Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(481)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Issue 834113004: Add V4L2 device permissions on x86 CrOS which has ozone flag (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('K') | « content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
6 6
7 #include <dlfcn.h> 7 #include <dlfcn.h>
8 #include <errno.h> 8 #include <errno.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
62 62
63 inline bool IsArchitectureI386() { 63 inline bool IsArchitectureI386() {
64 #if defined(__i386__) 64 #if defined(__i386__)
65 return true; 65 return true;
66 #else 66 #else
67 return false; 67 return false;
68 #endif 68 #endif
69 } 69 }
70 70
71 inline bool IsArchitectureArm() { 71 inline bool IsArchitectureArm() {
72 #if defined(__arm__) 72 #if defined(__arm__) || defined(__aarch64__)
73 return true; 73 return true;
74 #else 74 #else
75 return false; 75 return false;
76 #endif
77 }
78
79 inline bool IsOzone() {
80 #if defined(USE_OZONE)
81 return true;
82 #else
83 return false;
76 #endif 84 #endif
77 } 85 }
78 86
79 bool IsAcceleratedVideoEnabled() { 87 bool IsAcceleratedVideoEnabled() {
80 const base::CommandLine& command_line = 88 const base::CommandLine& command_line =
81 *base::CommandLine::ForCurrentProcess(); 89 *base::CommandLine::ForCurrentProcess();
82 bool accelerated_encode_enabled = false; 90 bool accelerated_encode_enabled = false;
83 #if defined(OS_CHROMEOS) 91 #if defined(OS_CHROMEOS)
84 accelerated_encode_enabled = 92 accelerated_encode_enabled =
85 !command_line.HasSwitch(switches::kDisableVaapiAcceleratedVideoEncode); 93 !command_line.HasSwitch(switches::kDisableVaapiAcceleratedVideoEncode);
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 static_cast<int>(args.args[2])); 130 static_cast<int>(args.args[2]));
123 } else { 131 } else {
124 return -EPERM; 132 return -EPERM;
125 } 133 }
126 default: 134 default:
127 RAW_CHECK(false); 135 RAW_CHECK(false);
128 return -ENOSYS; 136 return -ENOSYS;
129 } 137 }
130 } 138 }
131 139
140 std::vector<BrokerFilePermission> GetV4L2GpuWhitelist() {
wuchengli 2015/01/05 08:42:44 Better to pass vector as a function parameter to b
henryhsu 2015/01/05 09:15:30 Done.
141 std::vector<BrokerFilePermission> permissions;
142 // Device nodes for V4L2 video decode accelerator drivers.
143 static const char kDevVideoDecPath[] = "/dev/video-dec";
144
145 // Device nodes for V4L2 video encode accelerator drivers.
146 static const char kDevVideoEncPath[] = "/dev/video-enc";
147
148 permissions.push_back(BrokerFilePermission::ReadWrite(kDevVideoDecPath));
149 permissions.push_back(BrokerFilePermission::ReadWrite(kDevVideoEncPath));
150 return permissions;
151 }
152
132 class GpuBrokerProcessPolicy : public GpuProcessPolicy { 153 class GpuBrokerProcessPolicy : public GpuProcessPolicy {
133 public: 154 public:
134 static sandbox::bpf_dsl::Policy* Create() { 155 static sandbox::bpf_dsl::Policy* Create() {
135 return new GpuBrokerProcessPolicy(); 156 return new GpuBrokerProcessPolicy();
136 } 157 }
137 ~GpuBrokerProcessPolicy() override {} 158 ~GpuBrokerProcessPolicy() override {}
138 159
139 ResultExpr EvaluateSyscall(int system_call_number) const override; 160 ResultExpr EvaluateSyscall(int system_call_number) const override;
140 161
141 private: 162 private:
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
293 314
294 CHECK(broker_process_ == NULL); 315 CHECK(broker_process_ == NULL);
295 316
296 // All GPU process policies need these files brokered out. 317 // All GPU process policies need these files brokered out.
297 std::vector<BrokerFilePermission> permissions; 318 std::vector<BrokerFilePermission> permissions;
298 permissions.push_back(BrokerFilePermission::ReadWrite(kDriCard0Path)); 319 permissions.push_back(BrokerFilePermission::ReadWrite(kDriCard0Path));
299 permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath)); 320 permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath));
300 if (!IsChromeOS()) { 321 if (!IsChromeOS()) {
301 permissions.push_back( 322 permissions.push_back(
302 BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm)); 323 BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm));
324 } else if (IsArchitectureArm() || IsOzone()){
wuchengli 2015/01/05 08:42:44 This is incorrect. From GetGpuProcessSandbox in sa
henryhsu 2015/01/05 09:15:30 Arm only calls CrosArmGpuProcessPolicy. But it als
325 std::vector<BrokerFilePermission> v4l2_permissions = GetV4L2GpuWhitelist();
326 for (const auto& perm : v4l2_permissions) {
327 permissions.push_back(perm);
328 }
303 } 329 }
304 330
305 // Add eventual extra files from permissions_extra. 331 // Add eventual extra files from permissions_extra.
306 for (const auto& perm : permissions_extra) { 332 for (const auto& perm : permissions_extra) {
307 permissions.push_back(perm); 333 permissions.push_back(perm);
308 } 334 }
309 335
310 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions); 336 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions);
311 // The initialization callback will perform generic initialization and then 337 // The initialization callback will perform generic initialization and then
312 // call broker_sandboxer_callback. 338 // call broker_sandboxer_callback.
313 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, 339 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
314 broker_sandboxer_allocator))); 340 broker_sandboxer_allocator)));
315 } 341 }
316 342
317 } // namespace content 343 } // namespace content
OLDNEW
« content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('K') | « content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698