Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1525)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Issue 759613008: bpf gpu policy: Change GPU bpf policy to support DRI3 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fixing up comments Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/gpu/gpu_main.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc
diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
index 711f9b4a552b23ed22d4a4060ad89bbf7b0ab6ee..94003db6b8985d25f522bf5b1ae3e469c48b7de3 100644
--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -134,13 +134,18 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy {
};
// x86_64/i386 or desktop ARM.
-// A GPU broker policy is the same as a GPU policy with open and
-// openat allowed.
+// A GPU broker policy is the same as a GPU policy with access, open,
+// openat and in the non-Chrome OS case unlink allowed.
ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
switch (sysno) {
case __NR_access:
case __NR_open:
case __NR_openat:
+#if !defined(OS_CHROMEOS)
+ // The broker process needs to able to unlink the temporary
+ // files that it may create. This is used by DRI3.
+ case __NR_unlink:
+#endif
return Allow();
default:
return GpuProcessPolicy::EvaluateSyscall(sysno);
@@ -184,6 +189,9 @@ GpuProcessPolicy::~GpuProcessPolicy() {}
// Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy.
ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
switch (sysno) {
+#if !defined(OS_CHROMEOS)
+ case __NR_ftruncate:
+#endif
case __NR_ioctl:
return Allow();
case __NR_mincore:
@@ -261,6 +269,7 @@ void GpuProcessPolicy::InitGpuBrokerProcess(
const std::vector<BrokerFilePermission>& permissions_extra) {
static const char kDriRcPath[] = "/etc/drirc";
static const char kDriCard0Path[] = "/dev/dri/card0";
+ static const char kDevShm[] = "/dev/shm/";
CHECK(broker_process_ == NULL);
@@ -268,6 +277,10 @@ void GpuProcessPolicy::InitGpuBrokerProcess(
std::vector<BrokerFilePermission> permissions;
permissions.push_back(BrokerFilePermission::ReadWrite(kDriCard0Path));
permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath));
+ if (!IsChromeOS()) {
+ permissions.push_back(
+ BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm));
+ }
// Add eventual extra files from permissions_extra.
for (const auto& perm : permissions_extra) {
« no previous file with comments | « no previous file | content/gpu/gpu_main.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698