| 133 | const struct sigaction* act, | |
| 134 | struct sigaction* oldact); | |
| 135 | ||
| 136 | +// Recent glibc rewrites fstat to fstatat. | |
| 137 | +SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf); | |
| 138 | + | |
| 139 | } // namespace sandbox | |
| 140 | ||
| 141 | #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ |