| Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc
|
| diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
|
| index b119c4251fc0fd5e36fd149654ae3343763b050f..f5fd8d744efcfde601b20c234cb2fe983f71eb41 100644
|
| --- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
|
| +++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
|
| @@ -21,6 +21,8 @@
|
| #include "base/logging.h"
|
| #include "base/memory/scoped_ptr.h"
|
| #include "build/build_config.h"
|
| +// Auto-generated for dlopen libva libraries
|
| +#include "content/common/gpu/media/va_stubs.h"
|
| #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
|
| #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
|
| #include "content/common/set_process_title.h"
|
| @@ -29,6 +31,8 @@
|
| #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
|
| #include "sandbox/linux/services/broker_process.h"
|
| #include "sandbox/linux/services/linux_syscalls.h"
|
| +#include "third_party/libva/va/va.h"
|
| +#include "third_party/libva/va/va_x11.h"
|
|
|
| using sandbox::BrokerProcess;
|
| using sandbox::ErrorCode;
|
| @@ -36,6 +40,14 @@ using sandbox::SandboxBPF;
|
| using sandbox::SyscallSets;
|
| using sandbox::arch_seccomp_data;
|
|
|
| +using content_common_gpu_media::kModuleVa;
|
| +using content_common_gpu_media::InitializeStubs;
|
| +using content_common_gpu_media::StubPathMap;
|
| +
|
| +// libva-x11 depends on libva, so dlopen libva-x11 is enough
|
| +static const base::FilePath::CharType kVaLib[] =
|
| + FILE_PATH_LITERAL("libva-x11.so.1");
|
| +
|
| namespace content {
|
|
|
| namespace {
|
| @@ -208,19 +220,38 @@ bool GpuProcessPolicy::PreSandboxHook() {
|
| // Accelerated video decode dlopen()'s some shared objects
|
| // inside the sandbox, so preload them now.
|
| if (IsAcceleratedVideoDecodeEnabled()) {
|
| - const char* I965DrvVideoPath = NULL;
|
| + StubPathMap paths;
|
| + paths[kModuleVa].push_back(kVaLib);
|
| + if (!InitializeStubs(paths)) {
|
| + return false;
|
| + }
|
|
|
| - if (IsArchitectureX86_64()) {
|
| - I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so";
|
| - } else if (IsArchitectureI386()) {
|
| - I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so";
|
| + // libva drivers won't get loaded even above two libraries get dlopened.
|
| + // Thus, libva calls will fail after post sandbox stage.
|
| + //
|
| + // To get the va driver loadded before sandboxing, upstream simply dlopen
|
| + // the hard-coded va driver path because ChromeOS is the only platform
|
| + // that Google want to support libva.
|
| + //
|
| + // While generic linux distros ship va driver as anywhere they want.
|
| + // Fortunately, the va driver will be loadded when vaInitialize() get
|
| + // called.
|
| + // So the following code is to call vaInitialize() before sandboxing.
|
| + Display* x_display = XOpenDisplay(NULL);
|
| + VADisplay va_display = vaGetDisplay(x_display);
|
| + if (!vaDisplayIsValid(va_display)) {
|
| + DVLOG(1) << "Failed to call vaGetDisplay()";
|
| + return false;
|
| }
|
|
|
| - dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
|
| - dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
|
| - dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
|
| - }
|
| - }
|
| + int major_version, minor_version;
|
| + if (vaInitialize(va_display, &major_version, &minor_version)
|
| + != VA_STATUS_SUCCESS) {
|
| + DVLOG(1) << "Failed to call vaInitialize()";
|
| + return false;
|
| + }
|
| + } // end of IsAcceleratedVideoDecodeEnabled()
|
| + } // end of IsArchitectureX86_64() || IsArchitectureI386()
|
|
|
| return true;
|
| }
|
|
|
Chromium Code Reviews
Issue 15955009:
Call vaInitialize() at PreSandbox stage.
Base URL: https://chromium.googlesource.com/chromium/src.git@master