Disable the seccomp filter GPU process sandbox by default on Chrome OS.

content/common/sandbox_init_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/public/common/sandbox_init.h"
 
 #if defined(OS_LINUX) && defined(__x86_64__)
 
 #include <asm/unistd.h>
 #include <errno.h>
 #include <linux/audit.h>
 #include <linux/filter.h>
 #include <signal.h>
 #include <string.h>
 #include <sys/prctl.h>
 #include <ucontext.h>
 #include <unistd.h>
 
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/file_util.h"
 #include "base/logging.h"
 #include "base/time.h"
+#include "content/gpu/gpu_info_collector.h"

[Chris Evans, 2012/06/07 23:11:34]

I'm not 100% sure, but isn't it considered a layering violation to include
content/gpu from content/common ?

Generally, I think I'd prefer the logic to go in gpu_main

[Jorge Lucangeli Obes, 2012/06/08 00:15:24]

GPU info logic moved to gpu_main.cc, but cmdline flag logic kept here. Was that
what you meant?

 #include "content/public/common/content_switches.h"
 
 #ifndef PR_SET_NO_NEW_PRIVS
   #define PR_SET_NO_NEW_PRIVS 38
 #endif
 
 #ifndef SYS_SECCOMP
   #define SYS_SECCOMP 1
 #endif
 
@@ skipping 346 matching lines @@
   PLOG_IF(FATAL, ret != 0) << "prctl(PR_SET_NO_NEW_PRIVS) failed";
 
   struct sock_fprog fprog;
   fprog.len = program.size();
   fprog.filter = const_cast<struct sock_filter*>(&program[0]);
 
   ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &fprog, 0, 0);
   PLOG_IF(FATAL, ret != 0) << "Failed to install filter.";
 }
 
+static bool ShouldEnableGPUSandbox() {
+#if defined(OS_CHROMEOS)
+  content::GPUInfo gpu_info;
+
+  if (!gpu_info_collector::CollectGraphicsInfo(&gpu_info))
+    return false;
+
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+
+  return command_line.HasSwitch(switches::kEnableChromeOSGPUSandbox) &&
+            gpu_info.gpu.vendor_id == 0x8086;  // Intel GPU
+#else
+  return true;
+#endif
+}
+
 }  // anonymous namespace
 
 namespace content {
 
 void InitializeSandbox() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kNoSandbox) ||
       command_line.HasSwitch(switches::kDisableSeccompFilterSandbox))
     return;
 
   std::string process_type =
       command_line.GetSwitchValueASCII(switches::kProcessType);
   if (process_type == switches::kGpuProcess &&
       command_line.HasSwitch(switches::kDisableGpuSandbox))
     return;
 
   if (!CanUseSeccompFilters())
     return;
 
   CheckSingleThreaded();
 
   std::vector<struct sock_filter> program;
   EmitPreamble(&program);
 
-  if (process_type == switches::kGpuProcess) {
+  if (process_type == switches::kGpuProcess &&
+      ShouldEnableGPUSandbox()) {
     ApplyGPUPolicy(&program);
     EmitTrap(&program);  // Default deny.
   } else if (process_type == switches::kPpapiPluginProcess) {
     ApplyFlashPolicy(&program);
     EmitTrap(&program);  // Default deny.
   } else if (process_type == switches::kRendererProcess ||
              process_type == switches::kWorkerProcess) {
     ApplyNoPtracePolicy(&program);
     EmitAllow(&program);  // Default permit.
   } else {
     NOTREACHED();
   }
 
   InstallSIGSYSHandler();
   InstallFilter(program);
 }
 
 }  // namespace content
 
 #else
 
 namespace content {
 
 void InitializeSandbox() {
 }
 
 }  // namespace content
 
 #endif
-