Whitelist Amlogic's video encoder

Whitelist the video encoder library and device such that the encoder works in a sandboxed GPU process. Bug: 1052499 Test: On device making a video call. Change-Id: Iae04f0afeb2945318b54aa623f88ca44cc32ebc8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2057638Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Zhenyao Mo <zmo@chromium.org> Reviewed-by: Doug Steedman <dougsteed@chromium.org> Commit-Queue: Daniel Nicoara <dnicoara@chromium.org> Cr-Commit-Position: refs/heads/master@{#759488}

Whitelist Amlogic's video encoder
Whitelist the video encoder library and device such that the encoder works in a sandboxed GPU process. Bug: 1052499 Test: On device making a video call. Change-Id: Iae04f0afeb2945318b54aa623f88ca44cc32ebc8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2057638Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Zhenyao Mo <zmo@chromium.org> Reviewed-by: Doug Steedman <dougsteed@chromium.org> Commit-Queue: Daniel Nicoara <dnicoara@chromium.org> Cr-Commit-Position: refs/heads/master@{#759488}
b102b782 · Daniel Nicoara · Commit Bot · 3677aa93 · b102b782
Commit b102b782 authored Apr 16, 2020 by Daniel Nicoara Committed by Commit Bot Apr 16, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 0 deletions

content/gpu/gpu_sandbox_hook_linux.cc content/gpu/gpu_sandbox_hook_linux.cc +17 -0

No files found.
--- a/content/gpu/gpu_sandbox_hook_linux.cc
+++ b/content/gpu/gpu_sandbox_hook_linux.cc
@@ -143,6 +143,12 @@ void AddV4L2GpuWhitelist(
  // Device node for V4L2 JPEG encode accelerator drivers.
  static const char kDevJpegEncPath[] = "/dev/jpeg-enc";
  permissions->push_back(BrokerFilePermission::ReadWrite(kDevJpegEncPath));
+
+  if (UseChromecastSandboxWhitelist()) {
+    static const char kAmlogicAvcEncoderPath[] = "/dev/amvenc_avc";
+    permissions->push_back(
+        BrokerFilePermission::ReadWrite(kAmlogicAvcEncoderPath));
+  }
 }

 void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
@@ -387,6 +393,15 @@ void LoadV4L2Libraries(
  }
 }

+void LoadChromecastV4L2Libraries() {
+  for (const char* path : kWhitelistedChromecastPaths) {
+    const std::string library_path(std::string(path) +
+                                   std::string("libvpcodec.so"));
+    if (dlopen(library_path.c_str(), dlopen_flag))
+      break;
+  }
+}
+
 bool LoadLibrariesForGpu(
    const service_manager::SandboxSeccompBPF::Options& options) {
  if (IsChromeOS()) {
@@ -400,6 +415,8 @@ bool LoadLibrariesForGpu(
      return LoadAmdGpuLibraries();
  } else if (UseChromecastSandboxWhitelist() && IsArchitectureArm()) {
    LoadArmGpuLibraries();
+    if (UseV4L2Codec())
+      LoadChromecastV4L2Libraries();
  }
  return true;
 }