Bug 1895429 - Allow getcwd (making it fail) in all sandboxed processes. r=jld

Currently, only content processes are covered, but when a rust panic
occurs, it will use getcwd to try to print relative paths in backtraces,
and when that happens in some other process (e.g. the socket process),
the rejection aborts the process in the middle of rust trying to
print a backtrace.

Differential Revision: https://phabricator.services.mozilla.com/D209625

security/sandbox/common/test/SandboxTestingChildTests.h

@@ -711,6 +711,13 @@ void RunTestsRDD(SandboxTestingChild* child) {
     return mknod("/dev/null", S_IFCHR | 0666, makedev(1, 3));
   });
 
+  // Rust panics call getcwd to try to print relative paths in
+  // backtraces.
+  child->ErrnoValueTest("getcwd"_ns, ENOENT, [] {
+    char buf[4096];
+    return (getcwd(buf, sizeof(buf)) == nullptr) ? -1 : 0;
+  });
+
   // nvidia defines some ioctls with the type 0x46 ('F', otherwise
   // used by fbdev) and numbers starting from 200 (0xc8).
   child->ErrnoValueTest("ioctl_nvidia"_ns, ENOTTY,

security/sandbox/linux/SandboxFilter.cpp

@@ -1235,6 +1235,13 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
       CASES_FOR_statfs:
         return Trap(StatFsTrap, nullptr);
 
+        // GTK's theme parsing tries to getcwd() while sandboxed, but
+        // only during Talos runs.
+        // Also, Rust panics call getcwd to try to print relative paths
+        // in backtraces.
+      case __NR_getcwd:
+        return Error(ENOENT);
+
       default:
         return SandboxPolicyBase::EvaluateSyscall(sysno);
     }
@@ -1382,11 +1389,6 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
       case __NR_getppid:
         return Trap(GetPPidTrap, nullptr);
 
-        // GTK's theme parsing tries to getcwd() while sandboxed, but
-        // only during Talos runs.
-      case __NR_getcwd:
-        return Error(ENOENT);
-
 #  ifdef MOZ_PULSEAUDIO
       CASES_FOR_fchown:
       case __NR_fchmod: