From 936433a5deb6ccc8f8476096f2c2b8dc72c33388 Mon Sep 17 00:00:00 2001
From: zorz <zorz@krypt.sh>
Date: Thu, 2 Apr 2026 01:11:55 +0300
Subject: chromium musl

---
 chromium/patches/016-musl-sandbox.patch | 113 ++++++++++++++++++++++++++++++++
 1 file changed, 113 insertions(+)
 create mode 100644 chromium/patches/016-musl-sandbox.patch

(limited to 'chromium/patches/016-musl-sandbox.patch')

diff --git a/chromium/patches/016-musl-sandbox.patch b/chromium/patches/016-musl-sandbox.patch
new file mode 100644
index 0000000..41abc50
--- /dev/null
+++ b/chromium/patches/016-musl-sandbox.patch
@@ -0,0 +1,113 @@
+musl uses different syscalls from glibc for some functions, so the sandbox has
+to account for that
+--
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+index ff5a1c0..da56b9b 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
++++ ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+@@ -139,21 +139,11 @@ namespace sandbox {
+ // present (as in newer versions of posix_spawn).
+ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+   const Arg<unsigned long> flags(0);
+-
+-  // TODO(mdempsky): Extend DSL to support (flags & ~mask1) == mask2.
+-  const uint64_t kAndroidCloneMask = CLONE_VM | CLONE_FS | CLONE_FILES |
+-                                     CLONE_SIGHAND | CLONE_THREAD |
+-                                     CLONE_SYSVSEM;
+-  const uint64_t kObsoleteAndroidCloneMask = kAndroidCloneMask | CLONE_DETACHED;
+-
+-  const uint64_t kGlibcPthreadFlags =
+-      CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_THREAD |
+-      CLONE_SYSVSEM | CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID;
+-  const BoolExpr glibc_test = flags == kGlibcPthreadFlags;
+-
+-  const BoolExpr android_test =
+-      AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
+-            flags == kGlibcPthreadFlags);
++  const int required = CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
++                       CLONE_THREAD | CLONE_SYSVSEM;
++  const int safe = CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |
++                   CLONE_DETACHED;
++  const BoolExpr thread_clone_ok = (flags&~safe)==required;
+ 
+   // The following two flags are the two important flags in any vfork-emulating
+   // clone call. EPERM any clone call that contains both of them.
+@@ -163,7 +153,7 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+       AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
+             (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
+ 
+-  return If(IsAndroid() ? android_test : glibc_test, Allow())
++  return If(thread_clone_ok, Allow())
+       .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
+       .Else(CrashSIGSYSClone());
+ }
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+index d9d1882..0567557 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
++++ ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+@@ -392,6 +392,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
+ #if defined(__i386__)
+     case __NR_waitpid:
+ #endif
++    case __NR_set_tid_address:
+       return true;
+     case __NR_clone:  // Should be parameter-restricted.
+     case __NR_setns:  // Privileged.
+@@ -404,7 +405,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+     case __NR_set_thread_area:
+ #endif
+-    case __NR_set_tid_address:
+     case __NR_unshare:
+ #if !defined(__mips__) && !defined(__aarch64__)
+     case __NR_vfork:
+@@ -514,6 +514,8 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
+     case __NR_munlock:
+     case __NR_munmap:
+     case __NR_mseal:
++    case __NR_mremap:
++    case __NR_membarrier:
+       return true;
+     case __NR_madvise:
+     case __NR_mincore:
+@@ -531,7 +533,6 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
+     case __NR_modify_ldt:
+ #endif
+     case __NR_mprotect:
+-    case __NR_mremap:
+     case __NR_msync:
+     case __NR_munlockall:
+     case __NR_readahead:
+--- a/sandbox/policy/linux/bpf_renderer_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_renderer_policy_linux.cc
+@@ -94,6 +94,10 @@
+     case __NR_pwrite64:
++    case __NR_pwritev2:
+     case __NR_sched_get_priority_max:
+     case __NR_sched_get_priority_min:
++    case __NR_sched_getparam:
++    case __NR_sched_getscheduler:
++    case __NR_sched_setscheduler:
+     case __NR_sysinfo:
+     case __NR_times:
+     case __NR_uname:
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -225,10 +225,15 @@
+   if (sysno == __NR_getpriority || sysno ==__NR_setpriority)
+     return RestrictGetSetpriority(current_pid);
+ 
++  // XXX: hacks for musl sandbox, calls needed?
++  if (sysno == __NR_sched_getparam || sysno == __NR_sched_getscheduler ||
++      sysno == __NR_sched_setscheduler) {
++    return Allow();
++  }
++
+   // The scheduling syscalls are used in threading libraries and also heavily in
+   // abseil. See for example https://crbug.com/1370394.
+-  if (sysno == __NR_sched_getaffinity || sysno == __NR_sched_getparam ||
+-      sysno == __NR_sched_getscheduler || sysno == __NR_sched_setscheduler) {
++  if (sysno == __NR_sched_getaffinity) {
+     return RestrictSchedTarget(current_pid, sysno);
+   }
+ 
-- 
cgit v1.2.3