Linux Sandbox: split the GPU policies to their own file.

content/common/sandbox_linux/sandbox_bpf_gpu_policy_linux.h

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_BPF_GPU_POLICY_LINUX_H_
+#define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_BPF_GPU_POLICY_LINUX_H_
+
+#include <string>
+#include <vector>
+
+#include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
+
+namespace sandbox {
+class BrokerProcess;
+}
+
+namespace content {
+
+class GpuProcessPolicy : public SandboxBPFBasePolicy {
+ public:
+  GpuProcessPolicy() : broker_process_(NULL) {}

[Robert Sesek, 2013/12/12 21:33:48]

Same out-of-line the dtor/ctor.

[jln (very slow on Chromium), 2013/12/12 22:15:14]

Done.

+  virtual ~GpuProcessPolicy() {}
+
+  virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
+                                    int system_call_number) const OVERRIDE;
+  virtual bool PreSandboxHook() OVERRIDE;
+
+ protected:
+  // Start a broker process to handle open() inside the sandbox.
+  // |broker_sandboxer_callback| is a callback that will enable a suitable
+  // sandbox for the broker process itself.
+  // |read_whitelist_extra| and |write_whitelist_extra| are lists of file
+  // names that should be whitelisted by the broker process, in addition to
+  // the basic ones.
+  void InitGpuBrokerProcess(
+      bool (*broker_sandboxer_callback)(void),

[Robert Sesek, 2013/12/12 21:33:48]

Could/should this be a base::Callback?

[jln (very slow on Chromium), 2013/12/12 22:15:14]

We could do that. That will require changing the BrokerProcess class. Feel free
to add this to crbug.com/325535 as a TODO if you feel strongly about it.

[Robert Sesek, 2013/12/13 01:39:15]

Don't feel strongly, was just thinking aloud.

+      const std::vector<std::string>& read_whitelist_extra,
+      const std::vector<std::string>& write_whitelist_extra);

[Robert Sesek, 2013/12/12 21:33:48]

nit: blank line after

[jln (very slow on Chromium), 2013/12/12 22:15:14]

Done.

+  sandbox::BrokerProcess* broker_process() { return broker_process_; }
+
+ private:
+  // A BrokerProcess is a helper that is started before the sandbox is engaged
+  // and will serve requests to access files over an IPC. The client of this
+  // runs from a SIGSYS handler triggered by the seccomp-bpf sandbox.
+  // This should never be destroyed, as after the sandbox is started it is
+  // vital to the process.
+  // This is allocated by InitGpuBrokerProcess, called from PreSandboxHook(),
+  // which executes iff the sandbox is going to be enabled afterwards.
+  sandbox::BrokerProcess* broker_process_;
+  DISALLOW_COPY_AND_ASSIGN(GpuProcessPolicy);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_BPF_GPU_POLICY_LINUX_H_