Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(523)

Unified Diff: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Issue 163433011: Clarify the process title of GPU broker process. (Closed) Base URL: https://git.chromium.org/chromium/src.git@master
Patch Set: Address a few more nits Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc
diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
index 2bdec2b0c672f1b31af9f506c50c0cf41e357dec..2460f02b65febb15e848fcba0a8315eaa2208906 100644
--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -15,6 +15,7 @@
#include <string>
#include <vector>
+#include "base/bind.h"
#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/logging.h"
@@ -22,6 +23,7 @@
#include "build/build_config.h"
#include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
#include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
+#include "content/common/set_process_title.h"
#include "content/public/common/content_switches.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
@@ -136,9 +138,24 @@ ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
}
}
-bool EnableGpuBrokerPolicyCallback() {
- return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
- scoped_ptr<sandbox::SandboxBPFPolicy>(new GpuBrokerProcessPolicy));
+void UpdateProcessTypeToGpuBroker() {
+ CommandLine::StringVector exec = CommandLine::ForCurrentProcess()->GetArgs();
+ CommandLine::Reset();
+ CommandLine::Init(0, NULL);
+ CommandLine::ForCurrentProcess()->InitFromArgv(exec);
+ CommandLine::ForCurrentProcess()->AppendSwitchASCII(switches::kProcessType,
+ "gpu-broker");
+
+ // Update the process title. The argv was already cached by the call to
+ // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass
+ // NULL here (we don't have the original argv at this point).
+ SetProcessTitleFromCommandLine(NULL);
+}
+
+bool UpdateProcessTypeAndEnableSandbox(
+ const base::Callback<bool(void)>& broker_sandboxer_callback) {
+ UpdateProcessTypeToGpuBroker();
+ return broker_sandboxer_callback.Run();
}
} // namespace
@@ -188,7 +205,9 @@ bool GpuProcessPolicy::PreSandboxHook() {
DCHECK(!broker_process());
// Create a new broker process.
InitGpuBrokerProcess(
- EnableGpuBrokerPolicyCallback,
+ base::Bind(&SandboxSeccompBPF::StartSandboxWithExternalPolicy,
+ base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>(
+ new GpuBrokerProcessPolicy))),
std::vector<std::string>(), // No extra files in whitelist.
std::vector<std::string>());
@@ -214,7 +233,7 @@ bool GpuProcessPolicy::PreSandboxHook() {
}
void GpuProcessPolicy::InitGpuBrokerProcess(
- bool (*broker_sandboxer_callback)(void),
+ const base::Callback<bool(void)>& broker_sandboxer_callback,
const std::vector<std::string>& read_whitelist_extra,
const std::vector<std::string>& write_whitelist_extra) {
static const char kDriRcPath[] = "/etc/drirc";
@@ -241,8 +260,10 @@ void GpuProcessPolicy::InitGpuBrokerProcess(
broker_process_ = new BrokerProcess(GetFSDeniedErrno(),
read_whitelist,
write_whitelist);
- // Initialize the broker process and give it a sandbox callback.
- CHECK(broker_process_->Init(broker_sandboxer_callback));
+ // The initialization callback will perform generic initialization and then
+ // call broker_sandboxer_callback.
+ CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
+ broker_sandboxer_callback)));
}
} // namespace content
« no previous file with comments | « content/common/sandbox_linux/bpf_gpu_policy_linux.h ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698