Commit 4f0cfffd authored Aug 29, 2023 by Jed Davis

Bug 1848615 - Adjust Linux content sandbox policy so that ICU can get the...

Bug 1848615 - Adjust Linux content sandbox policy so that ICU can get the canonical time zone. r=gcp a=pascalc

ICU version 73 (bug 1824744) has [a change to call realpath][icu-2323]
rather than just readlink on `/etc/localtime`, meaning that it needs to
be able to readlink every directory involved in path resolution.  In
particular, for a symlink into `/usr/share/zoneinfo`, this includes
`/usr`, which is blocked by the content sandbox policy.

Currently, the file broker requires `MAY_READ` permission to allow
readlink, so we grant that on `/usr` and `/nix` (there will be a
similar issue with symlinks to `/nix/store/...`).  Note that this
applies only to those directories themselves, not files within them.

This also means that the process can open those directories for reading
(i.e., readdir), but that should be relatively low-impact compared to
the information that's already exposed.

[icu-2323]: https://github.com/unicode-org/icu/pull/2323

Differential Revision: https://phabricator.services.mozilla.com/D186584

parent 3cfee9f6

security/sandbox/common/test/SandboxTestingChildTests.h

+7 −1

Original line number	Diff line number	Diff line
		@@ -509,6 +509,12 @@ void RunTestsContent(SandboxTestingChild* child) {
		}
		}
		# endif // MOZ_X11

		child->ErrnoTest("realpath localtime"_ns, true, [] {
		char buf[PATH_MAX];
		return realpath("/etc/localtime", buf) ? 0 : -1;
		});

		# endif // XP_LINUX

		# ifdef XP_MACOSX

security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp

+4 −0

Original line number	Diff line number	Diff line
		@@ -452,6 +452,10 @@ void SandboxBrokerPolicyFactory::InitContentPolicy() {
		policy->AddDir(rdonly, "/run/host/local-fonts");
		policy->AddDir(rdonly, "/var/cache/fontconfig");

		// Bug 1848615
		policy->AddPath(rdonly, "/usr");
		policy->AddPath(rdonly, "/nix");

		AddLdconfigPaths(policy);
		AddLdLibraryEnvPaths(policy);