OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <errno.h> | 8 #include <errno.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
87 return !command_line.HasSwitch(switches::kDisableAcceleratedVideoDecode) || | 87 return !command_line.HasSwitch(switches::kDisableAcceleratedVideoDecode) || |
88 accelerated_encode_enabled; | 88 accelerated_encode_enabled; |
89 } | 89 } |
90 | 90 |
91 intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args, | 91 intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args, |
92 void* aux_broker_process) { | 92 void* aux_broker_process) { |
93 RAW_CHECK(aux_broker_process); | 93 RAW_CHECK(aux_broker_process); |
94 BrokerProcess* broker_process = | 94 BrokerProcess* broker_process = |
95 static_cast<BrokerProcess*>(aux_broker_process); | 95 static_cast<BrokerProcess*>(aux_broker_process); |
96 switch (args.nr) { | 96 switch (args.nr) { |
| 97 #if !defined(__aarch64__) |
97 case __NR_access: | 98 case __NR_access: |
98 return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), | 99 return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), |
99 static_cast<int>(args.args[1])); | 100 static_cast<int>(args.args[1])); |
100 case __NR_open: | 101 case __NR_open: |
101 #if defined(MEMORY_SANITIZER) | 102 #if defined(MEMORY_SANITIZER) |
102 // http://crbug.com/372840 | 103 // http://crbug.com/372840 |
103 __msan_unpoison_string(reinterpret_cast<const char*>(args.args[0])); | 104 __msan_unpoison_string(reinterpret_cast<const char*>(args.args[0])); |
104 #endif | 105 #endif |
105 return broker_process->Open(reinterpret_cast<const char*>(args.args[0]), | 106 return broker_process->Open(reinterpret_cast<const char*>(args.args[0]), |
106 static_cast<int>(args.args[1])); | 107 static_cast<int>(args.args[1])); |
| 108 #endif // !defined(__aarch64__) |
| 109 case __NR_faccessat: |
| 110 if (static_cast<int>(args.args[0]) == AT_FDCWD) { |
| 111 return |
| 112 broker_process->Access(reinterpret_cast<const char*>(args.args[1]), |
| 113 static_cast<int>(args.args[2])); |
| 114 } else { |
| 115 return -EPERM; |
| 116 } |
107 case __NR_openat: | 117 case __NR_openat: |
108 // Allow using openat() as open(). | 118 // Allow using openat() as open(). |
109 if (static_cast<int>(args.args[0]) == AT_FDCWD) { | 119 if (static_cast<int>(args.args[0]) == AT_FDCWD) { |
110 return | 120 return |
111 broker_process->Open(reinterpret_cast<const char*>(args.args[1]), | 121 broker_process->Open(reinterpret_cast<const char*>(args.args[1]), |
112 static_cast<int>(args.args[2])); | 122 static_cast<int>(args.args[2])); |
113 } else { | 123 } else { |
114 return -EPERM; | 124 return -EPERM; |
115 } | 125 } |
116 default: | 126 default: |
(...skipping 14 matching lines...) Expand all Loading... |
131 private: | 141 private: |
132 GpuBrokerProcessPolicy() {} | 142 GpuBrokerProcessPolicy() {} |
133 DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy); | 143 DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy); |
134 }; | 144 }; |
135 | 145 |
136 // x86_64/i386 or desktop ARM. | 146 // x86_64/i386 or desktop ARM. |
137 // A GPU broker policy is the same as a GPU policy with access, open, | 147 // A GPU broker policy is the same as a GPU policy with access, open, |
138 // openat and in the non-Chrome OS case unlink allowed. | 148 // openat and in the non-Chrome OS case unlink allowed. |
139 ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const { | 149 ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const { |
140 switch (sysno) { | 150 switch (sysno) { |
| 151 #if !defined(__aarch64__) |
141 case __NR_access: | 152 case __NR_access: |
142 case __NR_open: | 153 case __NR_open: |
| 154 #endif // !defined(__aarch64__) |
| 155 case __NR_faccessat: |
143 case __NR_openat: | 156 case __NR_openat: |
144 #if !defined(OS_CHROMEOS) | 157 #if !defined(OS_CHROMEOS) |
145 // The broker process needs to able to unlink the temporary | 158 // The broker process needs to able to unlink the temporary |
146 // files that it may create. This is used by DRI3. | 159 // files that it may create. This is used by DRI3. |
147 case __NR_unlink: | 160 case __NR_unlink: |
148 #endif | 161 #endif |
149 return Allow(); | 162 return Allow(); |
150 default: | 163 default: |
151 return GpuProcessPolicy::EvaluateSyscall(sysno); | 164 return GpuProcessPolicy::EvaluateSyscall(sysno); |
152 } | 165 } |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
204 // The Nvidia driver uses flags not in the baseline policy | 217 // The Nvidia driver uses flags not in the baseline policy |
205 // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT) | 218 // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT) |
206 case __NR_mmap: | 219 case __NR_mmap: |
207 #endif | 220 #endif |
208 // We also hit this on the linux_chromeos bot but don't yet know what | 221 // We also hit this on the linux_chromeos bot but don't yet know what |
209 // weird flags were involved. | 222 // weird flags were involved. |
210 case __NR_mprotect: | 223 case __NR_mprotect: |
211 // TODO(jln): restrict prctl. | 224 // TODO(jln): restrict prctl. |
212 case __NR_prctl: | 225 case __NR_prctl: |
213 return Allow(); | 226 return Allow(); |
| 227 #if !defined(__aarch64__) |
214 case __NR_access: | 228 case __NR_access: |
215 case __NR_open: | 229 case __NR_open: |
| 230 #endif // !defined(__aarch64__) |
| 231 case __NR_faccessat: |
216 case __NR_openat: | 232 case __NR_openat: |
217 DCHECK(broker_process_); | 233 DCHECK(broker_process_); |
218 return Trap(GpuSIGSYS_Handler, broker_process_); | 234 return Trap(GpuSIGSYS_Handler, broker_process_); |
219 case __NR_setpriority: | 235 case __NR_setpriority: |
220 return sandbox::RestrictGetSetpriority(GetPolicyPid()); | 236 return sandbox::RestrictGetSetpriority(GetPolicyPid()); |
221 case __NR_sched_getaffinity: | 237 case __NR_sched_getaffinity: |
222 case __NR_sched_setaffinity: | 238 case __NR_sched_setaffinity: |
223 return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno); | 239 return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno); |
224 default: | 240 default: |
225 if (SyscallSets::IsEventFd(sysno)) | 241 if (SyscallSets::IsEventFd(sysno)) |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
288 } | 304 } |
289 | 305 |
290 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions); | 306 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions); |
291 // The initialization callback will perform generic initialization and then | 307 // The initialization callback will perform generic initialization and then |
292 // call broker_sandboxer_callback. | 308 // call broker_sandboxer_callback. |
293 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, | 309 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, |
294 broker_sandboxer_allocator))); | 310 broker_sandboxer_allocator))); |
295 } | 311 } |
296 | 312 |
297 } // namespace content | 313 } // namespace content |
OLD | NEW |