Chromium Code Reviews Chromium Code Reviews
Issue 163433011:
Clarify the process title of GPU broker process. (Closed)
Base URL: https://git.chromium.org/chromium/src.git@master| Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc |
| diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc |
| index 2bdec2b0c672f1b31af9f506c50c0cf41e357dec..e1c8e7f11109df8690d76b221b4526772476a739 100644 |
| --- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc |
| +++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc |
| @@ -15,6 +15,7 @@ |
| #include <string> |
| #include <vector> |
| +#include "base/bind.h" |
| #include "base/command_line.h" |
| #include "base/compiler_specific.h" |
| #include "base/logging.h" |
| @@ -22,6 +23,7 @@ |
| #include "build/build_config.h" |
| #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" |
| #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
| +#include "content/common/set_process_title.h" |
| #include "content/public/common/content_switches.h" |
| #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" |
| #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| @@ -136,9 +138,24 @@ ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, |
| } |
| } |
| -bool EnableGpuBrokerPolicyCallback() { |
| - return SandboxSeccompBPF::StartSandboxWithExternalPolicy( |
| - scoped_ptr<sandbox::SandboxBPFPolicy>(new GpuBrokerProcessPolicy)); |
| +void UpdateProcessTypeToGpuBroker() { |
| + CommandLine::StringVector exec = CommandLine::ForCurrentProcess()->GetArgs(); |
| + CommandLine::Reset(); |
| + CommandLine::Init(0, NULL); |
| + CommandLine::ForCurrentProcess()->InitFromArgv(exec); |
| + CommandLine::ForCurrentProcess()->AppendSwitchASCII(switches::kProcessType, |
| + "gpu-broker"); |
| + |
| + // Update the process title. The argv was already cached by the call to |
| + // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass |
| + // NULL here (we don't have the original argv at this point). |
| + SetProcessTitleFromCommandLine(NULL); |
| +} |
| + |
| +bool GpuBrokerChildInitCallback( |
|
jln (very slow on Chromium)
2014/02/20 23:38:52
Sorry for my earlier recommendation, but given how
dshwang
2014/02/21 07:03:13
done.
|
| + const base::Callback<bool(void)>& gpu_broker_child_init_callback) { |
| + UpdateProcessTypeToGpuBroker(); |
| + return gpu_broker_child_init_callback.Run(); |
| } |
| } // namespace |
| @@ -188,7 +205,10 @@ bool GpuProcessPolicy::PreSandboxHook() { |
| DCHECK(!broker_process()); |
| // Create a new broker process. |
| InitGpuBrokerProcess( |
| - EnableGpuBrokerPolicyCallback, |
| + base::Bind( |
| + &SandboxSeccompBPF::StartSandboxWithExternalPolicy, |
| + base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>( |
| + new GpuBrokerProcessPolicy))), |
| std::vector<std::string>(), // No extra files in whitelist. |
| std::vector<std::string>()); |
| @@ -214,7 +234,7 @@ bool GpuProcessPolicy::PreSandboxHook() { |
| } |
| void GpuProcessPolicy::InitGpuBrokerProcess( |
| - bool (*broker_sandboxer_callback)(void), |
| + const base::Callback<bool(void)>& gpu_broker_child_init_callback, |
| const std::vector<std::string>& read_whitelist_extra, |
| const std::vector<std::string>& write_whitelist_extra) { |
| static const char kDriRcPath[] = "/etc/drirc"; |
| @@ -241,8 +261,9 @@ void GpuProcessPolicy::InitGpuBrokerProcess( |
| broker_process_ = new BrokerProcess(GetFSDeniedErrno(), |
| read_whitelist, |
| write_whitelist); |
| - // Initialize the broker process and give it a sandbox callback. |
| - CHECK(broker_process_->Init(broker_sandboxer_callback)); |
| + // Initialize the broker process and give it a broker process init callback. |
|
jln (very slow on Chromium)
2014/02/20 23:38:52
Let's add a clarification as this becomes convolut
dshwang
2014/02/21 07:03:13
thank you for good sentence. this part is the most
|
| + CHECK(broker_process_->Init( |
| + base::Bind(&GpuBrokerChildInitCallback, gpu_broker_child_init_callback))); |
| } |
| } // namespace content |
