// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/342213636): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "content/common/gpu_pre_sandbox_hook_linux.h" #include <dlfcn.h> #include <errno.h> #include <stdlib.h> #include <sys/stat.h> #include <memory> #include <sstream> #include <utility> #include <vector> #include "base/base_paths.h" #include "base/files/file_enumerator.h" #include "base/files/file_path.h" #include "base/files/scoped_file.h" #include "base/functional/bind.h" #include "base/logging.h" #include "base/path_service.h" #include "base/strings/stringprintf.h" #include "build/build_config.h" #include "build/buildflag.h" #include "build/chromeos_buildflags.h" #include "content/public/common/content_switches.h" #include "media/gpu/buildflags.h" #include "sandbox/linux/bpf_dsl/policy.h" #include "sandbox/linux/syscall_broker/broker_command.h" #include "sandbox/linux/syscall_broker/broker_file_permission.h" #include "sandbox/linux/syscall_broker/broker_process.h" #include "sandbox/policy/chromecast_sandbox_allowlist_buildflags.h" #include "sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.h" #include "sandbox/policy/linux/bpf_cros_arm_gpu_policy_linux.h" #include "sandbox/policy/linux/bpf_gpu_policy_linux.h" #include "sandbox/policy/linux/sandbox_linux.h" #if BUILDFLAG(USE_V4L2_CODEC) #include "media/gpu/v4l2/v4l2_device.h" #endif Policy; BrokerFilePermission; BrokerProcess; namespace content { namespace { inline bool IsChromeOS() { … } inline bool UseChromecastSandboxAllowlist() { … } inline bool IsArchitectureArm() { … } inline bool UseV4L2Codec( const sandbox::policy::SandboxSeccompBPF::Options& options) { … } #if BUILDFLAG(IS_CHROMEOS) && defined(ARCH_CPU_ARM_FAMILY) static const char kMaliConfPath[] = "/etc/mali_platform.conf"; #endif #if BUILDFLAG(IS_CHROMEOS) && defined(__aarch64__) static const char kLibGlesPath[] = "/usr/lib64/libGLESv2.so.2"; static const char kLibEglPath[] = "/usr/lib64/libEGL.so.1"; static const char kLibMaliPath[] = "/usr/lib64/libmali.so"; static const char kLibTegraPath[] = "/usr/lib64/libtegrav4l2.so"; #else static const char kLibGlesPath[] = …; static const char kLibEglPath[] = …; static const char kLibMaliPath[] = …; static const char kLibTegraPath[] = …; #endif constexpr int dlopen_flag = …; void AddStandardChromeOsPermissions( std::vector<BrokerFilePermission>* permissions) { … } void AddV4L2GpuPermissions( std::vector<BrokerFilePermission>* permissions, const sandbox::policy::SandboxSeccompBPF::Options& options) { … } void AddArmMaliGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } void AddImgPvrGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } void AddDrmGpuDevPermissions(std::vector<BrokerFilePermission>* permissions, const std::string& path) { … } void AddDrmGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } void AddAmdGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } void AddNvidiaGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } void AddIntelGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } void AddVirtIOGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } void AddArmGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } // Need to look in vendor paths for custom vendor implementations. static const char* const kAllowedChromecastPaths[] = …; void AddChromecastArmGpuPermissions( std::vector<BrokerFilePermission>* permissions) { … } void AddVulkanICDPermissions(std::vector<BrokerFilePermission>* permissions) { … } void AddStandardGpuPermissions(std::vector<BrokerFilePermission>* permissions) { … } std::vector<BrokerFilePermission> FilePermissionsForGpu( const sandbox::policy::SandboxSeccompBPF::Options& options) { … } void LoadArmGpuLibraries() { … } bool LoadAmdGpuLibraries() { … } bool LoadNvidiaLibraries() { … } void LoadVulkanLibraries() { … } void LoadChromecastV4L2Libraries() { … } bool LoadLibrariesForGpu( const sandbox::policy::SandboxSeccompBPF::Options& options) { … } sandbox::syscall_broker::BrokerCommandSet CommandSetForGPU( const sandbox::policy::SandboxLinux::Options& options) { … } } // namespace bool GpuPreSandboxHook(sandbox::policy::SandboxLinux::Options options) { … } } // namespace content
Codebase Browser
chromium