sandbox: Whitelist 64bit libraries on arm64 ChromeOS

When using ChromeOS on ARM with a 64bit userspace, the early sandbox blocks the Mali/GLES/EGL libraries from loading, because only the 32bit paths are allowed. Whitelist the 64bit paths when building for aarch64 on ChromeOS. BUG=882033 TEST=Device boots, GPU process is sandboxed Change-Id: Iba2e696291b96c23aaaafc417d4eb96f084f4f46 Reviewed-on: https://chromium-review.googlesource.com/1230066 Commit-Queue: Kenneth Russell <kbr@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Antoine Labour <piman@chromium.org> Cr-Commit-Position: refs/heads/master@{#595620}

sandbox: Whitelist 64bit libraries on arm64 ChromeOS
When using ChromeOS on ARM with a 64bit userspace, the early sandbox blocks the Mali/GLES/EGL libraries from loading, because only the 32bit paths are allowed. Whitelist the 64bit paths when building for aarch64 on ChromeOS. BUG=882033 TEST=Device boots, GPU process is sandboxed Change-Id: Iba2e696291b96c23aaaafc417d4eb96f084f4f46 Reviewed-on: https://chromium-review.googlesource.com/1230066 Commit-Queue: Kenneth Russell <kbr@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Antoine Labour <piman@chromium.org> Cr-Commit-Position: refs/heads/master@{#595620}
a2fe368b · Dániel Bátyai · Commit Bot · dca7cc81 · a2fe368b
Commit a2fe368b authored Oct 01, 2018 by Dániel Bátyai Committed by Commit Bot Oct 01, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 7 deletions

content/gpu/gpu_sandbox_hook_linux.cc content/gpu/gpu_sandbox_hook_linux.cc +22 -7

No files found.
--- a/content/gpu/gpu_sandbox_hook_linux.cc
+++ b/content/gpu/gpu_sandbox_hook_linux.cc
@@ -77,6 +77,24 @@ inline bool UseLibV4L2() {
 #endif
 }
+#if defined(OS_CHROMEOS) && defined(__aarch64__)
+static const char kLibGlesPath[] = "/usr/lib64/libGLESv2.so.2";
+static const char kLibEglPath[] = "/usr/lib64/libEGL.so.1";
+static const char kLibMaliPath[] = "/usr/lib64/libmali.so";
+static const char kLibTegraPath[] = "/usr/lib64/libtegrav4l2.so";
+static const char kLibV4l2Path[] = "/usr/lib64/libv4l2.so";
+static const char kLibV4lEncPluginPath[] =
+    "/usr/lib64/libv4l/plugins/libv4l-encplugin.so";
+#else
+static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2";
+static const char kLibEglPath[] = "/usr/lib/libEGL.so.1";
+static const char kLibMaliPath[] = "/usr/lib/libmali.so";
+static const char kLibTegraPath[] = "/usr/lib/libtegrav4l2.so";
+static const char kLibV4l2Path[] = "/usr/lib/libv4l2.so";
+static const char kLibV4lEncPluginPath[] =
+    "/usr/lib/libv4l/plugins/libv4l-encplugin.so";
+#endif
 constexpr int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE;
 void AddV4L2GpuWhitelist(
@@ -152,9 +170,6 @@ void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
  static const char kLdSoCache[] = "/etc/ld.so.cache";
  // Files needed by the ARM GPU userspace.
-  static const char kLibGlesPath[] = "/usr/lib/libGLESv2.so.2";
-  static const char kLibEglPath[] = "/usr/lib/libEGL.so.1";
  permissions->push_back(BrokerFilePermission::ReadOnly(kXAuthorityPath));
  permissions->push_back(BrokerFilePermission::ReadOnly(kLdSoCache));
  permissions->push_back(BrokerFilePermission::ReadOnly(kLibGlesPath));
@@ -261,10 +276,10 @@ void LoadArmGpuLibraries() {
        break;
    }
  } else {
-    dlopen("/usr/lib/libmali.so", dlopen_flag);
+    dlopen(kLibMaliPath, dlopen_flag);
    // Preload the Tegra V4L2 (video decode acceleration) library.
-    dlopen("/usr/lib/libtegrav4l2.so", dlopen_flag);
+    dlopen(kLibTegraPath, dlopen_flag);
  }
 }
@@ -295,11 +310,11 @@ bool IsAcceleratedVideoEnabled(
 void LoadV4L2Libraries(
    const service_manager::SandboxSeccompBPF::Options& options) {
  if (IsAcceleratedVideoEnabled(options) && UseLibV4L2()) {
-    dlopen("/usr/lib/libv4l2.so", dlopen_flag);
+    dlopen(kLibV4l2Path, dlopen_flag);
    if (options.accelerated_video_encode_enabled) {
      // This is a device-specific encoder plugin.
-      dlopen("/usr/lib/libv4l/plugins/libv4l-encplugin.so", dlopen_flag);
+      dlopen(kLibV4lEncPluginPath, dlopen_flag);
    }
  }
 }