blob: 012a7f678b95bda4e0aff66aa38a11deb5b216d5 [file] [log] [blame]
// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h"
#include <dlfcn.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <memory>
#include <string>
#include <vector>
#include "base/bind.h"
#include "base/compiler_specific.h"
#include "base/logging.h"
#include "base/macros.h"
#include "build/build_config.h"
#include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
#include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/syscall_broker/broker_file_permission.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Arg;
using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::If;
using sandbox::bpf_dsl::ResultExpr;
using sandbox::syscall_broker::BrokerFilePermission;
using sandbox::SyscallSets;
namespace content {
namespace {
inline bool IsChromeOS() {
#if defined(OS_CHROMEOS)
return true;
return false;
inline bool IsArchitectureArm() {
#if defined(__arm__) || defined(__aarch64__)
return true;
return false;
void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
// Device file needed by the ARM GPU userspace.
static const char kMali0Path[] = "/dev/mali0";
// Image processor used on ARM platforms.
static const char kDevImageProc0Path[] = "/dev/image-proc0";
void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
// On ARM we're enabling the sandbox before the X connection is made,
// so we need to allow access to |.Xauthority|.
static const char kXAuthorityPath[] = "/home/chronos/.Xauthority";
static const char kLdSoCache[] = "/etc/";
// Files needed by the ARM GPU userspace.
static const char kLibGlesPath[] = "/usr/lib/";
static const char kLibEglPath[] = "/usr/lib/";
class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy {
static sandbox::bpf_dsl::Policy* Create() {
return new CrosArmGpuBrokerProcessPolicy();
~CrosArmGpuBrokerProcessPolicy() override {}
ResultExpr EvaluateSyscall(int system_call_number) const override;
CrosArmGpuBrokerProcessPolicy() : CrosArmGpuProcessPolicy(false) {}
// A GPU broker policy is the same as a GPU policy with open and
// openat allowed.
ResultExpr CrosArmGpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
switch (sysno) {
#if !defined(__aarch64__)
case __NR_access:
case __NR_open:
#endif // !defined(__aarch64__)
case __NR_faccessat:
case __NR_openat:
return Allow();
return CrosArmGpuProcessPolicy::EvaluateSyscall(sysno);
} // namespace
CrosArmGpuProcessPolicy::CrosArmGpuProcessPolicy(bool allow_shmat)
#if defined(__arm__) || defined(__aarch64__)
: allow_shmat_(allow_shmat)
CrosArmGpuProcessPolicy::~CrosArmGpuProcessPolicy() {}
ResultExpr CrosArmGpuProcessPolicy::EvaluateSyscall(int sysno) const {
#if defined(__arm__) || defined(__aarch64__)
if (allow_shmat_ && sysno == __NR_shmat)
return Allow();
#endif // defined(__arm__) || defined(__aarch64__)
switch (sysno) {
#if defined(__arm__) || defined(__aarch64__)
// ARM GPU sandbox is started earlier so we need to allow networking
// in the sandbox.
case __NR_connect:
case __NR_getpeername:
case __NR_getsockname:
case __NR_sysinfo:
case __NR_uname:
return Allow();
// Allow only AF_UNIX for |domain|.
case __NR_socket:
case __NR_socketpair: {
const Arg<int> domain(0);
return If(domain == AF_UNIX, Allow()).Else(Error(EPERM));
#endif // defined(__arm__) || defined(__aarch64__)
// Default to the generic GPU policy.
return GpuProcessPolicy::EvaluateSyscall(sysno);
bool CrosArmGpuProcessPolicy::PreSandboxHook() {
DCHECK(IsChromeOS() && IsArchitectureArm());
// Create a new broker process.
// Add ARM-specific files to whitelist in the broker.
std::vector<BrokerFilePermission> permissions;
InitGpuBrokerProcess(CrosArmGpuBrokerProcessPolicy::Create, permissions);
const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE;
// Preload the Mali library.
dlopen("/usr/lib/", dlopen_flag);
// Preload the Tegra V4L2 (video decode acceleration) library.
dlopen("/usr/lib/", dlopen_flag);
// Resetting errno since platform-specific libraries will fail on other
// platforms.
errno = 0;
return true;
} // namespace content