Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(342)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc

Issue 179983006: Don't start the SECCOMP sandbox early for Tegra124 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rename flag to gpu-sandbox-start-after-initialization and add option in chrome_restart_request.cc Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/gpu/gpu_process_host.cc ('k') | content/gpu/gpu_main.cc » ('j') | content/gpu/gpu_main.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" 5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h"
6 6
7 #include <dlfcn.h> 7 #include <dlfcn.h>
8 #include <errno.h> 8 #include <errno.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
66 read_whitelist->push_back(kDevMfcDecPath); 66 read_whitelist->push_back(kDevMfcDecPath);
67 read_whitelist->push_back(kDevGsc1Path); 67 read_whitelist->push_back(kDevGsc1Path);
68 read_whitelist->push_back(kDevMfcEncPath); 68 read_whitelist->push_back(kDevMfcEncPath);
69 69
70 write_whitelist->push_back(kMali0Path); 70 write_whitelist->push_back(kMali0Path);
71 write_whitelist->push_back(kDevMfcDecPath); 71 write_whitelist->push_back(kDevMfcDecPath);
72 write_whitelist->push_back(kDevGsc1Path); 72 write_whitelist->push_back(kDevGsc1Path);
73 write_whitelist->push_back(kDevMfcEncPath); 73 write_whitelist->push_back(kDevMfcEncPath);
74 } 74 }
75 75
76 void AddArmTegraGpuWhitelist(std::vector<std::string>* read_whitelist,
77 std::vector<std::string>* write_whitelist) {
78 // Device files needed by the Tegra GPU userspace.
79 static const char kDevNvhostCtrlPath[] = "/dev/nvhost-ctrl";
80 static const char kDevNvhostIspPath[] = "/dev/nvhost-isp";
81 static const char kDevNvhostViPath[] = "/dev/nvhost-vi";
82 static const char kDevNvmapPath[] = "/dev/nvmap";
83 static const char kDevNvhostGpuPath[] = "/dev/nvhost-gpu";
84 static const char kDevNvhostAsGpuPath[] = "/dev/nvhost-as-gpu";
85 static const char kDevNvhostCtrlGpuPath[] = "/dev/nvhost-ctrl-gpu";
86 static const char kSysDevicesSocIDPath[] = "/sys/devices/soc0/soc_id";
87 static const char kSysDevicesSocRevPath[] = "/sys/devices/soc0/revision";
88 // TODO(davidung): remove these device nodes before nyan launch.
89
90 read_whitelist->push_back(kDevNvhostCtrlPath);
91 read_whitelist->push_back(kDevNvhostIspPath);
92 read_whitelist->push_back(kDevNvhostViPath);
93 read_whitelist->push_back(kDevNvmapPath);
94 read_whitelist->push_back(kDevNvhostGpuPath);
95 read_whitelist->push_back(kDevNvhostAsGpuPath);
96 read_whitelist->push_back(kDevNvhostCtrlGpuPath);
97 read_whitelist->push_back(kSysDevicesSocIDPath);
98 read_whitelist->push_back(kSysDevicesSocRevPath);
99
100 write_whitelist->push_back(kDevNvhostCtrlPath);
101 write_whitelist->push_back(kDevNvhostIspPath);
102 write_whitelist->push_back(kDevNvhostViPath);
103 write_whitelist->push_back(kDevNvmapPath);
104 write_whitelist->push_back(kDevNvhostGpuPath);
105 write_whitelist->push_back(kDevNvhostAsGpuPath);
106 write_whitelist->push_back(kDevNvhostCtrlGpuPath);
107 }
108
109 void AddArmGpuWhitelist(std::vector<std::string>* read_whitelist, 76 void AddArmGpuWhitelist(std::vector<std::string>* read_whitelist,
110 std::vector<std::string>* write_whitelist) { 77 std::vector<std::string>* write_whitelist) {
111 // On ARM we're enabling the sandbox before the X connection is made, 78 // On ARM we're enabling the sandbox before the X connection is made,
112 // so we need to allow access to |.Xauthority|. 79 // so we need to allow access to |.Xauthority|.
113 static const char kXAuthorityPath[] = "/home/chronos/.Xauthority"; 80 static const char kXAuthorityPath[] = "/home/chronos/.Xauthority";
114 static const char kLdSoCache[] = "/etc/ld.so.cache"; 81 static const char kLdSoCache[] = "/etc/ld.so.cache";
115 82
116 // Files needed by the ARM GPU userspace. 83 // Files needed by the ARM GPU userspace.
117 static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2"; 84 static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2";
118 static const char kLibEglPath[] = "/usr/lib/libEGL.so.1"; 85 static const char kLibEglPath[] = "/usr/lib/libEGL.so.1";
119 86
120 read_whitelist->push_back(kXAuthorityPath); 87 read_whitelist->push_back(kXAuthorityPath);
121 read_whitelist->push_back(kLdSoCache); 88 read_whitelist->push_back(kLdSoCache);
122 read_whitelist->push_back(kLibGlesPath); 89 read_whitelist->push_back(kLibGlesPath);
123 read_whitelist->push_back(kLibEglPath); 90 read_whitelist->push_back(kLibEglPath);
124 91
125 AddArmMaliGpuWhitelist(read_whitelist, write_whitelist); 92 AddArmMaliGpuWhitelist(read_whitelist, write_whitelist);
126 AddArmTegraGpuWhitelist(read_whitelist, write_whitelist);
127 } 93 }
128 94
129 class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy { 95 class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy {
130 public: 96 public:
131 CrosArmGpuBrokerProcessPolicy() : CrosArmGpuProcessPolicy(false) {} 97 CrosArmGpuBrokerProcessPolicy() : CrosArmGpuProcessPolicy(false) {}
132 virtual ~CrosArmGpuBrokerProcessPolicy() {} 98 virtual ~CrosArmGpuBrokerProcessPolicy() {}
133 99
134 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, 100 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
135 int system_call_number) const OVERRIDE; 101 int system_call_number) const OVERRIDE;
136 102
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
208 base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>( 174 base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>(
209 new CrosArmGpuBrokerProcessPolicy))), 175 new CrosArmGpuBrokerProcessPolicy))),
210 read_whitelist_extra, 176 read_whitelist_extra,
211 write_whitelist_extra); 177 write_whitelist_extra);
212 178
213 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE; 179 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE;
214 180
215 // Preload the Mali library. 181 // Preload the Mali library.
216 dlopen("/usr/lib/libmali.so", dlopen_flag); 182 dlopen("/usr/lib/libmali.so", dlopen_flag);
217 183
218 // Preload the Tegra libraries.
219 dlopen("/usr/lib/libnvrm.so", dlopen_flag);
220 dlopen("/usr/lib/libnvrm_graphics.so", dlopen_flag);
221 dlopen("/usr/lib/libnvidia-glsi.so", dlopen_flag);
222 dlopen("/usr/lib/libnvidia-rmapi-tegra.so", dlopen_flag);
223 dlopen("/usr/lib/libnvidia-eglcore.so", dlopen_flag);
224 // TODO(davidung): remove these libraries before nyan launch.
225
226 return true; 184 return true;
227 } 185 }
228 186
229 } // namespace content 187 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/gpu/gpu_process_host.cc ('k') | content/gpu/gpu_main.cc » ('j') | content/gpu/gpu_main.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698