bpf gpu policy: Change GPU bpf policy to support DRI3

DRI3 creates files in /dev/shm/. This change adds /dev/shm to
the whitelist for non-ChromeOS Linux platforms.

These files are unlinked and truncated so the following
policy changes have also been made.

unlink is allowed in the broker process policy.
ftruncate is allowed in the gpu process policy

Now DRI3 is supported this change also reverts the
temporary fix to set env var LIBGL_DRI3_DISABLE
https://codereview.chromium.org/708043002

BUG=415681
TEST=Ubuntu 14.10 configured with DRI3

Review URL: https://codereview.chromium.org/759613008

Cr-Commit-Position: refs/heads/master@{#306698}
diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
index 711f9b4..94003db 100644
--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -134,13 +134,18 @@
 };
 
 // x86_64/i386 or desktop ARM.
-// A GPU broker policy is the same as a GPU policy with open and
-// openat allowed.
+// A GPU broker policy is the same as a GPU policy with access, open,
+// openat and in the non-Chrome OS case unlink allowed.
 ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
     case __NR_access:
     case __NR_open:
     case __NR_openat:
+#if !defined(OS_CHROMEOS)
+    // The broker process needs to able to unlink the temporary
+    // files that it may create. This is used by DRI3.
+    case __NR_unlink:
+#endif
       return Allow();
     default:
       return GpuProcessPolicy::EvaluateSyscall(sysno);
@@ -184,6 +189,9 @@
 // Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy.
 ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
+#if !defined(OS_CHROMEOS)
+    case __NR_ftruncate:
+#endif
     case __NR_ioctl:
       return Allow();
     case __NR_mincore:
@@ -261,6 +269,7 @@
     const std::vector<BrokerFilePermission>& permissions_extra) {
   static const char kDriRcPath[] = "/etc/drirc";
   static const char kDriCard0Path[] = "/dev/dri/card0";
+  static const char kDevShm[] = "/dev/shm/";
 
   CHECK(broker_process_ == NULL);
 
@@ -268,6 +277,10 @@
   std::vector<BrokerFilePermission> permissions;
   permissions.push_back(BrokerFilePermission::ReadWrite(kDriCard0Path));
   permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath));
+  if (!IsChromeOS()) {
+    permissions.push_back(
+        BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm));
+  }
 
   // Add eventual extra files from permissions_extra.
   for (const auto& perm : permissions_extra) {
diff --git a/content/gpu/gpu_main.cc b/content/gpu/gpu_main.cc
index c790dd6..0acc5bb6 100644
--- a/content/gpu/gpu_main.cc
+++ b/content/gpu/gpu_main.cc
@@ -10,7 +10,6 @@
 #endif
 
 #include "base/debug/trace_event.h"
-#include "base/environment.h"
 #include "base/lazy_instance.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram.h"
@@ -213,16 +212,6 @@
     watchdog_thread->StartWithOptions(options);
   }
 
-  // Temporarily disable DRI3 on desktop Linux.
-  // The GPU process is crashing on DRI3-enabled desktop Linux systems.
-  // TODO(jorgelo): remove this when crbug.com/415681 is fixed.
-#if defined(OS_LINUX) && !defined(OS_CHROMEOS)
-  {
-    scoped_ptr<base::Environment> env(base::Environment::Create());
-    env->SetVar("LIBGL_DRI3_DISABLE", "1");
-  }
-#endif
-
   gpu::GPUInfo gpu_info;
   // Get vendor_id, device_id, driver_version from browser process through
   // commandline switches.