| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 return Allow(); | 141 return Allow(); |
| 142 default: | 142 default: |
| 143 return GpuProcessPolicy::EvaluateSyscall(sysno); | 143 return GpuProcessPolicy::EvaluateSyscall(sysno); |
| 144 } | 144 } |
| 145 } | 145 } |
| 146 | 146 |
| 147 void UpdateProcessTypeToGpuBroker() { | 147 void UpdateProcessTypeToGpuBroker() { |
| 148 base::CommandLine::StringVector exec = | 148 base::CommandLine::StringVector exec = |
| 149 base::CommandLine::ForCurrentProcess()->GetArgs(); | 149 base::CommandLine::ForCurrentProcess()->GetArgs(); |
| 150 base::CommandLine::Reset(); | 150 base::CommandLine::Reset(); |
| 151 base::CommandLine::Init(0, NULL); | 151 base::CommandLine::Init(0, nullptr); |
| 152 base::CommandLine::ForCurrentProcess()->InitFromArgv(exec); | 152 base::CommandLine::ForCurrentProcess()->InitFromArgv(exec); |
| 153 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 153 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 154 switches::kProcessType, "gpu-broker"); | 154 switches::kProcessType, "gpu-broker"); |
| 155 | 155 |
| 156 // Update the process title. The argv was already cached by the call to | 156 // Update the process title. The argv was already cached by the call to |
| 157 // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass | 157 // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass |
| 158 // NULL here (we don't have the original argv at this point). | 158 // nullptr here (we don't have the original argv at this point). |
| 159 SetProcessTitleFromCommandLine(NULL); | 159 SetProcessTitleFromCommandLine(nullptr); |
| 160 } | 160 } |
| 161 | 161 |
| 162 bool UpdateProcessTypeAndEnableSandbox(sandbox::bpf_dsl::SandboxBPFDSLPolicy* ( | 162 bool UpdateProcessTypeAndEnableSandbox(sandbox::bpf_dsl::SandboxBPFDSLPolicy* ( |
| 163 *broker_sandboxer_allocator)(void)) { | 163 *broker_sandboxer_allocator)(void)) { |
| 164 DCHECK(broker_sandboxer_allocator); | 164 DCHECK(broker_sandboxer_allocator); |
| 165 UpdateProcessTypeToGpuBroker(); | 165 UpdateProcessTypeToGpuBroker(); |
| 166 return SandboxSeccompBPF::StartSandboxWithExternalPolicy( | 166 return SandboxSeccompBPF::StartSandboxWithExternalPolicy( |
| 167 make_scoped_ptr(broker_sandboxer_allocator())); | 167 make_scoped_ptr(broker_sandboxer_allocator())); |
| 168 } | 168 } |
| 169 | 169 |
| 170 } // namespace | 170 } // namespace |
| 171 | 171 |
| 172 GpuProcessPolicy::GpuProcessPolicy() : broker_process_(NULL) {} | 172 GpuProcessPolicy::GpuProcessPolicy() : broker_process_(nullptr) {} |
| 173 | 173 |
| 174 GpuProcessPolicy::~GpuProcessPolicy() {} | 174 GpuProcessPolicy::~GpuProcessPolicy() {} |
| 175 | 175 |
| 176 // Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy. | 176 // Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy. |
| 177 ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const { | 177 ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const { |
| 178 switch (sysno) { | 178 switch (sysno) { |
| 179 case __NR_ioctl: | 179 case __NR_ioctl: |
| 180 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) | 180 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 181 // The Nvidia driver uses flags not in the baseline policy | 181 // The Nvidia driver uses flags not in the baseline policy |
| 182 // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT) | 182 // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT) |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 218 // Create a new broker process. | 218 // Create a new broker process. |
| 219 InitGpuBrokerProcess( | 219 InitGpuBrokerProcess( |
| 220 GpuBrokerProcessPolicy::Create, | 220 GpuBrokerProcessPolicy::Create, |
| 221 std::vector<std::string>(), // No extra files in whitelist. | 221 std::vector<std::string>(), // No extra files in whitelist. |
| 222 std::vector<std::string>()); | 222 std::vector<std::string>()); |
| 223 | 223 |
| 224 if (IsArchitectureX86_64() || IsArchitectureI386()) { | 224 if (IsArchitectureX86_64() || IsArchitectureI386()) { |
| 225 // Accelerated video dlopen()'s some shared objects | 225 // Accelerated video dlopen()'s some shared objects |
| 226 // inside the sandbox, so preload them now. | 226 // inside the sandbox, so preload them now. |
| 227 if (IsAcceleratedVideoEnabled()) { | 227 if (IsAcceleratedVideoEnabled()) { |
| 228 const char* I965DrvVideoPath = NULL; | 228 const char* I965DrvVideoPath = nullptr; |
| 229 | 229 |
| 230 if (IsArchitectureX86_64()) { | 230 if (IsArchitectureX86_64()) { |
| 231 I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so"; | 231 I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so"; |
| 232 } else if (IsArchitectureI386()) { | 232 } else if (IsArchitectureI386()) { |
| 233 I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so"; | 233 I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so"; |
| 234 } | 234 } |
| 235 | 235 |
| 236 dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); | 236 dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); |
| 237 dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); | 237 dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); |
| 238 dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); | 238 dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); |
| 239 } | 239 } |
| 240 } | 240 } |
| 241 | 241 |
| 242 return true; | 242 return true; |
| 243 } | 243 } |
| 244 | 244 |
| 245 void GpuProcessPolicy::InitGpuBrokerProcess( | 245 void GpuProcessPolicy::InitGpuBrokerProcess( |
| 246 sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)(void), | 246 sandbox::bpf_dsl::SandboxBPFDSLPolicy* (*broker_sandboxer_allocator)(void), |
| 247 const std::vector<std::string>& read_whitelist_extra, | 247 const std::vector<std::string>& read_whitelist_extra, |
| 248 const std::vector<std::string>& write_whitelist_extra) { | 248 const std::vector<std::string>& write_whitelist_extra) { |
| 249 static const char kDriRcPath[] = "/etc/drirc"; | 249 static const char kDriRcPath[] = "/etc/drirc"; |
| 250 static const char kDriCard0Path[] = "/dev/dri/card0"; | 250 static const char kDriCard0Path[] = "/dev/dri/card0"; |
| 251 | 251 |
| 252 CHECK(broker_process_ == NULL); | 252 CHECK(broker_process_ == nullptr); |
| 253 | 253 |
| 254 // All GPU process policies need these files brokered out. | 254 // All GPU process policies need these files brokered out. |
| 255 std::vector<std::string> read_whitelist; | 255 std::vector<std::string> read_whitelist; |
| 256 read_whitelist.push_back(kDriCard0Path); | 256 read_whitelist.push_back(kDriCard0Path); |
| 257 read_whitelist.push_back(kDriRcPath); | 257 read_whitelist.push_back(kDriRcPath); |
| 258 // Add eventual extra files from read_whitelist_extra. | 258 // Add eventual extra files from read_whitelist_extra. |
| 259 read_whitelist.insert(read_whitelist.end(), | 259 read_whitelist.insert(read_whitelist.end(), |
| 260 read_whitelist_extra.begin(), | 260 read_whitelist_extra.begin(), |
| 261 read_whitelist_extra.end()); | 261 read_whitelist_extra.end()); |
| 262 | 262 |
| 263 std::vector<std::string> write_whitelist; | 263 std::vector<std::string> write_whitelist; |
| 264 write_whitelist.push_back(kDriCard0Path); | 264 write_whitelist.push_back(kDriCard0Path); |
| 265 // Add eventual extra files from write_whitelist_extra. | 265 // Add eventual extra files from write_whitelist_extra. |
| 266 write_whitelist.insert(write_whitelist.end(), | 266 write_whitelist.insert(write_whitelist.end(), |
| 267 write_whitelist_extra.begin(), | 267 write_whitelist_extra.begin(), |
| 268 write_whitelist_extra.end()); | 268 write_whitelist_extra.end()); |
| 269 | 269 |
| 270 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), | 270 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), |
| 271 read_whitelist, | 271 read_whitelist, |
| 272 write_whitelist); | 272 write_whitelist); |
| 273 // The initialization callback will perform generic initialization and then | 273 // The initialization callback will perform generic initialization and then |
| 274 // call broker_sandboxer_callback. | 274 // call broker_sandboxer_callback. |
| 275 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, | 275 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, |
| 276 broker_sandboxer_allocator))); | 276 broker_sandboxer_allocator))); |
| 277 } | 277 } |
| 278 | 278 |
| 279 } // namespace content | 279 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 649533003:
C++11 declares a type safe null pointer (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master