Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(757)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Issue 1071273002: NotForReview: Implement zero/one-copy texture for ozone freon using Intel DRM Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: depends on https://codereview.chromium.org/1134993003/ Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/renderer_host/render_process_host_impl.cc ('k') | ui/ozone/platform/drm/common/native_pixmap_manager_gbm.cc » ('j') | ui/ozone/platform/drm/gpu/intel_drm_pixmap.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index dec1b355f212e5da6ee535b90b5c81e25887b210..fcc0dba1b9b0bff938b2d4f5e209e75a29a0b2b2 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -37,6 +37,7 @@
#include <sys/ioctl.h>
#if defined(USE_OZONE)
#include <drm.h>
+#include <libdrm/i915_drm.h>
#endif
#endif
@@ -166,8 +167,41 @@ ResultExpr RestrictIoctl() {
.CASES((DRM_IOCTL_MODE_DESTROY_DUMB, DRM_IOCTL_MODE_MAP_DUMB,
DRM_IOCTL_PRIME_FD_TO_HANDLE),
Allow())
-#endif
+ .CASES((DRM_IOCTL_GEM_CLOSE,
+ DRM_IOCTL_PRIME_FD_TO_HANDLE,
+ DRM_IOCTL_PRIME_HANDLE_TO_FD,
+ DRM_IOCTL_I915_GEM_GET_APERTURE,
+ DRM_IOCTL_I915_GEM_BUSY,
+ DRM_IOCTL_I915_GEM_MADVISE,
+ DRM_IOCTL_I915_GEM_CREATE,
+ DRM_IOCTL_I915_GEM_USERPTR,
+ DRM_IOCTL_GEM_OPEN,
+ DRM_IOCTL_I915_GEM_GET_TILING,
+ DRM_IOCTL_GEM_CLOSE,
+ DRM_IOCTL_I915_GEM_MMAP,
+ DRM_IOCTL_I915_GEM_SET_DOMAIN,
+ DRM_IOCTL_I915_GEM_MMAP_GTT,
+ DRM_IOCTL_I915_GEM_SET_DOMAIN,
+ DRM_IOCTL_I915_GEM_SW_FINISH,
+ DRM_IOCTL_I915_GEM_USERPTR,
+ DRM_IOCTL_I915_GEM_PWRITE,
+ DRM_IOCTL_I915_GET_PIPE_FROM_CRTC_ID,
+ DRM_IOCTL_I915_GEM_PREAD,
+ DRM_IOCTL_I915_GEM_WAIT,
+ DRM_IOCTL_I915_GEM_SET_DOMAIN,
+ DRM_IOCTL_I915_GEM_GET_TILING,
+ DRM_IOCTL_GEM_FLINK,
+ DRM_IOCTL_I915_GETPARAM,
+ DRM_IOCTL_GEM_CLOSE,
+ DRM_IOCTL_MODE_OBJ_GETPROPERTIES), Allow())
+ // Above IOCTL codes were sufficient 3 months ago, but now other codes
+ // are needed. I guess mini GBM implementation began using others.
+ // mini GBM is moving target, so it's difficult for Chromium
+ // to white-list IOCTL codes completely.
+ .Default(Allow());
+#else
.Default(CrashSIGSYSIoctl());
+#endif
}
ResultExpr RestrictMmapFlags() {
« no previous file with comments | « content/browser/renderer_host/render_process_host_impl.cc ('k') | ui/ozone/platform/drm/common/native_pixmap_manager_gbm.cc » ('j') | ui/ozone/platform/drm/gpu/intel_drm_pixmap.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698