projects / platform / framework / web / crosswalk.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Upstream version 7.36.149.0
[platform/framework/web/crosswalk.git] / src / content / common / sandbox_linux / bpf_gpu_policy_linux.cc
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
6
7 #include <dlfcn.h>
8 #include <errno.h>
9 #include <fcntl.h>
10 #include <sys/socket.h>
11 #include <sys/stat.h>
12 #include <sys/types.h>
13 #include <unistd.h>
14
15 #include <string>
16 #include <vector>
17
18 #include "base/bind.h"
19 #include "base/command_line.h"
20 #include "base/compiler_specific.h"
21 #include "base/logging.h"
22 #include "base/memory/scoped_ptr.h"
23 #include "build/build_config.h"
24 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
25 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
26 #include "content/common/set_process_title.h"
27 #include "content/public/common/content_switches.h"
28 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
29 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
30 #include "sandbox/linux/services/broker_process.h"
31 #include "sandbox/linux/services/linux_syscalls.h"
32
33 using sandbox::BrokerProcess;
34 using sandbox::ErrorCode;
35 using sandbox::SandboxBPF;
36 using sandbox::SyscallSets;
37 using sandbox::arch_seccomp_data;
38
39 namespace content {
40
41 namespace {
42
43 inline bool IsChromeOS() {
44 #if defined(OS_CHROMEOS)
45   return true;
46 #else
47   return false;
48 #endif
49 }
50
51 inline bool IsArchitectureX86_64() {
52 #if defined(__x86_64__)
53   return true;
54 #else
55   return false;
56 #endif
57 }
58
59 inline bool IsArchitectureI386() {
60 #if defined(__i386__)
61   return true;
62 #else
63   return false;
64 #endif
65 }
66
67 inline bool IsArchitectureArm() {
68 #if defined(__arm__)
69   return true;
70 #else
71   return false;
72 #endif
73 }
74
75 bool IsAcceleratedVideoDecodeEnabled() {
76   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
77   return !command_line.HasSwitch(switches::kDisableAcceleratedVideoDecode);
78 }
79
80 intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
81                            void* aux_broker_process) {
82   RAW_CHECK(aux_broker_process);
83   BrokerProcess* broker_process =
84       static_cast<BrokerProcess*>(aux_broker_process);
85   switch (args.nr) {
86     case __NR_access:
87       return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
88                                     static_cast<int>(args.args[1]));
89     case __NR_open:
90       return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
91                                   static_cast<int>(args.args[1]));
92     case __NR_openat:
93       // Allow using openat() as open().
94       if (static_cast<int>(args.args[0]) == AT_FDCWD) {
95         return
96             broker_process->Open(reinterpret_cast<const char*>(args.args[1]),
97                                  static_cast<int>(args.args[2]));
98       } else {
99         return -EPERM;
100       }
101     default:
102       RAW_CHECK(false);
103       return -ENOSYS;
104   }
105 }
106
107 class GpuBrokerProcessPolicy : public GpuProcessPolicy {
108  public:
109   static sandbox::SandboxBPFPolicy* Create() {
110     return new GpuBrokerProcessPolicy();
111   }
112   virtual ~GpuBrokerProcessPolicy() {}
113
114   virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
115                                     int system_call_number) const OVERRIDE;
116
117  private:
118   GpuBrokerProcessPolicy() {}
119   DISALLOW_COPY_AND_ASSIGN(GpuBrokerProcessPolicy);
120 };
121
122 // x86_64/i386 or desktop ARM.
123 // A GPU broker policy is the same as a GPU policy with open and
124 // openat allowed.
125 ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
126                                                   int sysno) const {
127   switch (sysno) {
128     case __NR_access:
129     case __NR_open:
130     case __NR_openat:
131       return ErrorCode(ErrorCode::ERR_ALLOWED);
132     default:
133       return GpuProcessPolicy::EvaluateSyscall(sandbox, sysno);
134   }
135 }
136
137 void UpdateProcessTypeToGpuBroker() {
138   CommandLine::StringVector exec = CommandLine::ForCurrentProcess()->GetArgs();
139   CommandLine::Reset();
140   CommandLine::Init(0, NULL);
141   CommandLine::ForCurrentProcess()->InitFromArgv(exec);
142   CommandLine::ForCurrentProcess()->AppendSwitchASCII(switches::kProcessType,
143                                                       "gpu-broker");
144
145   // Update the process title. The argv was already cached by the call to
146   // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass
147   // NULL here (we don't have the original argv at this point).
148   SetProcessTitleFromCommandLine(NULL);
149 }
150
151 bool UpdateProcessTypeAndEnableSandbox(
152     sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void)) {
153   DCHECK(broker_sandboxer_allocator);
154   UpdateProcessTypeToGpuBroker();
155   return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
156       make_scoped_ptr(broker_sandboxer_allocator()));
157 }
158
159 }  // namespace
160
161 GpuProcessPolicy::GpuProcessPolicy() : broker_process_(NULL) {}
162
163 GpuProcessPolicy::~GpuProcessPolicy() {}
164
165 // Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy.
166 ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
167                                             int sysno) const {
168   switch (sysno) {
169     case __NR_ioctl:
170 #if defined(__i386__) || defined(__x86_64__)
171     // The Nvidia driver uses flags not in the baseline policy
172     // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT)
173     case __NR_mmap:
174 #endif
175     // We also hit this on the linux_chromeos bot but don't yet know what
176     // weird flags were involved.
177     case __NR_mprotect:
178     case __NR_sched_getaffinity:
179     case __NR_sched_setaffinity:
180     case __NR_setpriority:
181       return ErrorCode(ErrorCode::ERR_ALLOWED);
182     case __NR_access:
183     case __NR_open:
184     case __NR_openat:
185       DCHECK(broker_process_);
186       return sandbox->Trap(GpuSIGSYS_Handler, broker_process_);
187     default:
188       if (SyscallSets::IsEventFd(sysno))
189         return ErrorCode(ErrorCode::ERR_ALLOWED);
190
191       // Default on the baseline policy.
192       return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno);
193   }
194 }
195
196 bool GpuProcessPolicy::PreSandboxHook() {
197   // Warm up resources needed by the policy we're about to enable and
198   // eventually start a broker process.
199   const bool chromeos_arm_gpu = IsChromeOS() && IsArchitectureArm();
200   // This policy is for x86 or Desktop.
201   DCHECK(!chromeos_arm_gpu);
202
203   DCHECK(!broker_process());
204   // Create a new broker process.
205   InitGpuBrokerProcess(
206       GpuBrokerProcessPolicy::Create,
207       std::vector<std::string>(),  // No extra files in whitelist.
208       std::vector<std::string>());
209
210   if (IsArchitectureX86_64() || IsArchitectureI386()) {
211     // Accelerated video decode dlopen()'s some shared objects
212     // inside the sandbox, so preload them now.
213     if (IsAcceleratedVideoDecodeEnabled()) {
214       const char* I965DrvVideoPath = NULL;
215
216 #if defined(OS_TIZEN)
217       if (IsArchitectureX86_64()) {
218         // TODO(halton): Add 64-bit VA driver when 64-bit Tizen support
219         // is ready.
220         return false;
221       } else if (IsArchitectureI386()) {
222         I965DrvVideoPath = "/usr/lib/dri/i965_dri.so";
223       }
224 #else
225       if (IsArchitectureX86_64()) {
226         I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so";
227       } else if (IsArchitectureI386()) {
228         I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so";
229       }
230 #endif
231
232       dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
233       dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
234       dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
235     }
236   }
237
238   return true;
239 }
240
241 void GpuProcessPolicy::InitGpuBrokerProcess(
242     sandbox::SandboxBPFPolicy* (*broker_sandboxer_allocator)(void),
243     const std::vector<std::string>& read_whitelist_extra,
244     const std::vector<std::string>& write_whitelist_extra) {
245   static const char kDriRcPath[] = "/etc/drirc";
246   static const char kDriCard0Path[] = "/dev/dri/card0";
247
248   CHECK(broker_process_ == NULL);
249
250   // All GPU process policies need these files brokered out.
251   std::vector<std::string> read_whitelist;
252   read_whitelist.push_back(kDriCard0Path);
253   read_whitelist.push_back(kDriRcPath);
254   // Add eventual extra files from read_whitelist_extra.
255   read_whitelist.insert(read_whitelist.end(),
256                         read_whitelist_extra.begin(),
257                         read_whitelist_extra.end());
258
259   std::vector<std::string> write_whitelist;
260   write_whitelist.push_back(kDriCard0Path);
261   // Add eventual extra files from write_whitelist_extra.
262   write_whitelist.insert(write_whitelist.end(),
263                          write_whitelist_extra.begin(),
264                          write_whitelist_extra.end());
265
266   broker_process_ = new BrokerProcess(GetFSDeniedErrno(),
267                                       read_whitelist,
268                                       write_whitelist);
269   // The initialization callback will perform generic initialization and then
270   // call broker_sandboxer_callback.
271   CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
272                                          broker_sandboxer_allocator)));
273 }
274
275 }  // namespace content
Domain: Web Framework / Uncategorized;