OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <asm/unistd.h> | 5 #include <asm/unistd.h> |
6 #include <dlfcn.h> | 6 #include <dlfcn.h> |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <linux/audit.h> | 9 #include <linux/audit.h> |
10 #include <linux/filter.h> | 10 #include <linux/filter.h> |
(...skipping 1251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1262 if (IsUmask(sysno) || IsDeniedFileSystemAccessViaFd(sysno) || | 1262 if (IsUmask(sysno) || IsDeniedFileSystemAccessViaFd(sysno) || |
1263 IsDeniedGetOrModifySocket(sysno)) { | 1263 IsDeniedGetOrModifySocket(sysno)) { |
1264 return ErrorCode(EPERM); | 1264 return ErrorCode(EPERM); |
1265 } | 1265 } |
1266 | 1266 |
1267 if (IsBaselinePolicyWatched(sysno)) { | 1267 if (IsBaselinePolicyWatched(sysno)) { |
1268 // Previously unseen syscalls. TODO(jln): some of these should | 1268 // Previously unseen syscalls. TODO(jln): some of these should |
1269 // be denied gracefully right away. | 1269 // be denied gracefully right away. |
1270 return sandbox->Trap(CrashSIGSYS_Handler, NULL); | 1270 return sandbox->Trap(CrashSIGSYS_Handler, NULL); |
1271 } | 1271 } |
1272 // In any other case crash the program with our SIGSYS handler | 1272 // In any other case crash the program with our SIGSYS handler. |
1273 return sandbox->Trap(CrashSIGSYS_Handler, NULL); | 1273 return sandbox->Trap(CrashSIGSYS_Handler, NULL); |
1274 } | 1274 } |
1275 | 1275 |
1276 // x86_64/i386 for now. Needs to be adapted and tested for ARM. | 1276 // x86_64/i386 for now. Needs to be adapted and tested for ARM. |
1277 ErrorCode GpuProcessPolicy(Sandbox *sandbox, int sysno, | 1277 ErrorCode GpuProcessPolicy(Sandbox *sandbox, int sysno, |
1278 void *broker_process) { | 1278 void *broker_process) { |
1279 switch(sysno) { | 1279 switch(sysno) { |
1280 case __NR_ioctl: | 1280 case __NR_ioctl: |
1281 case __NR_sched_getaffinity: | 1281 case __NR_sched_getaffinity: |
1282 case __NR_sched_setaffinity: | 1282 case __NR_sched_setaffinity: |
1283 #if defined(__arm__) | |
jln (very slow on Chromium)
2013/04/19 21:28:27
Let's make another GPU process policy instead. Nam
jln (very slow on Chromium)
2013/04/20 15:05:00
Thinking about it a bit more, perhaps the policies
Jorge Lucangeli Obes
2013/04/23 00:13:20
Done by inheriting from Baseline, agreed that make
| |
1284 // ARM GPU sandbox is started earlier so we need to allow more stuff. | |
1285 case __NR_access: | |
1286 case __NR_socket: | |
1287 case __NR_socketpair: | |
1288 case __NR_connect: | |
1289 case __NR_getpeername: | |
1290 case __NR_getsockname: | |
1291 case __NR_sched_get_priority_min: | |
1292 case __NR_sched_get_priority_max: | |
1293 case __NR_sched_getparam: | |
1294 case __NR_sched_getscheduler: | |
1295 case __NR_sched_setscheduler: | |
1296 case __NR_sysinfo: | |
1297 case __NR_uname: | |
1298 #endif // defined(__arm__) | |
1283 return ErrorCode(ErrorCode::ERR_ALLOWED); | 1299 return ErrorCode(ErrorCode::ERR_ALLOWED); |
1284 case __NR_open: | 1300 case __NR_open: |
1285 case __NR_openat: | 1301 case __NR_openat: |
1286 return sandbox->Trap(GpuOpenSIGSYS_Handler, broker_process); | 1302 return sandbox->Trap(GpuOpenSIGSYS_Handler, broker_process); |
1287 default: | 1303 default: |
1288 #if defined(__x86_64__) || defined(__arm__) | 1304 #if defined(__x86_64__) || defined(__arm__) |
1289 if (IsSystemVSharedMemory(sysno)) | 1305 if (IsSystemVSharedMemory(sysno)) |
1290 return ErrorCode(EACCES); | 1306 return ErrorCode(EACCES); |
1291 #endif | 1307 #endif |
1292 if (IsEventFd(sysno)) | 1308 if (IsEventFd(sysno)) |
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1456 bool EnableGpuBrokerPolicyCallBack() { | 1472 bool EnableGpuBrokerPolicyCallBack() { |
1457 StartSandboxWithPolicy(GpuBrokerProcessPolicy, NULL); | 1473 StartSandboxWithPolicy(GpuBrokerProcessPolicy, NULL); |
1458 return true; | 1474 return true; |
1459 } | 1475 } |
1460 | 1476 |
1461 // Start a broker process to handle open() inside the sandbox. | 1477 // Start a broker process to handle open() inside the sandbox. |
1462 void InitGpuBrokerProcess(BrokerProcess** broker_process) { | 1478 void InitGpuBrokerProcess(BrokerProcess** broker_process) { |
1463 static const char kDriRcPath[] = "/etc/drirc"; | 1479 static const char kDriRcPath[] = "/etc/drirc"; |
1464 static const char kDriCard0Path[] = "/dev/dri/card0"; | 1480 static const char kDriCard0Path[] = "/dev/dri/card0"; |
1465 | 1481 |
1482 // On ARM we're enabling the sandbox before the X connection is made, | |
jln (very slow on Chromium)
2013/04/19 21:28:27
Similarly, let's cleanly split this as its own ARM
Jorge Lucangeli Obes
2013/04/23 00:13:20
Split ARM portion into its own function.
I ended
| |
1483 // so we need to allow access to |.Xauthority|. | |
1484 static const char kXAutorityPath[] = "/home/chronos/.Xauthority"; | |
1485 | |
1486 // Devices and files needed by the ARM GPU userspace. | |
1487 static const char kMali0Path[] = "/dev/mali0"; | |
1488 static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2"; | |
1489 static const char kLibEglPath[] = "/usr/lib/libEGL.so.1"; | |
1490 | |
1491 // Devices needed for video decode acceleration on ARM. | |
1492 static const char kDevMfcDecPath[] = "/dev/mfc-dec"; | |
1493 static const char kDevGsc1Path[] = "/dev/gsc1"; | |
1494 | |
1466 CHECK(broker_process); | 1495 CHECK(broker_process); |
1467 CHECK(*broker_process == NULL); | 1496 CHECK(*broker_process == NULL); |
1468 | 1497 |
1469 std::vector<std::string> read_whitelist; | 1498 std::vector<std::string> read_whitelist; |
1499 if (IsArchitectureArm()) { | |
1500 read_whitelist.push_back(kXAutorityPath); | |
1501 read_whitelist.push_back(kMali0Path); | |
1502 read_whitelist.push_back(kLibGlesPath); | |
1503 read_whitelist.push_back(kLibEglPath); | |
1504 read_whitelist.push_back(kDevMfcDecPath); | |
1505 read_whitelist.push_back(kDevGsc1Path); | |
1506 } | |
1470 read_whitelist.push_back(kDriCard0Path); | 1507 read_whitelist.push_back(kDriCard0Path); |
1471 read_whitelist.push_back(kDriRcPath); | 1508 read_whitelist.push_back(kDriRcPath); |
1509 | |
1472 std::vector<std::string> write_whitelist; | 1510 std::vector<std::string> write_whitelist; |
1511 if (IsArchitectureArm()) { | |
1512 write_whitelist.push_back(kMali0Path); | |
1513 write_whitelist.push_back(kDevMfcDecPath); | |
1514 write_whitelist.push_back(kDevGsc1Path); | |
1515 } | |
1473 write_whitelist.push_back(kDriCard0Path); | 1516 write_whitelist.push_back(kDriCard0Path); |
1474 | 1517 |
1475 *broker_process = new BrokerProcess(read_whitelist, write_whitelist); | 1518 *broker_process = new BrokerProcess(read_whitelist, write_whitelist); |
1476 // Initialize the broker process and give it a sandbox call back. | 1519 // Initialize the broker process and give it a sandbox call back. |
1477 CHECK((*broker_process)->Init(EnableGpuBrokerPolicyCallBack)); | 1520 CHECK((*broker_process)->Init(EnableGpuBrokerPolicyCallBack)); |
1478 } | 1521 } |
1479 | 1522 |
1480 // Warms up/preloads resources needed by the policies. | 1523 // Warms up/preloads resources needed by the policies. |
1481 // Eventually start a broker process and return it in broker_process. | 1524 // Eventually start a broker process and return it in broker_process. |
1482 void WarmupPolicy(Sandbox::EvaluateSyscall policy, | 1525 void WarmupPolicy(Sandbox::EvaluateSyscall policy, |
1483 BrokerProcess** broker_process) { | 1526 BrokerProcess** broker_process) { |
1484 if (policy == GpuProcessPolicy) { | 1527 if (policy == GpuProcessPolicy) { |
1528 // Create a new broker process. | |
1529 InitGpuBrokerProcess(broker_process); | |
1530 | |
1485 if (IsArchitectureX86_64() || IsArchitectureI386()) { | 1531 if (IsArchitectureX86_64() || IsArchitectureI386()) { |
1486 // Create a new broker process. | |
1487 InitGpuBrokerProcess(broker_process); | |
1488 | |
1489 // Accelerated video decode dlopen()'s a shared object | 1532 // Accelerated video decode dlopen()'s a shared object |
1490 // inside the sandbox, so preload it now. | 1533 // inside the sandbox, so preload it now. |
1491 if (IsAcceleratedVideoDecodeEnabled()) { | 1534 if (IsAcceleratedVideoDecodeEnabled()) { |
1492 const char* I965DrvVideoPath = NULL; | 1535 const char* I965DrvVideoPath = NULL; |
1493 | 1536 |
1494 if (IsArchitectureX86_64()) { | 1537 if (IsArchitectureX86_64()) { |
1495 I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so"; | 1538 I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so"; |
1496 } else if (IsArchitectureI386()) { | 1539 } else if (IsArchitectureI386()) { |
1497 I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so"; | 1540 I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so"; |
1498 } | 1541 } |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1623 // should enable it, enable it or die. | 1666 // should enable it, enable it or die. |
1624 bool started_sandbox = StartBpfSandbox(command_line, process_type); | 1667 bool started_sandbox = StartBpfSandbox(command_line, process_type); |
1625 CHECK(started_sandbox); | 1668 CHECK(started_sandbox); |
1626 return true; | 1669 return true; |
1627 } | 1670 } |
1628 #endif | 1671 #endif |
1629 return false; | 1672 return false; |
1630 } | 1673 } |
1631 | 1674 |
1632 } // namespace content | 1675 } // namespace content |
OLD | NEW |