| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" | 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 87 return !command_line.HasSwitch(switches::kDisableAcceleratedVideoDecode) || | 87 return !command_line.HasSwitch(switches::kDisableAcceleratedVideoDecode) || |
| 88 accelerated_encode_enabled; | 88 accelerated_encode_enabled; |
| 89 } | 89 } |
| 90 | 90 |
| 91 intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args, | 91 intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args, |
| 92 void* aux_broker_process) { | 92 void* aux_broker_process) { |
| 93 RAW_CHECK(aux_broker_process); | 93 RAW_CHECK(aux_broker_process); |
| 94 BrokerProcess* broker_process = | 94 BrokerProcess* broker_process = |
| 95 static_cast<BrokerProcess*>(aux_broker_process); | 95 static_cast<BrokerProcess*>(aux_broker_process); |
| 96 switch (args.nr) { | 96 switch (args.nr) { |
| 97 #if !defined(__aarch64__) |
| 97 case __NR_access: | 98 case __NR_access: |
| 98 return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), | 99 return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), |
| 99 static_cast<int>(args.args[1])); | 100 static_cast<int>(args.args[1])); |
| 100 case __NR_open: | 101 case __NR_open: |
| 101 #if defined(MEMORY_SANITIZER) | 102 #if defined(MEMORY_SANITIZER) |
| 102 // http://crbug.com/372840 | 103 // http://crbug.com/372840 |
| 103 __msan_unpoison_string(reinterpret_cast<const char*>(args.args[0])); | 104 __msan_unpoison_string(reinterpret_cast<const char*>(args.args[0])); |
| 104 #endif | 105 #endif |
| 105 return broker_process->Open(reinterpret_cast<const char*>(args.args[0]), | 106 return broker_process->Open(reinterpret_cast<const char*>(args.args[0]), |
| 106 static_cast<int>(args.args[1])); | 107 static_cast<int>(args.args[1])); |
| 108 #endif // !defined(__aarch64__) |
| 109 case __NR_faccessat: |
| 110 if (static_cast<int>(args.args[0]) == AT_FDCWD) { |
| 111 return |
| 112 broker_process->Access(reinterpret_cast<const char*>(args.args[1]), |
| 113 static_cast<int>(args.args[2])); |
| 114 } else { |
| 115 return -EPERM; |
| 116 } |
| 107 case __NR_openat: | 117 case __NR_openat: |
| 108 // Allow using openat() as open(). | 118 // Allow using openat() as open(). |
| 109 if (static_cast<int>(args.args[0]) == AT_FDCWD) { | 119 if (static_cast<int>(args.args[0]) == AT_FDCWD) { |
| 110 return | 120 return |
| 111 broker_process->Open(reinterpret_cast<const char*>(args.args[1]), | 121 broker_process->Open(reinterpret_cast<const char*>(args.args[1]), |
| 112 static_cast<int>(args.args[2])); | 122 static_cast<int>(args.args[2])); |
| 113 } else { | 123 } else { |
| 114 return -EPERM; | 124 return -EPERM; |
| 115 } | 125 } |
| 116 default: | 126 default: |
| (...skipping 14 matching lines...) Expand all Loading... |
| 131 private: | 141 private: |
| 132 GpuBrokerProcessPolicy() {} | 142 GpuBrokerProcessPolicy() {} |
| 133 DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy); | 143 DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy); |
| 134 }; | 144 }; |
| 135 | 145 |
| 136 // x86_64/i386 or desktop ARM. | 146 // x86_64/i386 or desktop ARM. |
| 137 // A GPU broker policy is the same as a GPU policy with access, open, | 147 // A GPU broker policy is the same as a GPU policy with access, open, |
| 138 // openat and in the non-Chrome OS case unlink allowed. | 148 // openat and in the non-Chrome OS case unlink allowed. |
| 139 ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const { | 149 ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const { |
| 140 switch (sysno) { | 150 switch (sysno) { |
| 151 #if !defined(__aarch64__) |
| 141 case __NR_access: | 152 case __NR_access: |
| 142 case __NR_open: | 153 case __NR_open: |
| 154 #endif // !defined(__aarch64__) |
| 155 case __NR_faccessat: |
| 143 case __NR_openat: | 156 case __NR_openat: |
| 144 #if !defined(OS_CHROMEOS) | 157 #if !defined(OS_CHROMEOS) |
| 145 // The broker process needs to able to unlink the temporary | 158 // The broker process needs to able to unlink the temporary |
| 146 // files that it may create. This is used by DRI3. | 159 // files that it may create. This is used by DRI3. |
| 147 case __NR_unlink: | 160 case __NR_unlink: |
| 148 #endif | 161 #endif |
| 149 return Allow(); | 162 return Allow(); |
| 150 default: | 163 default: |
| 151 return GpuProcessPolicy::EvaluateSyscall(sysno); | 164 return GpuProcessPolicy::EvaluateSyscall(sysno); |
| 152 } | 165 } |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 204 // The Nvidia driver uses flags not in the baseline policy | 217 // The Nvidia driver uses flags not in the baseline policy |
| 205 // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT) | 218 // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT) |
| 206 case __NR_mmap: | 219 case __NR_mmap: |
| 207 #endif | 220 #endif |
| 208 // We also hit this on the linux_chromeos bot but don't yet know what | 221 // We also hit this on the linux_chromeos bot but don't yet know what |
| 209 // weird flags were involved. | 222 // weird flags were involved. |
| 210 case __NR_mprotect: | 223 case __NR_mprotect: |
| 211 // TODO(jln): restrict prctl. | 224 // TODO(jln): restrict prctl. |
| 212 case __NR_prctl: | 225 case __NR_prctl: |
| 213 return Allow(); | 226 return Allow(); |
| 227 #if !defined(__aarch64__) |
| 214 case __NR_access: | 228 case __NR_access: |
| 215 case __NR_open: | 229 case __NR_open: |
| 230 #endif // !defined(__aarch64__) |
| 231 case __NR_faccessat: |
| 216 case __NR_openat: | 232 case __NR_openat: |
| 217 DCHECK(broker_process_); | 233 DCHECK(broker_process_); |
| 218 return Trap(GpuSIGSYS_Handler, broker_process_); | 234 return Trap(GpuSIGSYS_Handler, broker_process_); |
| 219 case __NR_setpriority: | 235 case __NR_setpriority: |
| 220 return sandbox::RestrictGetSetpriority(GetPolicyPid()); | 236 return sandbox::RestrictGetSetpriority(GetPolicyPid()); |
| 221 case __NR_sched_getaffinity: | 237 case __NR_sched_getaffinity: |
| 222 case __NR_sched_setaffinity: | 238 case __NR_sched_setaffinity: |
| 223 return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno); | 239 return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno); |
| 224 default: | 240 default: |
| 225 if (SyscallSets::IsEventFd(sysno)) | 241 if (SyscallSets::IsEventFd(sysno)) |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 288 } | 304 } |
| 289 | 305 |
| 290 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions); | 306 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions); |
| 291 // The initialization callback will perform generic initialization and then | 307 // The initialization callback will perform generic initialization and then |
| 292 // call broker_sandboxer_callback. | 308 // call broker_sandboxer_callback. |
| 293 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, | 309 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, |
| 294 broker_sandboxer_allocator))); | 310 broker_sandboxer_allocator))); |
| 295 } | 311 } |
| 296 | 312 |
| 297 } // namespace content | 313 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 784733002:
content: bpf: exclude the syscalls if arm64 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master