Clarify the process title of GPU broker process.

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
 
 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include <string>
 #include <vector>
 
+#include "base/bind.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "build/build_config.h"
 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
+#include "content/common/set_process_title.h"
 #include "content/public/common/content_switches.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 using sandbox::BrokerProcess;
 using sandbox::ErrorCode;
 using sandbox::SandboxBPF;
 using sandbox::SyscallSets;
@@ skipping 94 matching lines @@
   switch (sysno) {
     case __NR_access:
     case __NR_open:
     case __NR_openat:
       return ErrorCode(ErrorCode::ERR_ALLOWED);
     default:
       return GpuProcessPolicy::EvaluateSyscall(sandbox, sysno);
   }
 }
 
-bool EnableGpuBrokerPolicyCallback() {
-  return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
-      scoped_ptr<sandbox::SandboxBPFPolicy>(new GpuBrokerProcessPolicy));
+void UpdateProcessTypeToGpuBroker() {
+  CommandLine::StringVector exec = CommandLine::ForCurrentProcess()->GetArgs();
+  CommandLine::Reset();
+  CommandLine::Init(0, NULL);
+  CommandLine::ForCurrentProcess()->InitFromArgv(exec);
+  CommandLine::ForCurrentProcess()->AppendSwitchASCII(switches::kProcessType,
+                                                      "gpu-broker");
+
+  // Update the process title. The argv was already cached by the call to
+  // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass
+  // NULL here (we don't have the original argv at this point).
+  SetProcessTitleFromCommandLine(NULL);
+}
+
+bool GpuBrokerChildInitCallback(

[jln (very slow on Chromium), 2014/02/20 23:38:52]

Sorry for my earlier recommendation, but given how this now works, it's very
confusing to name it like this.

Let's do: UpdateProcessTypeAndEnableSandbox() or something similar, with the
argument being named broker_sandboxer_callback).

[dshwang, 2014/02/21 07:03:13]

done.

+    const base::Callback<bool(void)>& gpu_broker_child_init_callback) {
+  UpdateProcessTypeToGpuBroker();
+  return gpu_broker_child_init_callback.Run();
 }
 
 }  // namespace
 
 GpuProcessPolicy::GpuProcessPolicy() : broker_process_(NULL) {}
 
 GpuProcessPolicy::~GpuProcessPolicy() {}
 
 // Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy.
 ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
@@ skipping 29 matching lines @@
 bool GpuProcessPolicy::PreSandboxHook() {
   // Warm up resources needed by the policy we're about to enable and
   // eventually start a broker process.
   const bool chromeos_arm_gpu = IsChromeOS() && IsArchitectureArm();
   // This policy is for x86 or Desktop.
   DCHECK(!chromeos_arm_gpu);
 
   DCHECK(!broker_process());
   // Create a new broker process.
   InitGpuBrokerProcess(
-      EnableGpuBrokerPolicyCallback,
+      base::Bind(
+          &SandboxSeccompBPF::StartSandboxWithExternalPolicy,
+          base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>(
+              new GpuBrokerProcessPolicy))),
       std::vector<std::string>(),  // No extra files in whitelist.
       std::vector<std::string>());
 
   if (IsArchitectureX86_64() || IsArchitectureI386()) {
     // Accelerated video decode dlopen()'s some shared objects
     // inside the sandbox, so preload them now.
     if (IsAcceleratedVideoDecodeEnabled()) {
       const char* I965DrvVideoPath = NULL;
 
       if (IsArchitectureX86_64()) {
         I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so";
       } else if (IsArchitectureI386()) {
         I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so";
       }
 
       dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
       dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
       dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
     }
   }
 
   return true;
 }
 
 void GpuProcessPolicy::InitGpuBrokerProcess(
-    bool (*broker_sandboxer_callback)(void),
+    const base::Callback<bool(void)>& gpu_broker_child_init_callback,
     const std::vector<std::string>& read_whitelist_extra,
     const std::vector<std::string>& write_whitelist_extra) {
   static const char kDriRcPath[] = "/etc/drirc";
   static const char kDriCard0Path[] = "/dev/dri/card0";
 
   CHECK(broker_process_ == NULL);
 
   // All GPU process policies need these files brokered out.
   std::vector<std::string> read_whitelist;
   read_whitelist.push_back(kDriCard0Path);
   read_whitelist.push_back(kDriRcPath);
   // Add eventual extra files from read_whitelist_extra.
   read_whitelist.insert(read_whitelist.end(),
                         read_whitelist_extra.begin(),
                         read_whitelist_extra.end());
 
   std::vector<std::string> write_whitelist;
   write_whitelist.push_back(kDriCard0Path);
   // Add eventual extra files from write_whitelist_extra.
   write_whitelist.insert(write_whitelist.end(),
                          write_whitelist_extra.begin(),
                          write_whitelist_extra.end());
 
   broker_process_ = new BrokerProcess(GetFSDeniedErrno(),
                                       read_whitelist,
                                       write_whitelist);
-  // Initialize the broker process and give it a sandbox callback.
-  CHECK(broker_process_->Init(broker_sandboxer_callback));
+  // Initialize the broker process and give it a broker process init callback.

[jln (very slow on Chromium), 2014/02/20 23:38:52]

Let's add a clarification as this becomes convoluted:

"Initialize the broker process and give it an initialization callback."

"The initialization callback will perform generic initialization and then call
broker_sandboxer_callback" (let's keep this former name for this part of the
callback, which is dedicated to sandboxing).

[dshwang, 2014/02/21 07:03:13]

thank you for good sentence. this part is the most difficult part for non native
:)

+  CHECK(broker_process_->Init(
+      base::Bind(&GpuBrokerChildInitCallback, gpu_broker_child_init_callback)));
 }
 
 }  // namespace content