sandbox: Extend amdgpu whitelist for libdrm 2.4.93
In libdrm 2.4.93, realpath() is called on the path under
/sys/dev/char/.. which resolves to at path under /sys/devices/..., so
we need to add /sys/devices/... recursively as well as allow stat()
for all intermediate directories.
Bug=b:112486795
Test=boot and login successfully on grunt
Change-Id: I4cf704ed217830b224398314a3e51b5c0d6bd17c
Reviewed-on: https://chromium-review.googlesource.com/1184041
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Drew Davenport <ddavenport@chromium.org>
Cr-Commit-Position: refs/heads/master@{#586327}diff --git a/content/gpu/gpu_sandbox_hook_linux.cc b/content/gpu/gpu_sandbox_hook_linux.cc
index cd914e2..e5b2279 100644
--- a/content/gpu/gpu_sandbox_hook_linux.cc
+++ b/content/gpu/gpu_sandbox_hook_linux.cc
@@ -127,8 +127,13 @@
for (const char* item : kReadWriteList)
permissions->push_back(BrokerFilePermission::ReadWrite(item));
- static const char kCharDevices[] = "/sys/dev/char/";
- permissions->push_back(BrokerFilePermission::ReadOnlyRecursive(kCharDevices));
+ static const char* kDevices[] = {"/sys/dev/char", "/sys/devices"};
+ for (const char* item : kDevices) {
+ std::string path(item);
+ permissions->push_back(
+ BrokerFilePermission::StatOnlyWithIntermediateDirs(path));
+ permissions->push_back(BrokerFilePermission::ReadOnlyRecursive(path + "/"));
+ }
}
void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
