Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mozilla-sandbox-fips.patch
branchfirefox93
changeset 1165 e009fde1282b
parent 1164 bb219fd0d646
equal deleted inserted replaced
1164:bb219fd0d646 1165:e009fde1282b 
     2 Subject: allow Firefox to access addtional process information
 
     2 Subject: allow Firefox to access addtional process information
 
     3 References:
 
     3 References:
 
     4 http://bugzilla.suse.com/show_bug.cgi?id=1167132
 
     4 http://bugzilla.suse.com/show_bug.cgi?id=1167132
 
     5 bsc#1174284 - Firefox tab just crashed in FIPS mode
 
     5 bsc#1174284 - Firefox tab just crashed in FIPS mode
 
     6 
     6 
     7 diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
 
     7 Index: firefox-93.0/security/sandbox/linux/Sandbox.cpp
 
     8 --- a/security/sandbox/linux/Sandbox.cpp
 
     8 ===================================================================
 
     9 +++ b/security/sandbox/linux/Sandbox.cpp
 
     9 --- firefox-93.0.orig/security/sandbox/linux/Sandbox.cpp
 
    10 @@ -650,16 +650,17 @@ void SetMediaPluginSandbox(const char* a
 
    10 +++ firefox-93.0/security/sandbox/linux/Sandbox.cpp
 
    11      SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath,
 
    11 @@ -655,6 +655,7 @@ void SetMediaPluginSandbox(const char* a
 
    12                        strerror(errno));
 
       
    13      MOZ_CRASH("failed while trying to open the plugin file ");
 
       
    14    }
 
       
    15  
       
    16    auto files = new SandboxOpenedFiles();
 
    12    auto files = new SandboxOpenedFiles();
 
    17    files->Add(std::move(plugin));
 
    13    files->Add(std::move(plugin));
 
    18    files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);
 
    14    files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);
 
    19 +  files->Add("/dev/random", SandboxOpenedFile::Dup::YES);
 
    15 +  files->Add("/dev/random", SandboxOpenedFile::Dup::YES);
 
    20    files->Add("/etc/ld.so.cache");  // Needed for NSS in clearkey.
 
    16    files->Add("/etc/ld.so.cache");  // Needed for NSS in clearkey.
 
    21    files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
 
    17    files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
 
    22    files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
 
    18    files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
 
    23    files->Add("/proc/cpuinfo");  // Info also available via CPUID instruction.
 
    19 Index: firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 
    24    files->Add("/proc/sys/crypto/fips_enabled");  // Needed for NSS in clearkey.
 
    20 ===================================================================
 
    25  #ifdef __i386__
 
    21 --- firefox-93.0.orig/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 
    26    files->Add("/proc/self/auxv");  // Info also in process's address space.
 
    22 +++ firefox-93.0/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 
    27  #endif
 
    23 @@ -320,6 +320,8 @@ void SandboxBrokerPolicyFactory::InitCon
 
    28 diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 
       
    29 --- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 
       
    30 +++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
 
       
    31 @@ -315,16 +315,18 @@ void SandboxBrokerPolicyFactory::InitCon
 
       
    32      policy->AddDir(rdwr, "/dev/dri");
 
       
    33    }
 
       
    34  
       
    35    // Bug 1575985: WASM library sandbox needs RW access to /dev/null
 
       
    36    policy->AddPath(rdwr, "/dev/null");
 
       
    37  
    24  
    38    // Read permissions
 
    25    // Read permissions
 
    39    policy->AddPath(rdonly, "/dev/urandom");
 
    26    policy->AddPath(rdonly, "/dev/urandom");
 
    40 +  policy->AddPath(rdonly, "/dev/random");
 
    27 +  policy->AddPath(rdonly, "/dev/random");
 
    41 +  policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
 
    28 +  policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
 
    42    policy->AddPath(rdonly, "/proc/cpuinfo");
 
    29    policy->AddPath(rdonly, "/proc/cpuinfo");
 
    43    policy->AddPath(rdonly, "/proc/meminfo");
 
    30    policy->AddPath(rdonly, "/proc/meminfo");
 
    44    policy->AddDir(rdonly, "/sys/devices/cpu");
 
    31    policy->AddDir(rdonly, "/sys/devices/cpu");
 
    45    policy->AddDir(rdonly, "/sys/devices/system/cpu");
 
    32 @@ -792,6 +794,8 @@ SandboxBrokerPolicyFactory::GetSocketPro
 
    46    policy->AddDir(rdonly, "/lib");
 
    33    auto policy = MakeUnique<SandboxBroker::Policy>();
 
    47    policy->AddDir(rdonly, "/lib64");
 
    34  
    48    policy->AddDir(rdonly, "/usr/lib");
 
    35    policy->AddPath(rdonly, "/dev/urandom");
 
    49    policy->AddDir(rdonly, "/usr/lib32");
 
    36 +  policy->AddPath(rdonly, "/dev/random");
 
       
    37 +  policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
 
       
    38    policy->AddPath(rdonly, "/proc/cpuinfo");
 
       
    39    policy->AddPath(rdonly, "/proc/meminfo");
 
       
    40    policy->AddDir(rdonly, "/sys/devices/cpu");
mozilla