diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -699,10 +699,18 @@ Maybe EvaluateSocketCall(int aCall, bool aHasArgs) const override { switch (aCall) { case SYS_RECVMSG: case SYS_SENDMSG: + // These next four aren't needed for IPC or other core + // functionality at the time of this writing, but they're + // subsets of recvmsg/sendmsg so there's nothing gained by not + // allowing them here (and simplifying subclasses). + case SYS_RECVFROM: + case SYS_SENDTO: + case SYS_RECV: + case SYS_SEND: return Some(Allow()); case SYS_SOCKETPAIR: { // We try to allow "safe" (always connected) socketpairs when using the // file broker, or for content processes, but we may need to fall back @@ -1253,12 +1261,10 @@ ~ContentSandboxPolicy() override = default; Maybe EvaluateSocketCall(int aCall, bool aHasArgs) const override { switch (aCall) { - case SYS_RECVFROM: - case SYS_SENDTO: case SYS_SENDMMSG: // libresolv via libasyncns; see bug 1355274 return Some(Allow()); #ifdef ANDROID case SYS_SOCKET: @@ -1268,18 +1274,21 @@ case SYS_CONNECT: if (BelowLevel(4)) { return Some(Allow()); } return SandboxPolicyCommon::EvaluateSocketCall(aCall, aHasArgs); - case SYS_RECV: - case SYS_SEND: + + // FIXME (bug 1761134): sockopts should be filtered case SYS_GETSOCKOPT: case SYS_SETSOCKOPT: + // These next 3 were needed for X11; they may not be needed + // with X11 lockdown, but there's not much attack surface here. case SYS_GETSOCKNAME: case SYS_GETPEERNAME: case SYS_SHUTDOWN: return Some(Allow()); + case SYS_ACCEPT: case SYS_ACCEPT4: if (mUsingRenderDoc) { return Some(Allow()); } @@ -1908,26 +1917,19 @@ } Maybe EvaluateSocketCall(int aCall, bool aHasArgs) const override { switch (aCall) { + case SYS_SOCKET: + case SYS_CONNECT: case SYS_BIND: return Some(Allow()); - case SYS_SOCKET: - return Some(Allow()); - - case SYS_CONNECT: - return Some(Allow()); - - case SYS_RECVFROM: - case SYS_SENDTO: + // FIXME(bug 1641401) do we really need this? case SYS_SENDMMSG: return Some(Allow()); - case SYS_RECV: - case SYS_SEND: case SYS_GETSOCKOPT: case SYS_SETSOCKOPT: case SYS_GETSOCKNAME: case SYS_GETPEERNAME: case SYS_SHUTDOWN: