diff options
Diffstat (limited to 'community/chromium/musl-sandbox.patch')
| -rw-r--r-- | community/chromium/musl-sandbox.patch | 50 |
1 files changed, 10 insertions, 40 deletions
diff --git a/community/chromium/musl-sandbox.patch b/community/chromium/musl-sandbox.patch index f485f6cc75..0807aefd55 100644 --- a/community/chromium/musl-sandbox.patch +++ b/community/chromium/musl-sandbox.patch @@ -1,8 +1,6 @@ -diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -index 348ab6e..4550f9e 100644 --- ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +++ ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -@@ -139,21 +139,11 @@ namespace sandbox { +@@ -139,21 +139,11 @@ // present (as in newer versions of posix_spawn). ResultExpr RestrictCloneToThreadsAndEPERMFork() { const Arg<unsigned long> flags(0); @@ -29,7 +27,7 @@ index 348ab6e..4550f9e 100644 // The following two flags are the two important flags in any vfork-emulating // clone call. EPERM any clone call that contains both of them. -@@ -163,7 +153,7 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() { +@@ -163,7 +153,7 @@ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0, (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags); @@ -38,11 +36,9 @@ index 348ab6e..4550f9e 100644 .ElseIf(is_fork_or_clone_vfork, Error(EPERM)) .Else(CrashSIGSYSClone()); } -diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -index 7dbcc87..589262f 100644 --- ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +++ ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -@@ -391,6 +391,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { +@@ -392,6 +392,7 @@ #if defined(__i386__) case __NR_waitpid: #endif @@ -50,7 +46,7 @@ index 7dbcc87..589262f 100644 return true; case __NR_clone: // Should be parameter-restricted. case __NR_setns: // Privileged. -@@ -403,7 +404,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { +@@ -404,7 +405,6 @@ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) case __NR_set_thread_area: #endif @@ -58,7 +54,7 @@ index 7dbcc87..589262f 100644 case __NR_unshare: #if !defined(__mips__) && !defined(__aarch64__) case __NR_vfork: -@@ -513,6 +513,8 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { +@@ -514,6 +514,8 @@ case __NR_mlock: case __NR_munlock: case __NR_munmap: @@ -67,7 +63,7 @@ index 7dbcc87..589262f 100644 return true; case __NR_madvise: case __NR_mincore: -@@ -530,7 +532,6 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { +@@ -531,7 +533,6 @@ case __NR_modify_ldt: #endif case __NR_mprotect: @@ -75,8 +71,6 @@ index 7dbcc87..589262f 100644 case __NR_msync: case __NR_munlockall: case __NR_readahead: -diff --git a/sandbox/linux/system_headers/arm64_linux_syscalls.h b/sandbox/linux/system_headers/arm64_linux_syscalls.h -index 59d0eab..7ae7002 100644 --- ./sandbox/linux/system_headers/arm64_linux_syscalls.h +++ ./sandbox/linux/system_headers/arm64_linux_syscalls.h @@ -1063,4 +1063,8 @@ @@ -88,8 +82,6 @@ index 59d0eab..7ae7002 100644 +#endif + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_ -diff --git a/sandbox/linux/system_headers/arm_linux_syscalls.h b/sandbox/linux/system_headers/arm_linux_syscalls.h -index 1addd53..7843b5e 100644 --- ./sandbox/linux/system_headers/arm_linux_syscalls.h +++ ./sandbox/linux/system_headers/arm_linux_syscalls.h @@ -1385,6 +1385,10 @@ @@ -97,14 +89,12 @@ index 1addd53..7843b5e 100644 #endif +#if !defined(__NR_membarrier) -+#define __NR_membarrier (__NR_SYSCALL_BASE+389) ++#define __NR_membarrier (__NR_SYSCALL_BASE389) +#endif + // ARM private syscalls. #if !defined(__ARM_NR_BASE) #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000) -diff --git a/sandbox/linux/system_headers/mips64_linux_syscalls.h b/sandbox/linux/system_headers/mips64_linux_syscalls.h -index ec75815..612fcfa 100644 --- ./sandbox/linux/system_headers/mips64_linux_syscalls.h +++ ./sandbox/linux/system_headers/mips64_linux_syscalls.h @@ -1271,4 +1271,8 @@ @@ -112,12 +102,10 @@ index ec75815..612fcfa 100644 #endif +#if !defined(__NR_membarrier) -+#define __NR_membarrier (__NR_Linux + 318) ++#define __NR_membarrier (__NR_Linux 318) +#endif + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_ -diff --git a/sandbox/linux/system_headers/mips_linux_syscalls.h b/sandbox/linux/system_headers/mips_linux_syscalls.h -index ddbf97f..1742acd 100644 --- ./sandbox/linux/system_headers/mips_linux_syscalls.h +++ ./sandbox/linux/system_headers/mips_linux_syscalls.h @@ -1433,4 +1433,8 @@ @@ -125,26 +113,10 @@ index ddbf97f..1742acd 100644 #endif +#if !defined(__NR_membarrier) -+#define __NR_membarrier (__NR_Linux + 358) ++#define __NR_membarrier (__NR_Linux 358) +#endif + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_ -diff --git a/sandbox/linux/system_headers/x86_32_linux_syscalls.h b/sandbox/linux/system_headers/x86_32_linux_syscalls.h -index a6afc62..7ed0a3b 100644 ---- ./sandbox/linux/system_headers/x86_32_linux_syscalls.h -+++ ./sandbox/linux/system_headers/x86_32_linux_syscalls.h -@@ -1422,5 +1422,9 @@ - #define __NR_memfd_create 356 - #endif - -+#if !defined(__NR_membarrier) -+#define __NR_membarrier 375 -+#endif -+ - #endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_ - -diff --git a/sandbox/linux/system_headers/x86_64_linux_syscalls.h b/sandbox/linux/system_headers/x86_64_linux_syscalls.h -index 349504a..ea3c7c9 100644 --- ./sandbox/linux/system_headers/x86_64_linux_syscalls.h +++ ./sandbox/linux/system_headers/x86_64_linux_syscalls.h @@ -1290,5 +1290,9 @@ @@ -157,11 +129,9 @@ index 349504a..ea3c7c9 100644 + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_ -diff --git a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc -index 017f13c..50aeec3 100644 --- ./services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc +++ ./services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc -@@ -88,10 +88,10 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const { +@@ -88,10 +88,10 @@ case __NR_sysinfo: case __NR_times: case __NR_uname: |