1140111 - readlink() is not white listed by sandbox on Lollipop Gonk

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, defect)

Description

[Sotaro Ikeda [:sotaro]]

readlink() is white listed by Bug 974227. But it seems not work on Lollipop Gonk.

See Bug 1137515 comment 14.

Comment 1

[Sotaro Ikeda [:sotaro]]

This bug blocks b2g:v2.2+ bug.

Comment 2

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Attachment: Patch: whitelist readlinkat.

Simple patch is simple; rs?(kang).

Sotaro, can you verify that this patch fixes the crash?  I have a Lollipop-capable device, but it looks like there are other patches needed to make WebRTC work on Lollipop in order to reproduce this bug.

Comment 3

[Guillaume Destuynder [:kang] [this account is no longer active]]

Comment on attachment 8573646 [details] [diff] [review]
Patch: whitelist readlinkat.

Review of attachment 8573646 [details] [diff] [review]:
-----------------------------------------------------------------

rather similar risk with both readlink/readlinkat

Comment 4

[Sotaro Ikeda [:sotaro]]

Comment on attachment 8573646 [details] [diff] [review]
Patch: whitelist readlinkat.

Thanks! I confirmed the fix by applying the patch.

Comment 5

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=5383b3c7928b

Comment 6

[Randell Jesup [:jesup] (needinfo me)]

 https://hg.mozilla.org/integration/mozilla-inbound/rev/dca901fa0641

Comment 7

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/mozilla-central/rev/dca901fa0641

Comment 8

[Sotaro Ikeda [:sotaro]]

Jed, could the patch be uplifted to b2g v2.2?

Comment 9

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

(In reply to Sotaro Ikeda [:sotaro] from comment #8)
> Jed, could the patch be uplifted to b2g v2.2?

Yes.  It will merge more cleanly if the patch from bug 1134942 is uplifted first — and I think we'd need that one on v2.2 as well, if we're supporting Lollipop there?

Comment 10

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

(In reply to Jed Davis [:jld] from comment #9)
> (In reply to Sotaro Ikeda [:sotaro] from comment #8)
> > Jed, could the patch be uplifted to b2g v2.2?
> 
> Yes.

…on second thought, I should do a try run to make sure the new syscall names don't break any of the builds; there are some changes to the Chromium headers that I think weren't on the 37 branch.

Comment 11

[Sotaro Ikeda [:sotaro]]

Yes, lollipos support of b2g-v2.2 is necessary. Bug 1094121 is a meta bug of supporting lollipop.

 - Bug 1094121 - (gonk-L) [meta] Android L Porting for B2G

Comment 12

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Comment on attachment 8573646 [details] [diff] [review]
Patch: whitelist readlinkat.

NOTE: please apply this patch after the one from bug 1134942 to avoid unnecessary merge conflicts.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 1094121
User impact if declined: App crashes and test failures on B2G Lollipop; WebRTC and window.crypto.subtle are known to be affected.
Testing completed: https://treeherder.mozilla.org/#/jobs?repo=try&revision=9f3a4230cd05 
Risk to taking this patch (and alternatives if risky): None; it just causes system calls to succeed that would previously result in a crash.
String or UUID changes made by this patch: None.

Comment 13

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

(In reply to Jed Davis [:jld] from comment #12)
> Testing completed:
> https://treeherder.mozilla.org/#/jobs?repo=try&revision=9f3a4230cd05 

Also, built locally for nexus-5-l and verified it fixes bug 1141472.

Comment 14

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/b06c5b277f30