diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index 4b070ce0c9b8..d5f3a765e47d 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -22,6 +23,8 @@ #include #include #include +// This has to go after for annoying reasons +#include #include #include @@ -2231,16 +2234,21 @@ class SocketProcessSandboxPolicy final : public SandboxPolicyCommon { auto shifted_type = request & kIoctlTypeMask; // Rust's stdlib seems to use FIOCLEX instead of equivalent fcntls. - return If(request == FIOCLEX, Allow()) + return Switch(request) + .Case(FIOCLEX, Allow()) // Rust's stdlib also uses FIONBIO instead of equivalent fcntls. - .ElseIf(request == FIONBIO, Allow()) + .Case(FIONBIO, Allow()) // This is used by PR_Available in nsSocketInputStream::Available. - .ElseIf(request == FIONREAD, Allow()) - // Allow anything that isn't a tty ioctl (if level < 2) - .ElseIf( - BelowLevel(2) ? shifted_type != kTtyIoctls : BoolConst(false), - Allow()) - .Else(SandboxPolicyCommon::EvaluateSyscall(sysno)); + .Case(FIONREAD, Allow()) + // WebRTC needs interface information (bug 1975576) + .Cases({SIOCGIFNAME, SIOCGIFFLAGS, SIOCETHTOOL, SIOCGIWRATE}, + Allow()) + .Default( + // Allow anything that isn't a tty ioctl (if level < 2) + If(BelowLevel(2) ? shifted_type != kTtyIoctls + : BoolConst(false), + Allow()) + .Else(SandboxPolicyCommon::EvaluateSyscall(sysno))); } CASES_FOR_fcntl: {