Linux GPU sandbox: only allocate broker policy in the broker.

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
 
 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/socket.h>
@@ skipping 88 matching lines @@
         return -EPERM;
       }
     default:
       RAW_CHECK(false);
       return -ENOSYS;
   }
 }
 
 class GpuBrokerProcessPolicy : public GpuProcessPolicy {
  public:
-  GpuBrokerProcessPolicy() {}
+  static sandbox::SandboxBPFPolicy* Create() {
+    return new GpuBrokerProcessPolicy();
+  }
   virtual ~GpuBrokerProcessPolicy() {}
 
   virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
                                     int system_call_number) const OVERRIDE;
 
  private:
+  GpuBrokerProcessPolicy() {}
   DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy);
 };
 
 // x86_64/i386 or desktop ARM.
 // A GPU broker policy is the same as a GPU policy with open and
 // openat allowed.
 ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
                                                   int sysno) const {
   switch (sysno) {
     case __NR_access:
@@ skipping 13 matching lines @@
   CommandLine::ForCurrentProcess()->AppendSwitchASCII(switches::kProcessType,
                                                       "gpu-broker");
 
   // Update the process title. The argv was already cached by the call to
   // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass
   // NULL here (we don't have the original argv at this point).
   SetProcessTitleFromCommandLine(NULL);
 }
 
 bool UpdateProcessTypeAndEnableSandbox(
-    const base::Callback<bool(void)>& broker_sandboxer_callback) {
+    sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void)) {
+  DCHECK(broker_sandboxer_allocator);
   UpdateProcessTypeToGpuBroker();
-  return broker_sandboxer_callback.Run();
+  return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
+      make_scoped_ptr(broker_sandboxer_allocator()));
 }
 
 }  // namespace
 
 GpuProcessPolicy::GpuProcessPolicy() : broker_process_(NULL) {}
 
 GpuProcessPolicy::~GpuProcessPolicy() {}
 
 // Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy.
 ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
@@ skipping 29 matching lines @@
 bool GpuProcessPolicy::PreSandboxHook() {
   // Warm up resources needed by the policy we're about to enable and
   // eventually start a broker process.
   const bool chromeos_arm_gpu = IsChromeOS() && IsArchitectureArm();
   // This policy is for x86 or Desktop.
   DCHECK(!chromeos_arm_gpu);
 
   DCHECK(!broker_process());
   // Create a new broker process.
   InitGpuBrokerProcess(
-      base::Bind(&SandboxSeccompBPF::StartSandboxWithExternalPolicy,
-                 base::Passed(scoped_ptr<sandbox::SandboxBPFPolicy>(
-                     new GpuBrokerProcessPolicy))),
+      GpuBrokerProcessPolicy::Create,
       std::vector<std::string>(),  // No extra files in whitelist.
       std::vector<std::string>());
 
   if (IsArchitectureX86_64() || IsArchitectureI386()) {
     // Accelerated video decode dlopen()'s some shared objects
     // inside the sandbox, so preload them now.
     if (IsAcceleratedVideoDecodeEnabled()) {
       const char* I965DrvVideoPath = NULL;
 
       if (IsArchitectureX86_64()) {
         I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so";
       } else if (IsArchitectureI386()) {
         I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so";
       }
 
       dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
       dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
       dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
     }
   }
 
   return true;
 }
 
 void GpuProcessPolicy::InitGpuBrokerProcess(
-    const base::Callback<bool(void)>& broker_sandboxer_callback,
+    sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void),
     const std::vector<std::string>& read_whitelist_extra,
     const std::vector<std::string>& write_whitelist_extra) {
   static const char kDriRcPath[] = "/etc/drirc";
   static const char kDriCard0Path[] = "/dev/dri/card0";
 
   CHECK(broker_process_ == NULL);
 
   // All GPU process policies need these files brokered out.
   std::vector<std::string> read_whitelist;
   read_whitelist.push_back(kDriCard0Path);
   read_whitelist.push_back(kDriRcPath);
   // Add eventual extra files from read_whitelist_extra.
   read_whitelist.insert(read_whitelist.end(),
                         read_whitelist_extra.begin(),
                         read_whitelist_extra.end());
 
   std::vector<std::string> write_whitelist;
   write_whitelist.push_back(kDriCard0Path);
   // Add eventual extra files from write_whitelist_extra.
   write_whitelist.insert(write_whitelist.end(),
                          write_whitelist_extra.begin(),
                          write_whitelist_extra.end());
 
   broker_process_ = new BrokerProcess(GetFSDeniedErrno(),
                                       read_whitelist,
                                       write_whitelist);
   // The initialization callback will perform generic initialization and then
   // call broker_sandboxer_callback.
   CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
-                                         broker_sandboxer_callback)));
+                                         broker_sandboxer_allocator)));
 }
 
 }  // namespace content