diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2019-09-25 12:02:40 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-09-25 12:03:34 +0000 |
| commit | 54af9f8ac24f52d382c5758e2445bf0206eff40e (patch) | |
| tree | daa4ea929788962f4bfde643ffe763e239a2b3c0 /community/chromium/musl-sandbox.patch | |
| parent | 39012086b781245da1db14e85b76fadafba7a827 (diff) | |
| download | aports-54af9f8ac24f52d382c5758e2445bf0206eff40e.tar.bz2 aports-54af9f8ac24f52d382c5758e2445bf0206eff40e.tar.xz | |
community/chromium: upgrade to 77.0.3865.75
use hwids rather than hwdata
Diffstat (limited to 'community/chromium/musl-sandbox.patch')
| -rw-r--r-- | community/chromium/musl-sandbox.patch | 61 |
1 files changed, 39 insertions, 22 deletions
diff --git a/community/chromium/musl-sandbox.patch b/community/chromium/musl-sandbox.patch index 5a7239fd9e..f485f6cc75 100644 --- a/community/chromium/musl-sandbox.patch +++ b/community/chromium/musl-sandbox.patch @@ -38,10 +38,10 @@ index 348ab6e..4550f9e 100644 .ElseIf(is_fork_or_clone_vfork, Error(EPERM)) .Else(CrashSIGSYSClone()); } -diff --git sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -index 7dbcc87..782be78 100644 ---- sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -+++ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +index 7dbcc87..589262f 100644 +--- ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc ++++ ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc @@ -391,6 +391,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { #if defined(__i386__) case __NR_waitpid: @@ -75,10 +75,10 @@ index 7dbcc87..782be78 100644 case __NR_msync: case __NR_munlockall: case __NR_readahead: -diff --git sandbox/linux/system_headers/arm64_linux_syscalls.h sandbox/linux/system_headers/arm64_linux_syscalls.h +diff --git a/sandbox/linux/system_headers/arm64_linux_syscalls.h b/sandbox/linux/system_headers/arm64_linux_syscalls.h index 59d0eab..7ae7002 100644 ---- sandbox/linux/system_headers/arm64_linux_syscalls.h -+++ sandbox/linux/system_headers/arm64_linux_syscalls.h +--- ./sandbox/linux/system_headers/arm64_linux_syscalls.h ++++ ./sandbox/linux/system_headers/arm64_linux_syscalls.h @@ -1063,4 +1063,8 @@ #define __NR_memfd_create 279 #endif @@ -88,10 +88,10 @@ index 59d0eab..7ae7002 100644 +#endif + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_ -diff --git sandbox/linux/system_headers/arm_linux_syscalls.h sandbox/linux/system_headers/arm_linux_syscalls.h +diff --git a/sandbox/linux/system_headers/arm_linux_syscalls.h b/sandbox/linux/system_headers/arm_linux_syscalls.h index 1addd53..7843b5e 100644 ---- sandbox/linux/system_headers/arm_linux_syscalls.h -+++ sandbox/linux/system_headers/arm_linux_syscalls.h +--- ./sandbox/linux/system_headers/arm_linux_syscalls.h ++++ ./sandbox/linux/system_headers/arm_linux_syscalls.h @@ -1385,6 +1385,10 @@ #define __NR_memfd_create (__NR_SYSCALL_BASE+385) #endif @@ -103,10 +103,10 @@ index 1addd53..7843b5e 100644 // ARM private syscalls. #if !defined(__ARM_NR_BASE) #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000) -diff --git sandbox/linux/system_headers/mips64_linux_syscalls.h sandbox/linux/system_headers/mips64_linux_syscalls.h +diff --git a/sandbox/linux/system_headers/mips64_linux_syscalls.h b/sandbox/linux/system_headers/mips64_linux_syscalls.h index ec75815..612fcfa 100644 ---- sandbox/linux/system_headers/mips64_linux_syscalls.h -+++ sandbox/linux/system_headers/mips64_linux_syscalls.h +--- ./sandbox/linux/system_headers/mips64_linux_syscalls.h ++++ ./sandbox/linux/system_headers/mips64_linux_syscalls.h @@ -1271,4 +1271,8 @@ #define __NR_memfd_create (__NR_Linux + 314) #endif @@ -116,10 +116,10 @@ index ec75815..612fcfa 100644 +#endif + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_ -diff --git sandbox/linux/system_headers/mips_linux_syscalls.h sandbox/linux/system_headers/mips_linux_syscalls.h +diff --git a/sandbox/linux/system_headers/mips_linux_syscalls.h b/sandbox/linux/system_headers/mips_linux_syscalls.h index ddbf97f..1742acd 100644 ---- sandbox/linux/system_headers/mips_linux_syscalls.h -+++ sandbox/linux/system_headers/mips_linux_syscalls.h +--- ./sandbox/linux/system_headers/mips_linux_syscalls.h ++++ ./sandbox/linux/system_headers/mips_linux_syscalls.h @@ -1433,4 +1433,8 @@ #define __NR_memfd_create (__NR_Linux + 354) #endif @@ -129,10 +129,10 @@ index ddbf97f..1742acd 100644 +#endif + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_ -diff --git sandbox/linux/system_headers/x86_32_linux_syscalls.h sandbox/linux/system_headers/x86_32_linux_syscalls.h +diff --git a/sandbox/linux/system_headers/x86_32_linux_syscalls.h b/sandbox/linux/system_headers/x86_32_linux_syscalls.h index a6afc62..7ed0a3b 100644 ---- sandbox/linux/system_headers/x86_32_linux_syscalls.h -+++ sandbox/linux/system_headers/x86_32_linux_syscalls.h +--- ./sandbox/linux/system_headers/x86_32_linux_syscalls.h ++++ ./sandbox/linux/system_headers/x86_32_linux_syscalls.h @@ -1422,5 +1422,9 @@ #define __NR_memfd_create 356 #endif @@ -143,10 +143,10 @@ index a6afc62..7ed0a3b 100644 + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_ -diff --git sandbox/linux/system_headers/x86_64_linux_syscalls.h sandbox/linux/system_headers/x86_64_linux_syscalls.h +diff --git a/sandbox/linux/system_headers/x86_64_linux_syscalls.h b/sandbox/linux/system_headers/x86_64_linux_syscalls.h index 349504a..ea3c7c9 100644 ---- sandbox/linux/system_headers/x86_64_linux_syscalls.h -+++ sandbox/linux/system_headers/x86_64_linux_syscalls.h +--- ./sandbox/linux/system_headers/x86_64_linux_syscalls.h ++++ ./sandbox/linux/system_headers/x86_64_linux_syscalls.h @@ -1290,5 +1290,9 @@ #define __NR_memfd_create 319 #endif @@ -157,3 +157,20 @@ index 349504a..ea3c7c9 100644 + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_ +diff --git a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc +index 017f13c..50aeec3 100644 +--- ./services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc ++++ ./services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc +@@ -88,10 +88,10 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const { + case __NR_sysinfo: + case __NR_times: + case __NR_uname: +- return Allow(); +- case __NR_sched_getaffinity: + case __NR_sched_getparam: + case __NR_sched_getscheduler: ++ return Allow(); ++ case __NR_sched_getaffinity: + case __NR_sched_setscheduler: + return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno); + case __NR_prlimit64: |