summaryrefslogtreecommitdiffstats
path: root/security/sandbox
diff options
context:
space:
mode:
Diffstat (limited to 'security/sandbox')
-rw-r--r--security/sandbox/chromium/sandbox/win/src/filesystem_policy.cc12
-rw-r--r--security/sandbox/chromium/sandbox/win/src/named_pipe_policy.cc1
-rw-r--r--security/sandbox/chromium/sandbox/win/src/process_thread_policy.cc1
-rw-r--r--security/sandbox/chromium/sandbox/win/src/registry_policy.cc4
-rw-r--r--security/sandbox/linux/SandboxFilter.cpp3
-rw-r--r--security/sandbox/mac/SandboxPolicies.h8
6 files changed, 23 insertions, 6 deletions
diff --git a/security/sandbox/chromium/sandbox/win/src/filesystem_policy.cc b/security/sandbox/chromium/sandbox/win/src/filesystem_policy.cc
index 9aa193e..15954f5 100644
--- a/security/sandbox/chromium/sandbox/win/src/filesystem_policy.cc
+++ b/security/sandbox/chromium/sandbox/win/src/filesystem_policy.cc
@@ -256,6 +256,7 @@ bool FileSystemPolicy::CreateFileAction(EvalResult eval_result,
HANDLE* handle,
NTSTATUS* nt_status,
ULONG_PTR* io_information) {
+ *handle = nullptr;
// The only action supported is ASK_BROKER which means create the requested
// file as specified.
if (ASK_BROKER != eval_result) {
@@ -288,11 +289,12 @@ bool FileSystemPolicy::OpenFileAction(EvalResult eval_result,
HANDLE* handle,
NTSTATUS* nt_status,
ULONG_PTR* io_information) {
+ *handle = nullptr;
// The only action supported is ASK_BROKER which means open the requested
// file as specified.
if (ASK_BROKER != eval_result) {
*nt_status = STATUS_ACCESS_DENIED;
- return true;
+ return false;
}
// An NtOpen is equivalent to an NtCreate with FileAttributes = 0 and
// CreateDisposition = FILE_OPEN.
@@ -323,7 +325,7 @@ bool FileSystemPolicy::QueryAttributesFileAction(
// file as specified.
if (ASK_BROKER != eval_result) {
*nt_status = STATUS_ACCESS_DENIED;
- return true;
+ return false;
}
NtQueryAttributesFileFunction NtQueryAttributesFile = NULL;
@@ -351,7 +353,7 @@ bool FileSystemPolicy::QueryFullAttributesFileAction(
// file as specified.
if (ASK_BROKER != eval_result) {
*nt_status = STATUS_ACCESS_DENIED;
- return true;
+ return false;
}
NtQueryFullAttributesFileFunction NtQueryFullAttributesFile = NULL;
@@ -380,7 +382,7 @@ bool FileSystemPolicy::SetInformationFileAction(EvalResult eval_result,
// file as specified.
if (ASK_BROKER != eval_result) {
*nt_status = STATUS_ACCESS_DENIED;
- return true;
+ return false;
}
NtSetInformationFileFunction NtSetInformationFile = NULL;
@@ -391,7 +393,7 @@ bool FileSystemPolicy::SetInformationFileAction(EvalResult eval_result,
::GetCurrentProcess(), &local_handle, 0, FALSE,
DUPLICATE_SAME_ACCESS)) {
*nt_status = STATUS_ACCESS_DENIED;
- return true;
+ return false;
}
base::win::ScopedHandle handle(local_handle);
diff --git a/security/sandbox/chromium/sandbox/win/src/named_pipe_policy.cc b/security/sandbox/chromium/sandbox/win/src/named_pipe_policy.cc
index eee719e..05a00d0 100644
--- a/security/sandbox/chromium/sandbox/win/src/named_pipe_policy.cc
+++ b/security/sandbox/chromium/sandbox/win/src/named_pipe_policy.cc
@@ -67,6 +67,7 @@ DWORD NamedPipePolicy::CreateNamedPipeAction(EvalResult eval_result,
DWORD in_buffer_size,
DWORD default_timeout,
HANDLE* pipe) {
+ *pipe = INVALID_HANDLE_VALUE;
// The only action supported is ASK_BROKER which means create the pipe.
if (ASK_BROKER != eval_result) {
return ERROR_ACCESS_DENIED;
diff --git a/security/sandbox/chromium/sandbox/win/src/process_thread_policy.cc b/security/sandbox/chromium/sandbox/win/src/process_thread_policy.cc
index 3cdaeb8..e635fef 100644
--- a/security/sandbox/chromium/sandbox/win/src/process_thread_policy.cc
+++ b/security/sandbox/chromium/sandbox/win/src/process_thread_policy.cc
@@ -253,6 +253,7 @@ DWORD ProcessPolicy::CreateThreadAction(
const DWORD creation_flags,
LPDWORD thread_id,
HANDLE* handle) {
+ *handle = NULL;
HANDLE local_handle =
::CreateRemoteThread(client_info.process, nullptr, stack_size,
start_address, parameter, creation_flags, thread_id);
diff --git a/security/sandbox/chromium/sandbox/win/src/registry_policy.cc b/security/sandbox/chromium/sandbox/win/src/registry_policy.cc
index d056c9c..7eb8e82 100644
--- a/security/sandbox/chromium/sandbox/win/src/registry_policy.cc
+++ b/security/sandbox/chromium/sandbox/win/src/registry_policy.cc
@@ -62,6 +62,7 @@ NTSTATUS NtCreateKeyInTarget(HANDLE* target_key_handle,
ULONG create_options,
ULONG* disposition,
HANDLE target_process) {
+ *target_key_handle = nullptr;
NtCreateKeyFunction NtCreateKey = NULL;
ResolveNTFunctionPtr("NtCreateKey", &NtCreateKey);
@@ -90,6 +91,7 @@ NTSTATUS NtOpenKeyInTarget(HANDLE* target_key_handle,
ACCESS_MASK desired_access,
OBJECT_ATTRIBUTES* obj_attributes,
HANDLE target_process) {
+ *target_key_handle = nullptr;
NtOpenKeyFunction NtOpenKey = NULL;
ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey);
@@ -213,7 +215,7 @@ bool RegistryPolicy::OpenKeyAction(EvalResult eval_result,
// file as specified.
if (ASK_BROKER != eval_result) {
*nt_status = STATUS_ACCESS_DENIED;
- return true;
+ return false;
}
UNICODE_STRING uni_name = {0};
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index 0f59f2a..de4119f 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -337,6 +337,9 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
case __NR_exit_group:
return Allow();
+ case __NR_getrandom:
+ return Allow();
+
#ifdef MOZ_ASAN
// ASAN's error reporter wants to know if stderr is a tty.
case __NR_ioctl: {
diff --git a/security/sandbox/mac/SandboxPolicies.h b/security/sandbox/mac/SandboxPolicies.h
index 5ef002b..e9f47c5 100644
--- a/security/sandbox/mac/SandboxPolicies.h
+++ b/security/sandbox/mac/SandboxPolicies.h
@@ -131,6 +131,8 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
(sysctl-name "kern.osversion")
(sysctl-name "kern.osrelease")
(sysctl-name "kern.version")
+ (sysctl-name "kern.tcsm_available")
+ (sysctl-name "kern.tcsm_enable")
; TODO: remove "kern.hostname". Without it the tests hang, but the hostname
; is arguably sensitive information, so we should see what can be done about
; removing it.
@@ -166,6 +168,9 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
(sysctl-name "machdep.cpu.stepping")
(sysctl-name "debug.intel.gstLevelGST")
(sysctl-name "debug.intel.gstLoaderControl")))
+ (if (> macosMinorVersion 9)
+ (allow sysctl-write
+ (sysctl-name "kern.tcsm_enable")))
(define (home-regex home-relative-regex)
(regex (string-append "^" (regex-quote home-path) home-relative-regex)))
@@ -319,6 +324,9 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
(allow user-preference-read (preference-domain "com.nvidia.OpenGL"))
(allow mach-lookup
(global-name "com.apple.cvmsServ"))
+ (if (>= macosMinorVersion 14)
+ (allow mach-lookup
+ (global-name "com.apple.MTLCompilerService")))
(allow iokit-open
(iokit-connection "IOAccelerator")
(iokit-user-client-class "IOAccelerationUserClient")