OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <errno.h> | 8 #include <errno.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
50 | 50 |
51 inline bool IsArchitectureArm() { | 51 inline bool IsArchitectureArm() { |
52 #if defined(__arm__) || defined(__aarch64__) | 52 #if defined(__arm__) || defined(__aarch64__) |
53 return true; | 53 return true; |
54 #else | 54 #else |
55 return false; | 55 return false; |
56 #endif | 56 #endif |
57 } | 57 } |
58 | 58 |
59 void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) { | 59 void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) { |
60 // XXX: Generalize CrosArmGpuProcessPolicy to a new | |
Ken Russell (switch to Gerrit)
2016/05/04 20:36:17
TODO(j.isorce@samsung.com) instead of XXX, here an
| |
61 // GpuProcessPolicyEarlySandbox and move that part to IsArchitectureArm() | |
62 | |
60 // Device file needed by the ARM GPU userspace. | 63 // Device file needed by the ARM GPU userspace. |
61 static const char kMali0Path[] = "/dev/mali0"; | 64 static const char kMali0Path[] = "/dev/mali0"; |
62 | 65 |
63 // Image processor used on ARM platforms. | 66 // Image processor used on ARM platforms. |
64 static const char kDevImageProc0Path[] = "/dev/image-proc0"; | 67 static const char kDevImageProc0Path[] = "/dev/image-proc0"; |
65 | 68 |
66 permissions->push_back(BrokerFilePermission::ReadWrite(kMali0Path)); | 69 permissions->push_back(BrokerFilePermission::ReadWrite(kMali0Path)); |
67 permissions->push_back(BrokerFilePermission::ReadWrite(kDevImageProc0Path)); | 70 permissions->push_back(BrokerFilePermission::ReadWrite(kDevImageProc0Path)); |
68 } | 71 } |
69 | 72 |
70 void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) { | 73 void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) { |
74 // XXX: Generalize CrosArmGpuProcessPolicy to a new | |
75 // GpuProcessPolicyEarlySandbox and move that part to IsArchitectureArm() | |
71 // On ARM we're enabling the sandbox before the X connection is made, | 76 // On ARM we're enabling the sandbox before the X connection is made, |
72 // so we need to allow access to |.Xauthority|. | 77 // so we need to allow access to |.Xauthority|. |
73 static const char kXAuthorityPath[] = "/home/chronos/.Xauthority"; | 78 static const char kXAuthorityPath[] = "/home/chronos/.Xauthority"; |
74 static const char kLdSoCache[] = "/etc/ld.so.cache"; | 79 static const char kLdSoCache[] = "/etc/ld.so.cache"; |
75 | 80 |
76 // Files needed by the ARM GPU userspace. | 81 // Files needed by the ARM GPU userspace. |
77 static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2"; | 82 static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2"; |
78 static const char kLibEglPath[] = "/usr/lib/libEGL.so.1"; | 83 static const char kLibEglPath[] = "/usr/lib/libEGL.so.1"; |
79 | 84 |
80 permissions->push_back(BrokerFilePermission::ReadOnly(kXAuthorityPath)); | 85 permissions->push_back(BrokerFilePermission::ReadOnly(kXAuthorityPath)); |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
152 } | 157 } |
153 | 158 |
154 bool CrosArmGpuProcessPolicy::PreSandboxHook() { | 159 bool CrosArmGpuProcessPolicy::PreSandboxHook() { |
155 DCHECK(IsChromeOS() && IsArchitectureArm()); | 160 DCHECK(IsChromeOS() && IsArchitectureArm()); |
156 // Create a new broker process. | 161 // Create a new broker process. |
157 DCHECK(!broker_process()); | 162 DCHECK(!broker_process()); |
158 | 163 |
159 // Add ARM-specific files to whitelist in the broker. | 164 // Add ARM-specific files to whitelist in the broker. |
160 std::vector<BrokerFilePermission> permissions; | 165 std::vector<BrokerFilePermission> permissions; |
161 | 166 |
167 // XXX: Generalize CrosArmGpuProcessPolicy to a new | |
168 // GpuProcessPolicyEarlySandbox and move that part to IsArchitectureArm() | |
162 AddArmGpuWhitelist(&permissions); | 169 AddArmGpuWhitelist(&permissions); |
163 InitGpuBrokerProcess(CrosArmGpuBrokerProcessPolicy::Create, permissions); | 170 InitGpuBrokerProcess(CrosArmGpuBrokerProcessPolicy::Create, permissions); |
164 | 171 |
165 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE; | 172 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE; |
166 | 173 |
174 // XXX | |
167 // Preload the Mali library. | 175 // Preload the Mali library. |
168 dlopen("/usr/lib/libmali.so", dlopen_flag); | 176 dlopen("/usr/lib/libmali.so", dlopen_flag); |
169 // Preload the Tegra V4L2 (video decode acceleration) library. | 177 // Preload the Tegra V4L2 (video decode acceleration) library. |
170 dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag); | 178 dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag); |
171 // Resetting errno since platform-specific libraries will fail on other | 179 // Resetting errno since platform-specific libraries will fail on other |
172 // platforms. | 180 // platforms. |
173 errno = 0; | 181 errno = 0; |
174 | 182 |
175 return true; | 183 return true; |
176 } | 184 } |
177 | 185 |
178 } // namespace content | 186 } // namespace content |
OLD | NEW |