Tweak the GPU process sandbox to allow accelerated video decode.

content/common/sandbox_init_linux.cc

Index: content/common/sandbox_init_linux.cc
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index a67a784232aa70bcd6c856baf2546384bbab83da..2b5f9ef6baee3d7284f6613358776e48c2b60bc5 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -12,6 +12,7 @@
 #endif
 
 #include <asm/unistd.h>
+#include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/audit.h>
@@ -146,6 +147,11 @@ bool IsFileSystemSyscall(int sysno) {
   }
 }
 
+bool EnabledAcceleratedVideoDecode() {

[jln (very slow on Chromium), 2012/07/25 23:47:56]

Rename to AcceleratedVideoDecodeIsEnabled() to better match the general style ?

[Jorge Lucangeli Obes, 2012/07/26 00:43:28]

Done.

+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+  return command_line.HasSwitch(switches::kEnableAcceleratedVideoDecode);
+}
+
 static const char kDriRcPath[] = "/etc/drirc";
 
 // TODO(jorgelo): limited to /etc/drirc for now, extend this to cover
@@ -270,10 +276,16 @@ playground2::Sandbox::ErrorCode GpuProcessPolicy_x86_64(int sysno) {
     case __NR_fchmod:
       return EPERM;  // ATI binary driver.
     case __NR_open:
-      // Hook open() in the GPU process to allow opening /etc/drirc,
-      // needed by Mesa.
-      // The hook needs dup(), lseek(), and close() to be allowed.
-      return playground2::Sandbox::ErrorCode(GpuOpenSIGSYS_Handler, NULL);
+      // Accelerated video decode is *not* enabled by default.
+      if (EnabledAcceleratedVideoDecode())

[jln (very slow on Chromium), 2012/07/25 23:47:56]

Style: please add braces around these multi lines statements.

[Jorge Lucangeli Obes, 2012/07/26 00:43:28]

Done.

+        // Accelerated video decode needs to open /dev/dri/card0, and
+        // dup()'ing an already open fd does not work.

[jln (very slow on Chromium), 2012/07/25 23:47:56]

Can you add a comment along the lines of: "This essentially disables the sandbox
for security purposes but allows us to properly test it until a proper fix is
developed." ?

[Jorge Lucangeli Obes, 2012/07/26 00:43:28]

Done.

+        return playground2::Sandbox::SB_ALLOWED;
+      else
+        // Hook open() in the GPU process to allow opening /etc/drirc,
+        // needed by Mesa.
+        // The hook needs dup(), lseek(), and close() to be allowed.
+        return playground2::Sandbox::ErrorCode(GpuOpenSIGSYS_Handler, NULL);
     default:
       if (IsGettimeSyscall(sysno) ||
           IsKillSyscall(sysno)) { // GPU watchdog.
@@ -387,11 +399,19 @@ playground2::Sandbox::ErrorCode AllowAllPolicy(int sysno) {
   }
 }
 
+static const char kI965DrvVideoPath_64[] =
+    "/usr/lib64/va/drivers/i965_drv_video.so";

[jln (very slow on Chromium), 2012/07/25 23:47:56]

This should be scoped in the if with the dlopen below.

More importantly: is there any chance that on the target platform this path
would be either in LD_LIBRARY_PATH or in ld.so.conf ? It would be nice to not
have to include the full path.

[Jorge Lucangeli Obes, 2012/07/26 00:43:28]

Unfortunately no. libva uses the full path when it dlopen()'s.

+
 // Warms up/preloads resources needed by the policies.
 void WarmupPolicy(playground2::Sandbox::EvaluateSyscall policy) {
 #if defined(__x86_64__)
-  if (policy == GpuProcessPolicy_x86_64)
+  if (policy == GpuProcessPolicy_x86_64) {
     OpenWithCache(kDriRcPath, O_RDONLY);
+    // Accelerated video decode dlopen()'s this shared object
+    // inside the sandbox, so preload it now.
+    if (EnabledAcceleratedVideoDecode())
+      dlopen(kI965DrvVideoPath_64, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+  }
 #endif
 }