OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <errno.h> | 8 #include <errno.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
87 read_whitelist->push_back(kXAuthorityPath); | 87 read_whitelist->push_back(kXAuthorityPath); |
88 read_whitelist->push_back(kLdSoCache); | 88 read_whitelist->push_back(kLdSoCache); |
89 read_whitelist->push_back(kLibGlesPath); | 89 read_whitelist->push_back(kLibGlesPath); |
90 read_whitelist->push_back(kLibEglPath); | 90 read_whitelist->push_back(kLibEglPath); |
91 | 91 |
92 AddArmMaliGpuWhitelist(read_whitelist, write_whitelist); | 92 AddArmMaliGpuWhitelist(read_whitelist, write_whitelist); |
93 } | 93 } |
94 | 94 |
95 class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy { | 95 class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy { |
96 public: | 96 public: |
97 CrosArmGpuBrokerProcessPolicy() : CrosArmGpuProcessPolicy(false) {} | 97 static sandbox::SandboxBPFPolicy* Create() { |
| 98 return new CrosArmGpuBrokerProcessPolicy(); |
| 99 } |
98 virtual ~CrosArmGpuBrokerProcessPolicy() {} | 100 virtual ~CrosArmGpuBrokerProcessPolicy() {} |
99 | 101 |
100 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, | 102 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler, |
101 int system_call_number) const OVERRIDE; | 103 int system_call_number) const OVERRIDE; |
102 | 104 |
103 private: | 105 private: |
| 106 CrosArmGpuBrokerProcessPolicy() : CrosArmGpuProcessPolicy(false) {} |
104 DISALLOW_COPY_AND_ASSIGN(CrosArmGpuBrokerProcessPolicy); | 107 DISALLOW_COPY_AND_ASSIGN(CrosArmGpuBrokerProcessPolicy); |
105 }; | 108 }; |
106 | 109 |
107 // A GPU broker policy is the same as a GPU policy with open and | 110 // A GPU broker policy is the same as a GPU policy with open and |
108 // openat allowed. | 111 // openat allowed. |
109 ErrorCode CrosArmGpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, | 112 ErrorCode CrosArmGpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox, |
110 int sysno) const { | 113 int sysno) const { |
111 switch (sysno) { | 114 switch (sysno) { |
112 case __NR_access: | 115 case __NR_access: |
113 case __NR_open: | 116 case __NR_open: |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
162 bool CrosArmGpuProcessPolicy::PreSandboxHook() { | 165 bool CrosArmGpuProcessPolicy::PreSandboxHook() { |
163 DCHECK(IsChromeOS() && IsArchitectureArm()); | 166 DCHECK(IsChromeOS() && IsArchitectureArm()); |
164 // Create a new broker process. | 167 // Create a new broker process. |
165 DCHECK(!broker_process()); | 168 DCHECK(!broker_process()); |
166 | 169 |
167 std::vector<std::string> read_whitelist_extra; | 170 std::vector<std::string> read_whitelist_extra; |
168 std::vector<std::string> write_whitelist_extra; | 171 std::vector<std::string> write_whitelist_extra; |
169 // Add ARM-specific files to whitelist in the broker. | 172 // Add ARM-specific files to whitelist in the broker. |
170 | 173 |
171 AddArmGpuWhitelist(&read_whitelist_extra, &write_whitelist_extra); | 174 AddArmGpuWhitelist(&read_whitelist_extra, &write_whitelist_extra); |
172 InitGpuBrokerProcess( | 175 InitGpuBrokerProcess(CrosArmGpuBrokerProcessPolicy::Create, |
173 base::Bind(&SandboxSeccompBPF::StartSandboxWithExternalPolicy, | 176 read_whitelist_extra, |
174 base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>( | 177 write_whitelist_extra); |
175 new CrosArmGpuBrokerProcessPolicy))), | |
176 read_whitelist_extra, | |
177 write_whitelist_extra); | |
178 | 178 |
179 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE; | 179 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE; |
180 | 180 |
181 // Preload the Mali library. | 181 // Preload the Mali library. |
182 dlopen("/usr/lib/libmali.so", dlopen_flag); | 182 dlopen("/usr/lib/libmali.so", dlopen_flag); |
183 // Preload the Tegra V4L2 (video decode acceleration) library. | 183 // Preload the Tegra V4L2 (video decode acceleration) library. |
184 dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag); | 184 dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag); |
185 // Resetting errno since platform-specific libraries will fail on other | 185 // Resetting errno since platform-specific libraries will fail on other |
186 // platforms. | 186 // platforms. |
187 errno = 0; | 187 errno = 0; |
188 | 188 |
189 return true; | 189 return true; |
190 } | 190 } |
191 | 191 |
192 } // namespace content | 192 } // namespace content |
OLD | NEW |