Call vaInitialize() at PreSandbox stage.

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
 
 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "build/build_config.h"
+// Auto-generated for dlopen libva libraries
+#include "content/common/gpu/media/va_stubs.h"
 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
 #include "content/common/set_process_title.h"
 #include "content/public/common/content_switches.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
+#include "third_party/libva/va/va.h"
+#include "third_party/libva/va/va_x11.h"
 
 using sandbox::BrokerProcess;
 using sandbox::ErrorCode;
 using sandbox::SandboxBPF;
 using sandbox::SyscallSets;
 using sandbox::arch_seccomp_data;
 
+using content_common_gpu_media::kModuleVa;
+using content_common_gpu_media::InitializeStubs;
+using content_common_gpu_media::StubPathMap;
+
+// libva-x11 depends on libva, so dlopen libva-x11 is enough
+static const base::FilePath::CharType kVaLib[] =
+    FILE_PATH_LITERAL("libva-x11.so.1");
+
 namespace content {
 
 namespace {
 
 inline bool IsChromeOS() {
 #if defined(OS_CHROMEOS)
   return true;
 #else
   return false;
 #endif
@@ skipping 152 matching lines @@
       base::Bind(&SandboxSeccompBPF::StartSandboxWithExternalPolicy,
                  base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>(
                      new GpuBrokerProcessPolicy))),
       std::vector<std::string>(),  // No extra files in whitelist.
       std::vector<std::string>());
 
   if (IsArchitectureX86_64() || IsArchitectureI386()) {
     // Accelerated video decode dlopen()'s some shared objects
     // inside the sandbox, so preload them now.
     if (IsAcceleratedVideoDecodeEnabled()) {
-      const char* I965DrvVideoPath = NULL;
-
-      if (IsArchitectureX86_64()) {
-        I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so";
-      } else if (IsArchitectureI386()) {
-        I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so";
+      StubPathMap paths;
+      paths[kModuleVa].push_back(kVaLib);
+      if (!InitializeStubs(paths)) {
+        return false;
       }
 
-      dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
-      dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
-      dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
-    }
-  }
+      // libva drivers won't get loaded even above two libraries get dlopened.
+      // Thus, libva calls will fail after post sandbox stage.
+      //
+      // To get the va driver loadded before sandboxing, upstream simply dlopen
+      // the hard-coded va driver path because ChromeOS is the only platform
+      // that Google want to support libva.
+      //
+      // While generic linux distros ship va driver as anywhere they want.
+      // Fortunately, the va driver will be loadded when vaInitialize() get
+      // called.
+      // So the following code is to call vaInitialize() before sandboxing.
+      Display* x_display = XOpenDisplay(NULL);
+      VADisplay va_display = vaGetDisplay(x_display);
+      if (!vaDisplayIsValid(va_display)) {
+        DVLOG(1) << "Failed to call vaGetDisplay()";
+        return false;
+      }
+
+      int major_version, minor_version;
+      if (vaInitialize(va_display, &major_version, &minor_version)
+          != VA_STATUS_SUCCESS) {
+        DVLOG(1) << "Failed to call vaInitialize()";
+        return false;
+      }
+    }  // end of IsAcceleratedVideoDecodeEnabled()
+  }  // end of IsArchitectureX86_64() || IsArchitectureI386()
 
   return true;
 }
 
 void GpuProcessPolicy::InitGpuBrokerProcess(
     const base::Callback<bool(void)>& broker_sandboxer_callback,
     const std::vector<std::string>& read_whitelist_extra,
     const std::vector<std::string>& write_whitelist_extra) {
   static const char kDriRcPath[] = "/etc/drirc";
   static const char kDriCard0Path[] = "/dev/dri/card0";
@@ skipping 19 matching lines @@
   broker_process_ = new BrokerProcess(GetFSDeniedErrno(),
                                       read_whitelist,
                                       write_whitelist);
   // The initialization callback will perform generic initialization and then
   // call broker_sandboxer_callback.
   CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
                                          broker_sandboxer_callback)));
 }
 
 }  // namespace content