Tor Browser's AppArmor policy should not allow access to /dev/dri

Originally created by @cypherpunks on #11547 (Redmine)

Currently, the torbrowser policy includes <abstractions/gnome>, which includes <abstractions/X>, which whitelists /dev/dri. Because the amnesia user is in the video group, all the dangerous ioctls are permitted. That on its own is bad enough, but there really shouldn’t be a need for Tor browser to access DRM nodes, unless you’re using hardware acceleration or something like WebGL or Flash. They are a gigantic source of vulnerabilities in the kernel when they can be accessed without special permissions. The X server already provides standard hardware acceleration (it’s not like disabling the DRM nodes is gonna give the browser VESA performance), so there should range from no perf hit at all, to no noticable perf hit.

Attachments

disallow-dri.patch

Related issues

Blocked by #12609 (closed)

Edited May 21, 2020 by cypherpunks

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information