Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(115)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc

Issue 163433011: Clarify the process title of GPU broker process. (Closed) Base URL: https://git.chromium.org/chromium/src.git@master
Patch Set: Address a few more nits Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/common/sandbox_linux/bpf_gpu_policy_linux.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" 5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h"
6 6
7 #include <dlfcn.h> 7 #include <dlfcn.h>
8 #include <errno.h> 8 #include <errno.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
11 #include <sys/stat.h> 11 #include <sys/stat.h>
12 #include <sys/types.h> 12 #include <sys/types.h>
13 #include <unistd.h> 13 #include <unistd.h>
14 14
15 #include <string> 15 #include <string>
16 #include <vector> 16 #include <vector>
17 17
18 #include "base/bind.h"
18 #include "base/compiler_specific.h" 19 #include "base/compiler_specific.h"
19 #include "base/logging.h" 20 #include "base/logging.h"
20 #include "base/memory/scoped_ptr.h" 21 #include "base/memory/scoped_ptr.h"
21 #include "build/build_config.h" 22 #include "build/build_config.h"
22 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" 23 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
23 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" 24 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
24 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 25 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
25 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 26 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
26 #include "sandbox/linux/services/linux_syscalls.h" 27 #include "sandbox/linux/services/linux_syscalls.h"
27 28
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
144 switch (sysno) { 145 switch (sysno) {
145 case __NR_access: 146 case __NR_access:
146 case __NR_open: 147 case __NR_open:
147 case __NR_openat: 148 case __NR_openat:
148 return ErrorCode(ErrorCode::ERR_ALLOWED); 149 return ErrorCode(ErrorCode::ERR_ALLOWED);
149 default: 150 default:
150 return CrosArmGpuProcessPolicy::EvaluateSyscall(sandbox, sysno); 151 return CrosArmGpuProcessPolicy::EvaluateSyscall(sandbox, sysno);
151 } 152 }
152 } 153 }
153 154
154 bool EnableArmGpuBrokerPolicyCallback() {
155 return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
156 scoped_ptr<sandbox::SandboxBPFPolicy>(new CrosArmGpuBrokerProcessPolicy));
157 }
158
159 } // namespace 155 } // namespace
160 156
161 CrosArmGpuProcessPolicy::CrosArmGpuProcessPolicy(bool allow_shmat) 157 CrosArmGpuProcessPolicy::CrosArmGpuProcessPolicy(bool allow_shmat)
162 : allow_shmat_(allow_shmat) {} 158 : allow_shmat_(allow_shmat) {}
163 159
164 CrosArmGpuProcessPolicy::~CrosArmGpuProcessPolicy() {} 160 CrosArmGpuProcessPolicy::~CrosArmGpuProcessPolicy() {}
165 161
166 ErrorCode CrosArmGpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, 162 ErrorCode CrosArmGpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
167 int sysno) const { 163 int sysno) const {
168 #if defined(__arm__) 164 #if defined(__arm__)
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
200 bool CrosArmGpuProcessPolicy::PreSandboxHook() { 196 bool CrosArmGpuProcessPolicy::PreSandboxHook() {
201 DCHECK(IsChromeOS() && IsArchitectureArm()); 197 DCHECK(IsChromeOS() && IsArchitectureArm());
202 // Create a new broker process. 198 // Create a new broker process.
203 DCHECK(!broker_process()); 199 DCHECK(!broker_process());
204 200
205 std::vector<std::string> read_whitelist_extra; 201 std::vector<std::string> read_whitelist_extra;
206 std::vector<std::string> write_whitelist_extra; 202 std::vector<std::string> write_whitelist_extra;
207 // Add ARM-specific files to whitelist in the broker. 203 // Add ARM-specific files to whitelist in the broker.
208 204
209 AddArmGpuWhitelist(&read_whitelist_extra, &write_whitelist_extra); 205 AddArmGpuWhitelist(&read_whitelist_extra, &write_whitelist_extra);
210 InitGpuBrokerProcess(EnableArmGpuBrokerPolicyCallback, 206 InitGpuBrokerProcess(
211 read_whitelist_extra, 207 base::Bind(&SandboxSeccompBPF::StartSandboxWithExternalPolicy,
212 write_whitelist_extra); 208 base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>(
209 new CrosArmGpuBrokerProcessPolicy))),
210 read_whitelist_extra,
211 write_whitelist_extra);
213 212
214 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE; 213 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE;
215 214
216 // Preload the Mali library. 215 // Preload the Mali library.
217 dlopen("/usr/lib/libmali.so", dlopen_flag); 216 dlopen("/usr/lib/libmali.so", dlopen_flag);
218 217
219 // Preload the Tegra libraries. 218 // Preload the Tegra libraries.
220 dlopen("/usr/lib/libnvrm.so", dlopen_flag); 219 dlopen("/usr/lib/libnvrm.so", dlopen_flag);
221 dlopen("/usr/lib/libnvrm_graphics.so", dlopen_flag); 220 dlopen("/usr/lib/libnvrm_graphics.so", dlopen_flag);
222 dlopen("/usr/lib/libnvidia-glsi.so", dlopen_flag); 221 dlopen("/usr/lib/libnvidia-glsi.so", dlopen_flag);
223 dlopen("/usr/lib/libnvidia-rmapi-tegra.so", dlopen_flag); 222 dlopen("/usr/lib/libnvidia-rmapi-tegra.so", dlopen_flag);
224 dlopen("/usr/lib/libnvidia-eglcore.so", dlopen_flag); 223 dlopen("/usr/lib/libnvidia-eglcore.so", dlopen_flag);
225 // TODO(davidung): remove these libraries before nyan launch. 224 // TODO(davidung): remove these libraries before nyan launch.
226 225
227 return true; 226 return true;
228 } 227 }
229 228
230 } // namespace content 229 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/common/sandbox_linux/bpf_gpu_policy_linux.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698