Chromium Code Reviews Chromium Code Reviews
Issue 1542013005:
Add a new driver bug workaround SANDBOX_START_EARLY
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 | 50 |
| 51 inline bool IsArchitectureArm() { | 51 inline bool IsArchitectureArm() { |
| 52 #if defined(__arm__) || defined(__aarch64__) | 52 #if defined(__arm__) || defined(__aarch64__) |
| 53 return true; | 53 return true; |
| 54 #else | 54 #else |
| 55 return false; | 55 return false; |
| 56 #endif | 56 #endif |
| 57 } | 57 } |
| 58 | 58 |
| 59 void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) { | 59 void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) { |
| 60 // XXX: Generalize CrosArmGpuProcessPolicy to a new | |
|
Ken Russell (switch to Gerrit)
2016/05/04 20:36:17
TODO(j.isorce@samsung.com) instead of XXX, here an
| |
| 61 // GpuProcessPolicyEarlySandbox and move that part to IsArchitectureArm() | |
| 62 | |
| 60 // Device file needed by the ARM GPU userspace. | 63 // Device file needed by the ARM GPU userspace. |
| 61 static const char kMali0Path[] = "/dev/mali0"; | 64 static const char kMali0Path[] = "/dev/mali0"; |
| 62 | 65 |
| 63 // Image processor used on ARM platforms. | 66 // Image processor used on ARM platforms. |
| 64 static const char kDevImageProc0Path[] = "/dev/image-proc0"; | 67 static const char kDevImageProc0Path[] = "/dev/image-proc0"; |
| 65 | 68 |
| 66 permissions->push_back(BrokerFilePermission::ReadWrite(kMali0Path)); | 69 permissions->push_back(BrokerFilePermission::ReadWrite(kMali0Path)); |
| 67 permissions->push_back(BrokerFilePermission::ReadWrite(kDevImageProc0Path)); | 70 permissions->push_back(BrokerFilePermission::ReadWrite(kDevImageProc0Path)); |
| 68 } | 71 } |
| 69 | 72 |
| 70 void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) { | 73 void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) { |
| 74 // XXX: Generalize CrosArmGpuProcessPolicy to a new | |
| 75 // GpuProcessPolicyEarlySandbox and move that part to IsArchitectureArm() | |
| 71 // On ARM we're enabling the sandbox before the X connection is made, | 76 // On ARM we're enabling the sandbox before the X connection is made, |
| 72 // so we need to allow access to |.Xauthority|. | 77 // so we need to allow access to |.Xauthority|. |
| 73 static const char kXAuthorityPath[] = "/home/chronos/.Xauthority"; | 78 static const char kXAuthorityPath[] = "/home/chronos/.Xauthority"; |
| 74 static const char kLdSoCache[] = "/etc/ld.so.cache"; | 79 static const char kLdSoCache[] = "/etc/ld.so.cache"; |
| 75 | 80 |
| 76 // Files needed by the ARM GPU userspace. | 81 // Files needed by the ARM GPU userspace. |
| 77 static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2"; | 82 static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2"; |
| 78 static const char kLibEglPath[] = "/usr/lib/libEGL.so.1"; | 83 static const char kLibEglPath[] = "/usr/lib/libEGL.so.1"; |
| 79 | 84 |
| 80 permissions->push_back(BrokerFilePermission::ReadOnly(kXAuthorityPath)); | 85 permissions->push_back(BrokerFilePermission::ReadOnly(kXAuthorityPath)); |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 152 } | 157 } |
| 153 | 158 |
| 154 bool CrosArmGpuProcessPolicy::PreSandboxHook() { | 159 bool CrosArmGpuProcessPolicy::PreSandboxHook() { |
| 155 DCHECK(IsChromeOS() && IsArchitectureArm()); | 160 DCHECK(IsChromeOS() && IsArchitectureArm()); |
| 156 // Create a new broker process. | 161 // Create a new broker process. |
| 157 DCHECK(!broker_process()); | 162 DCHECK(!broker_process()); |
| 158 | 163 |
| 159 // Add ARM-specific files to whitelist in the broker. | 164 // Add ARM-specific files to whitelist in the broker. |
| 160 std::vector<BrokerFilePermission> permissions; | 165 std::vector<BrokerFilePermission> permissions; |
| 161 | 166 |
| 167 // XXX: Generalize CrosArmGpuProcessPolicy to a new | |
| 168 // GpuProcessPolicyEarlySandbox and move that part to IsArchitectureArm() | |
| 162 AddArmGpuWhitelist(&permissions); | 169 AddArmGpuWhitelist(&permissions); |
| 163 InitGpuBrokerProcess(CrosArmGpuBrokerProcessPolicy::Create, permissions); | 170 InitGpuBrokerProcess(CrosArmGpuBrokerProcessPolicy::Create, permissions); |
| 164 | 171 |
| 165 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE; | 172 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE; |
| 166 | 173 |
| 174 // XXX | |
| 167 // Preload the Mali library. | 175 // Preload the Mali library. |
| 168 dlopen("/usr/lib/libmali.so", dlopen_flag); | 176 dlopen("/usr/lib/libmali.so", dlopen_flag); |
| 169 // Preload the Tegra V4L2 (video decode acceleration) library. | 177 // Preload the Tegra V4L2 (video decode acceleration) library. |
| 170 dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag); | 178 dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag); |
| 171 // Resetting errno since platform-specific libraries will fail on other | 179 // Resetting errno since platform-specific libraries will fail on other |
| 172 // platforms. | 180 // platforms. |
| 173 errno = 0; | 181 errno = 0; |
| 174 | 182 |
| 175 return true; | 183 return true; |
| 176 } | 184 } |
| 177 | 185 |
| 178 } // namespace content | 186 } // namespace content |
| OLD | NEW |
