gecko/security
Jed Davis d7d8d94afd Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith
Relatively harmless syscalls:
* dup, used by mozilla::ipc::Shmem
* getuid, for android::IPCThreadState, used in audio decode
* nanosleep, used by android::AudioTrack

Of potential concern:
* sched_setscheduler, used by audio threads in e.g. CubeVid
  This might be restrictable somewhat by inspecting its arguments.

Of serious concern:
* unlink, as a workaround for bug 906996 (q.v.).

Note that we already allow open(), including for writing (temporary
files, /dev/genlock on qcom devices, probably more), so allowing unlink
won't make the situation much worse.
2013-09-06 09:13:59 -04:00
..
build Bug 912293 - Remove now redundant boilerplate from Makefile.in. r=gps 2013-09-05 09:01:46 +09:00
manager Bug 910989. Remove nsTHashtable::Init, fallible allocation, and MT hashtables. r=ehsan,bsmedberg 2013-09-02 20:41:57 +12:00
nss Bug 880543: Update NSS to NSS_3_15_2_BETA1, mainly to pick up AES-GCM 2013-08-23 16:19:36 -07:00
patches Bug 713933: Add the NSS patch for this bug (rather than the PSM patch 2013-08-01 15:49:16 -07:00
sandbox Bug 908907 - Fill in gaps in seccomp-bpf whitelist for b2g. r=kang, r=bsmith 2013-09-06 09:13:59 -04:00