content/common/sandbox_linux/bpf_gpu_policy_linux.cc - Issue 2870213003: Remove /dev/dri/card0 from sandbox whitelist

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Issue 2870213003: Remove /dev/dri/card0 from sandbox whitelist (Closed)

Patch Set: comment Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc

index daace41ca7b5f0ffe48974dc3c649d7c1db7a355..9ae62317bf75dfcabeebd66f33ed7c00a9760aac 100644

--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc

+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc

@@ -337,7 +337,6 @@ void GpuProcessPolicy::InitGpuBrokerProcess(

sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void),

const std::vector<BrokerFilePermission>& permissions_extra) {

static const char kDriRcPath[] = "/etc/drirc";

- static const char kDriCard0Path[] = "/dev/dri/card0";

static const char kDriCardBasePath[] = "/dev/dri/card";

static const char kNvidiaCtlPath[] = "/dev/nvidiactl";

@@ -350,15 +349,14 @@ void GpuProcessPolicy::InitGpuBrokerProcess(

// All GPU process policies need these files brokered out.

std::vector<BrokerFilePermission> permissions;

- permissions.push_back(BrokerFilePermission::ReadWrite(kDriCard0Path));

permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath));

if (!IsChromeOS()) {

// For shared memory.

permissions.push_back(

BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm));

- // For multi-card DRI setups. NOTE: /dev/dri/card0 was already added above.

- for (int i = 1; i <= 9; ++i) {

+ // For DRI cards.

+ for (int i = 0; i <= 9; ++i) {

permissions.push_back(BrokerFilePermission::ReadWrite(

base::StringPrintf("%s%d", kDriCardBasePath, i)));

}

« no previous file with comments | « no previous file | no next file » | no next file with comments »