src/content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h"
   6
   7 #include <dlfcn.h>
   8 #include <errno.h>
   9 #include <fcntl.h>
  10 #include <sys/socket.h>
  11 #include <sys/stat.h>
  12 #include <sys/types.h>
  13 #include <unistd.h>
  14
  15 #include <string>
  16 #include <vector>
  17
  18 #include "base/bind.h"
  19 #include "base/compiler_specific.h"
  20 #include "base/logging.h"
  21 #include "base/memory/scoped_ptr.h"
  22 #include "build/build_config.h"
  23 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
  24 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
  25 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
  26 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
  27 #include "sandbox/linux/services/linux_syscalls.h"
  28
  29 using sandbox::SyscallSets;
  30 using sandbox::bpf_dsl::Allow;
  31 using sandbox::bpf_dsl::Arg;
  32 using sandbox::bpf_dsl::Error;
  33 using sandbox::bpf_dsl::If;
  34 using sandbox::bpf_dsl::ResultExpr;
  35
  36 namespace content {
  37
  38 namespace {
  39
  40 inline bool IsChromeOS() {
  41 #if defined(OS_CHROMEOS)
  42   return true;
  43 #else
  44   return false;
  45 #endif
  46 }
  47
  48 inline bool IsArchitectureArm() {
  49 #if defined(__arm__)
  50   return true;
  51 #else
  52   return false;
  53 #endif
  54 }
  55
  56 void AddArmMaliGpuWhitelist(std::vector<std::string>* read_whitelist,
  57                             std::vector<std::string>* write_whitelist) {
  58   // Device file needed by the ARM GPU userspace.
  59   static const char kMali0Path[] = "/dev/mali0";
  60
  61   // Devices needed for video decode acceleration on ARM.
  62   static const char kDevMfcDecPath[] = "/dev/mfc-dec";
  63   static const char kDevGsc1Path[] = "/dev/gsc1";
  64
  65   // Devices needed for video encode acceleration on ARM.
  66   static const char kDevMfcEncPath[] = "/dev/mfc-enc";
  67
  68   read_whitelist->push_back(kMali0Path);
  69   read_whitelist->push_back(kDevMfcDecPath);
  70   read_whitelist->push_back(kDevGsc1Path);
  71   read_whitelist->push_back(kDevMfcEncPath);
  72
  73   write_whitelist->push_back(kMali0Path);
  74   write_whitelist->push_back(kDevMfcDecPath);
  75   write_whitelist->push_back(kDevGsc1Path);
  76   write_whitelist->push_back(kDevMfcEncPath);
  77 }
  78
  79 void AddArmGpuWhitelist(std::vector<std::string>* read_whitelist,
  80                         std::vector<std::string>* write_whitelist) {
  81   // On ARM we're enabling the sandbox before the X connection is made,
  82   // so we need to allow access to |.Xauthority|.
  83   static const char kXAuthorityPath[] = "/home/chronos/.Xauthority";
  84   static const char kLdSoCache[] = "/etc/ld.so.cache";
  85
  86   // Files needed by the ARM GPU userspace.
  87   static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2";
  88   static const char kLibEglPath[] = "/usr/lib/libEGL.so.1";
  89
  90   read_whitelist->push_back(kXAuthorityPath);
  91   read_whitelist->push_back(kLdSoCache);
  92   read_whitelist->push_back(kLibGlesPath);
  93   read_whitelist->push_back(kLibEglPath);
  94
  95   AddArmMaliGpuWhitelist(read_whitelist, write_whitelist);
  96 }
  97
  98 class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy {
  99  public:
 100   static sandbox::bpf_dsl::Policy* Create() {
 101     return new CrosArmGpuBrokerProcessPolicy();
 102   }
 103   ~CrosArmGpuBrokerProcessPolicy() override {}
 104
 105   ResultExpr EvaluateSyscall(int system_call_number) const override;
 106
 107  private:
 108   CrosArmGpuBrokerProcessPolicy() : CrosArmGpuProcessPolicy(false) {}
 109   DISALLOW_COPY_AND_ASSIGN(CrosArmGpuBrokerProcessPolicy);
 110 };
 111
 112 // A GPU broker policy is the same as a GPU policy with open and
 113 // openat allowed.
 114 ResultExpr CrosArmGpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
 115   switch (sysno) {
 116     case __NR_access:
 117     case __NR_open:
 118     case __NR_openat:
 119       return Allow();
 120     default:
 121       return CrosArmGpuProcessPolicy::EvaluateSyscall(sysno);
 122   }
 123 }
 124
 125 }  // namespace
 126
 127 CrosArmGpuProcessPolicy::CrosArmGpuProcessPolicy(bool allow_shmat)
 128     : allow_shmat_(allow_shmat) {}
 129
 130 CrosArmGpuProcessPolicy::~CrosArmGpuProcessPolicy() {}
 131
 132 ResultExpr CrosArmGpuProcessPolicy::EvaluateSyscall(int sysno) const {
 133 #if defined(__arm__)
 134   if (allow_shmat_ && sysno == __NR_shmat)
 135     return Allow();
 136 #endif  // defined(__arm__)
 137
 138   switch (sysno) {
 139 #if defined(__arm__)
 140     // ARM GPU sandbox is started earlier so we need to allow networking
 141     // in the sandbox.
 142     case __NR_connect:
 143     case __NR_getpeername:
 144     case __NR_getsockname:
 145     case __NR_sysinfo:
 146     case __NR_uname:
 147       return Allow();
 148     // Allow only AF_UNIX for |domain|.
 149     case __NR_socket:
 150     case __NR_socketpair: {
 151       const Arg<int> domain(0);
 152       return If(domain == AF_UNIX, Allow()).Else(Error(EPERM));
 153     }
 154 #endif  // defined(__arm__)
 155     default:
 156       // Default to the generic GPU policy.
 157       return GpuProcessPolicy::EvaluateSyscall(sysno);
 158   }
 159 }
 160
 161 bool CrosArmGpuProcessPolicy::PreSandboxHook() {
 162   DCHECK(IsChromeOS() && IsArchitectureArm());
 163   // Create a new broker process.
 164   DCHECK(!broker_process());
 165
 166   std::vector<std::string> read_whitelist_extra;
 167   std::vector<std::string> write_whitelist_extra;
 168   // Add ARM-specific files to whitelist in the broker.
 169
 170   AddArmGpuWhitelist(&read_whitelist_extra, &write_whitelist_extra);
 171   InitGpuBrokerProcess(CrosArmGpuBrokerProcessPolicy::Create,
 172                        read_whitelist_extra,
 173                        write_whitelist_extra);
 174
 175   const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE;
 176
 177   // Preload the Mali library.
 178   dlopen("/usr/lib/libmali.so", dlopen_flag);
 179   // Preload the Tegra V4L2 (video decode acceleration) library.
 180   dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag);
 181   // Resetting errno since platform-specific libraries will fail on other
 182   // platforms.
 183   errno = 0;
 184
 185   return true;
 186 }
 187
 188 }  // namespace content