Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / content / common / sandbox_linux / bpf_cros_arm_gpu_policy_linux.cc
blob338acf9add85962804a7b0590ceacdd8885a6963
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h"
7 #include <dlfcn.h>
8 #include <errno.h>
9 #include <fcntl.h>
10 #include <sys/socket.h>
11 #include <sys/stat.h>
12 #include <sys/types.h>
13 #include <unistd.h>
15 #include <string>
16 #include <vector>
18 #include "base/bind.h"
19 #include "base/compiler_specific.h"
20 #include "base/logging.h"
21 #include "base/memory/scoped_ptr.h"
22 #include "build/build_config.h"
23 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
24 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
25 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
26 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
27 #include "sandbox/linux/syscall_broker/broker_file_permission.h"
28 #include "sandbox/linux/system_headers/linux_syscalls.h"
30 using sandbox::bpf_dsl::Allow;
31 using sandbox::bpf_dsl::Arg;
32 using sandbox::bpf_dsl::Error;
33 using sandbox::bpf_dsl::If;
34 using sandbox::bpf_dsl::ResultExpr;
35 using sandbox::syscall_broker::BrokerFilePermission;
36 using sandbox::SyscallSets;
38 namespace content {
40 namespace {
42 inline bool IsChromeOS() {
43 #if defined(OS_CHROMEOS)
44 return true;
45 #else
46 return false;
47 #endif
50 inline bool IsArchitectureArm() {
51 #if defined(__arm__) || defined(__aarch64__)
52 return true;
53 #else
54 return false;
55 #endif
58 void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
59 // Device file needed by the ARM GPU userspace.
60 static const char kMali0Path[] = "/dev/mali0";
62 // Video processor used on ARM Exynos platforms.
63 static const char kDevGsc0Path[] = "/dev/gsc0";
65 permissions->push_back(BrokerFilePermission::ReadWrite(kMali0Path));
66 permissions->push_back(BrokerFilePermission::ReadWrite(kDevGsc0Path));
69 void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
70 // On ARM we're enabling the sandbox before the X connection is made,
71 // so we need to allow access to |.Xauthority|.
72 static const char kXAuthorityPath[] = "/home/chronos/.Xauthority";
73 static const char kLdSoCache[] = "/etc/ld.so.cache";
75 // Files needed by the ARM GPU userspace.
76 static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2";
77 static const char kLibEglPath[] = "/usr/lib/libEGL.so.1";
79 permissions->push_back(BrokerFilePermission::ReadOnly(kXAuthorityPath));
80 permissions->push_back(BrokerFilePermission::ReadOnly(kLdSoCache));
81 permissions->push_back(BrokerFilePermission::ReadOnly(kLibGlesPath));
82 permissions->push_back(BrokerFilePermission::ReadOnly(kLibEglPath));
84 AddArmMaliGpuWhitelist(permissions);
87 class CrosArmGpuBrokerProcessPolicy : public CrosArmGpuProcessPolicy {
88 public:
89 static sandbox::bpf_dsl::Policy* Create() {
90 return new CrosArmGpuBrokerProcessPolicy();
92 ~CrosArmGpuBrokerProcessPolicy() override {}
94 ResultExpr EvaluateSyscall(int system_call_number) const override;
96 private:
97 CrosArmGpuBrokerProcessPolicy() : CrosArmGpuProcessPolicy(false) {}
98 DISALLOW_COPY_AND_ASSIGN(CrosArmGpuBrokerProcessPolicy);
101 // A GPU broker policy is the same as a GPU policy with open and
102 // openat allowed.
103 ResultExpr CrosArmGpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
104 switch (sysno) {
105 #if !defined(__aarch64__)
106 case __NR_access:
107 case __NR_open:
108 #endif // !defined(__aarch64__)
109 case __NR_faccessat:
110 case __NR_openat:
111 return Allow();
112 default:
113 return CrosArmGpuProcessPolicy::EvaluateSyscall(sysno);
117 } // namespace
119 CrosArmGpuProcessPolicy::CrosArmGpuProcessPolicy(bool allow_shmat)
120 : allow_shmat_(allow_shmat) {}
122 CrosArmGpuProcessPolicy::~CrosArmGpuProcessPolicy() {}
124 ResultExpr CrosArmGpuProcessPolicy::EvaluateSyscall(int sysno) const {
125 #if defined(__arm__) || defined(__aarch64__)
126 if (allow_shmat_ && sysno == __NR_shmat)
127 return Allow();
128 #endif // defined(__arm__) || defined(__aarch64__)
130 switch (sysno) {
131 #if defined(__arm__) || defined(__aarch64__)
132 // ARM GPU sandbox is started earlier so we need to allow networking
133 // in the sandbox.
134 case __NR_connect:
135 case __NR_getpeername:
136 case __NR_getsockname:
137 case __NR_sysinfo:
138 case __NR_uname:
139 return Allow();
140 // Allow only AF_UNIX for |domain|.
141 case __NR_socket:
142 case __NR_socketpair: {
143 const Arg<int> domain(0);
144 return If(domain == AF_UNIX, Allow()).Else(Error(EPERM));
146 #endif // defined(__arm__) || defined(__aarch64__)
147 default:
148 // Default to the generic GPU policy.
149 return GpuProcessPolicy::EvaluateSyscall(sysno);
153 bool CrosArmGpuProcessPolicy::PreSandboxHook() {
154 DCHECK(IsChromeOS() && IsArchitectureArm());
155 // Create a new broker process.
156 DCHECK(!broker_process());
158 // Add ARM-specific files to whitelist in the broker.
159 std::vector<BrokerFilePermission> permissions;
161 AddArmGpuWhitelist(&permissions);
162 InitGpuBrokerProcess(CrosArmGpuBrokerProcessPolicy::Create, permissions);
164 const int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE;
166 // Preload the Mali library.
167 dlopen("/usr/lib/libmali.so", dlopen_flag);
168 // Preload the Tegra V4L2 (video decode acceleration) library.
169 dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag);
170 // Resetting errno since platform-specific libraries will fail on other
171 // platforms.
172 errno = 0;
174 return true;
177 } // namespace content