diff options
| author | henryhsu <henryhsu@chromium.org> | 2015-01-13 01:20:44 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-01-13 09:21:34 +0000 |
| commit | 7dec42e0dad3bd8bf27e42aa318a70ed1c63cca1 (patch) | |
| tree | fcedfcd62510877191e2f9f224cf83a538407194 /content/common/sandbox_linux | |
| parent | e34da193dd4c80adf30c63cdb5ed634876240291 (diff) | |
| download | chromium_src-7dec42e0dad3bd8bf27e42aa318a70ed1c63cca1.zip chromium_src-7dec42e0dad3bd8bf27e42aa318a70ed1c63cca1.tar.gz chromium_src-7dec42e0dad3bd8bf27e42aa318a70ed1c63cca1.tar.bz2 | |
Sandbox: Add v4l2 plugin permission
BUG=405861
TEST=manually test on veyron_pinky with sandbox and make sure plugin
is called successfully.
Review URL: https://codereview.chromium.org/845253002
Cr-Commit-Position: refs/heads/master@{#311243}
Diffstat (limited to 'content/common/sandbox_linux')
| -rw-r--r-- | content/common/sandbox_linux/bpf_gpu_policy_linux.cc | 43 |
1 files changed, 32 insertions, 11 deletions
diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc index 57bb716..9da1dea 100644 --- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc +++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc @@ -84,16 +84,29 @@ inline bool IsOzone() { #endif } -bool IsAcceleratedVideoEnabled() { - const base::CommandLine& command_line = - *base::CommandLine::ForCurrentProcess(); +inline bool UseLibV4L2() { +#if defined(USE_LIBV4L2) + return true; +#else + return false; +#endif +} + +bool IsAcceleratedVaapiVideoEncodeEnabled() { bool accelerated_encode_enabled = false; #if defined(OS_CHROMEOS) + const base::CommandLine& command_line = + *base::CommandLine::ForCurrentProcess(); accelerated_encode_enabled = !command_line.HasSwitch(switches::kDisableVaapiAcceleratedVideoEncode); #endif - return !command_line.HasSwitch(switches::kDisableAcceleratedVideoDecode) || - accelerated_encode_enabled; + return accelerated_encode_enabled; +} + +bool IsAcceleratedVideoDecodeEnabled() { + const base::CommandLine& command_line = + *base::CommandLine::ForCurrentProcess(); + return !command_line.HasSwitch(switches::kDisableAcceleratedVideoDecode); } intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args, @@ -138,13 +151,14 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args, } void AddV4L2GpuWhitelist(std::vector<BrokerFilePermission>* permissions) { - // Device nodes for V4L2 video decode accelerator drivers. - static const char kDevVideoDecPath[] = "/dev/video-dec"; + if (IsAcceleratedVideoDecodeEnabled()) { + // Device node for V4L2 video decode accelerator drivers. + static const char kDevVideoDecPath[] = "/dev/video-dec"; + permissions->push_back(BrokerFilePermission::ReadWrite(kDevVideoDecPath)); + } - // Device nodes for V4L2 video encode accelerator drivers. + // Device node for V4L2 video encode accelerator drivers. static const char kDevVideoEncPath[] = "/dev/video-enc"; - - permissions->push_back(BrokerFilePermission::ReadWrite(kDevVideoDecPath)); permissions->push_back(BrokerFilePermission::ReadWrite(kDevVideoEncPath)); } @@ -279,7 +293,8 @@ bool GpuProcessPolicy::PreSandboxHook() { if (IsArchitectureX86_64() || IsArchitectureI386()) { // Accelerated video dlopen()'s some shared objects // inside the sandbox, so preload them now. - if (IsAcceleratedVideoEnabled()) { + if (IsAcceleratedVaapiVideoEncodeEnabled() || + IsAcceleratedVideoDecodeEnabled()) { const char* I965DrvVideoPath = NULL; if (IsArchitectureX86_64()) { @@ -319,6 +334,12 @@ void GpuProcessPolicy::InitGpuBrokerProcess( BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm)); } else if (IsArchitectureArm() || IsOzone()){ AddV4L2GpuWhitelist(&permissions); + if (UseLibV4L2()) { + dlopen("/usr/lib/libv4l2.so", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); + // This is a device-specific encoder plugin. + dlopen("/usr/lib/libv4l/plugins/libv4l-encplugin.so", + RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); + } } // Add eventual extra files from permissions_extra. |