OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <errno.h> | 8 #include <errno.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
(...skipping 319 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
330 } | 330 } |
331 } | 331 } |
332 | 332 |
333 return true; | 333 return true; |
334 } | 334 } |
335 | 335 |
336 void GpuProcessPolicy::InitGpuBrokerProcess( | 336 void GpuProcessPolicy::InitGpuBrokerProcess( |
337 sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void), | 337 sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void), |
338 const std::vector<BrokerFilePermission>& permissions_extra) { | 338 const std::vector<BrokerFilePermission>& permissions_extra) { |
339 static const char kDriRcPath[] = "/etc/drirc"; | 339 static const char kDriRcPath[] = "/etc/drirc"; |
340 static const char kDriCard0Path[] = "/dev/dri/card0"; | |
341 static const char kDriCardBasePath[] = "/dev/dri/card"; | 340 static const char kDriCardBasePath[] = "/dev/dri/card"; |
342 | 341 |
343 static const char kNvidiaCtlPath[] = "/dev/nvidiactl"; | 342 static const char kNvidiaCtlPath[] = "/dev/nvidiactl"; |
344 static const char kNvidiaDeviceBasePath[] = "/dev/nvidia"; | 343 static const char kNvidiaDeviceBasePath[] = "/dev/nvidia"; |
345 static const char kNvidiaParamsPath[] = "/proc/driver/nvidia/params"; | 344 static const char kNvidiaParamsPath[] = "/proc/driver/nvidia/params"; |
346 | 345 |
347 static const char kDevShm[] = "/dev/shm/"; | 346 static const char kDevShm[] = "/dev/shm/"; |
348 | 347 |
349 CHECK(broker_process_ == NULL); | 348 CHECK(broker_process_ == NULL); |
350 | 349 |
351 // All GPU process policies need these files brokered out. | 350 // All GPU process policies need these files brokered out. |
352 std::vector<BrokerFilePermission> permissions; | 351 std::vector<BrokerFilePermission> permissions; |
353 permissions.push_back(BrokerFilePermission::ReadWrite(kDriCard0Path)); | |
354 permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath)); | 352 permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath)); |
355 | 353 |
356 if (!IsChromeOS()) { | 354 if (!IsChromeOS()) { |
357 // For shared memory. | 355 // For shared memory. |
358 permissions.push_back( | 356 permissions.push_back( |
359 BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm)); | 357 BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm)); |
360 // For multi-card DRI setups. NOTE: /dev/dri/card0 was already added above. | 358 // For multi-card DRI setups. NOTE: /dev/dri/card0 was already added above. |
Jorge Lucangeli Obes (Google)
2017/05/16 14:40:06
Remove NOTE, and change comment since this will co
dnicoara
2017/05/16 16:14:41
Done. Ahh, I can't believe I didn't spot it. Thank
| |
361 for (int i = 1; i <= 9; ++i) { | 359 for (int i = 0; i <= 9; ++i) { |
362 permissions.push_back(BrokerFilePermission::ReadWrite( | 360 permissions.push_back(BrokerFilePermission::ReadWrite( |
363 base::StringPrintf("%s%d", kDriCardBasePath, i))); | 361 base::StringPrintf("%s%d", kDriCardBasePath, i))); |
364 } | 362 } |
365 // For Nvidia GLX driver. | 363 // For Nvidia GLX driver. |
366 permissions.push_back(BrokerFilePermission::ReadWrite(kNvidiaCtlPath)); | 364 permissions.push_back(BrokerFilePermission::ReadWrite(kNvidiaCtlPath)); |
367 for (int i = 0; i <= 9; ++i) { | 365 for (int i = 0; i <= 9; ++i) { |
368 permissions.push_back(BrokerFilePermission::ReadWrite( | 366 permissions.push_back(BrokerFilePermission::ReadWrite( |
369 base::StringPrintf("%s%d", kNvidiaDeviceBasePath, i))); | 367 base::StringPrintf("%s%d", kNvidiaDeviceBasePath, i))); |
370 } | 368 } |
371 permissions.push_back(BrokerFilePermission::ReadOnly(kNvidiaParamsPath)); | 369 permissions.push_back(BrokerFilePermission::ReadOnly(kNvidiaParamsPath)); |
(...skipping 13 matching lines...) Expand all Loading... | |
385 } | 383 } |
386 | 384 |
387 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions); | 385 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions); |
388 // The initialization callback will perform generic initialization and then | 386 // The initialization callback will perform generic initialization and then |
389 // call broker_sandboxer_callback. | 387 // call broker_sandboxer_callback. |
390 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, | 388 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, |
391 broker_sandboxer_allocator))); | 389 broker_sandboxer_allocator))); |
392 } | 390 } |
393 | 391 |
394 } // namespace content | 392 } // namespace content |
OLD | NEW |