diff -up firefox-101.0/security/sandbox/linux/SandboxFilter.cpp.D146271.diff firefox-101.0/security/sandbox/linux/SandboxFilter.cpp --- firefox-101.0/security/sandbox/linux/SandboxFilter.cpp.D146271.diff 2022-05-27 01:16:59.000000000 +0200 +++ firefox-101.0/security/sandbox/linux/SandboxFilter.cpp 2022-06-09 09:59:35.569235176 +0200 @@ -125,28 +125,12 @@ namespace mozilla { // denied if no broker client is provided by the concrete class. class SandboxPolicyCommon : public SandboxPolicyBase { protected: - enum class ShmemUsage : uint8_t { - MAY_CREATE, - ONLY_USE, - }; - - enum class AllowUnsafeSocketPair : uint8_t { - NO, - YES, - }; - + // Subclasses can assign these in their constructors to loosen the + // default settings. SandboxBrokerClient* mBroker = nullptr; bool mMayCreateShmem = false; bool mAllowUnsafeSocketPair = false; - explicit SandboxPolicyCommon(SandboxBrokerClient* aBroker, - ShmemUsage aShmemUsage, - AllowUnsafeSocketPair aAllowUnsafeSocketPair) - : mBroker(aBroker), - mMayCreateShmem(aShmemUsage == ShmemUsage::MAY_CREATE), - mAllowUnsafeSocketPair(aAllowUnsafeSocketPair == - AllowUnsafeSocketPair::YES) {} - SandboxPolicyCommon() = default; typedef const sandbox::arch_seccomp_data& ArgsRef; @@ -1228,11 +1212,13 @@ class ContentSandboxPolicy : public Sand public: ContentSandboxPolicy(SandboxBrokerClient* aBroker, ContentProcessSandboxParams&& aParams) - : SandboxPolicyCommon(aBroker, ShmemUsage::MAY_CREATE, - AllowUnsafeSocketPair::YES), - mParams(std::move(aParams)), + : mParams(std::move(aParams)), mAllowSysV(PR_GetEnv("MOZ_SANDBOX_ALLOW_SYSV") != nullptr), - mUsingRenderDoc(PR_GetEnv("RENDERDOC_CAPTUREOPTS") != nullptr) {} + mUsingRenderDoc(PR_GetEnv("RENDERDOC_CAPTUREOPTS") != nullptr) { + mBroker = aBroker; + mMayCreateShmem = true; + mAllowUnsafeSocketPair = true; + } ~ContentSandboxPolicy() override = default; @@ -1762,9 +1748,10 @@ UniquePtr GetM // segments, so it may need file brokering. class RDDSandboxPolicy final : public SandboxPolicyCommon { public: - explicit RDDSandboxPolicy(SandboxBrokerClient* aBroker) - : SandboxPolicyCommon(aBroker, ShmemUsage::MAY_CREATE, - AllowUnsafeSocketPair::NO) {} + explicit RDDSandboxPolicy(SandboxBrokerClient* aBroker) { + mBroker = aBroker; + mMayCreateShmem = true; + } #ifndef ANDROID Maybe EvaluateIpcCall(int aCall, int aArgShift) const override { @@ -1875,9 +1862,10 @@ UniquePtr GetD // the SocketProcess sandbox looks like. class SocketProcessSandboxPolicy final : public SandboxPolicyCommon { public: - explicit SocketProcessSandboxPolicy(SandboxBrokerClient* aBroker) - : SandboxPolicyCommon(aBroker, ShmemUsage::MAY_CREATE, - AllowUnsafeSocketPair::NO) {} + explicit SocketProcessSandboxPolicy(SandboxBrokerClient* aBroker) { + mBroker = aBroker; + mMayCreateShmem = true; + } static intptr_t FcntlTrap(const sandbox::arch_seccomp_data& aArgs, void* aux) { @@ -2013,9 +2001,10 @@ UniquePtr GetS class UtilitySandboxPolicy : public SandboxPolicyCommon { public: - explicit UtilitySandboxPolicy(SandboxBrokerClient* aBroker) - : SandboxPolicyCommon(aBroker, ShmemUsage::MAY_CREATE, - AllowUnsafeSocketPair::NO) {} + explicit UtilitySandboxPolicy(SandboxBrokerClient* aBroker) { + mBroker = aBroker; + mMayCreateShmem = true; + } ResultExpr PrctlPolicy() const override { Arg op(0);