Tweak the GPU process sandbox to allow accelerated video decode.

content/common/sandbox_init_linux.cc

Index: content/common/sandbox_init_linux.cc
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index a67a784232aa70bcd6c856baf2546384bbab83da..a14b951083b92da0f15ae70ab68034bd9f9cdbf7 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -12,6 +12,7 @@
 #endif
 
 #include <asm/unistd.h>
+#include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/audit.h>
@@ -146,6 +147,11 @@ bool IsFileSystemSyscall(int sysno) {
   }
 }
 
+bool IsAcceleratedVideoDecodeEnabled() {
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+  return command_line.HasSwitch(switches::kEnableAcceleratedVideoDecode);
+}
+
 static const char kDriRcPath[] = "/etc/drirc";
 
 // TODO(jorgelo): limited to /etc/drirc for now, extend this to cover
@@ -270,10 +276,20 @@ playground2::Sandbox::ErrorCode GpuProcessPolicy_x86_64(int sysno) {
     case __NR_fchmod:
       return EPERM;  // ATI binary driver.
     case __NR_open:
-      // Hook open() in the GPU process to allow opening /etc/drirc,
-      // needed by Mesa.
-      // The hook needs dup(), lseek(), and close() to be allowed.
-      return playground2::Sandbox::ErrorCode(GpuOpenSIGSYS_Handler, NULL);
+      // Accelerated video decode is *not* enabled by default.
+      if (IsAcceleratedVideoDecodeEnabled()) {
+        // Accelerated video decode needs to open /dev/dri/card0, and
+        // dup()'ing an already open file descriptor does not work.
+        // Allow open() even though it severely weakens the sandbox,
+        // to test the sandboxing mechanism in general.
+        // TODO(jorgelo): remove this once we fix libva.
+        return playground2::Sandbox::SB_ALLOWED;
+      } else {
+        // Hook open() in the GPU process to allow opening /etc/drirc,
+        // needed by Mesa.
+        // The hook needs dup(), lseek(), and close() to be allowed.
+        return playground2::Sandbox::ErrorCode(GpuOpenSIGSYS_Handler, NULL);
+      }
     default:
       if (IsGettimeSyscall(sysno) ||
           IsKillSyscall(sysno)) { // GPU watchdog.
@@ -390,8 +406,16 @@ playground2::Sandbox::ErrorCode AllowAllPolicy(int sysno) {
 // Warms up/preloads resources needed by the policies.
 void WarmupPolicy(playground2::Sandbox::EvaluateSyscall policy) {
 #if defined(__x86_64__)
-  if (policy == GpuProcessPolicy_x86_64)
+  if (policy == GpuProcessPolicy_x86_64) {
     OpenWithCache(kDriRcPath, O_RDONLY);
+    // Accelerated video decode dlopen()'s this shared object
+    // inside the sandbox, so preload it now.
+    if (IsAcceleratedVideoDecodeEnabled()) {
+      const char kI965DrvVideoPath_64[] =
+          "/usr/lib64/va/drivers/i965_drv_video.so";

[piman, 2012/07/26 01:09:52]

What about i915 (Alex, etc.)?

[piman, 2012/07/26 01:13:05]

Mmh, we're still whipping it as x86 for now, so maybe it's a non-issue and we
can add a TODO?
This will break / be wrong later as we bring up new platforms. Also on
non-chromeos.

+      dlopen(kI965DrvVideoPath_64, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+    }
+  }
 #endif
 }