gpu_sandbox_hook_linux.cc: use more intentional terms.

Use the concept of "permissions" and "allowed paths" that make the code clearer as well as more inclusive. Bug: chromium:1101491 Change-Id: I374bc95250a97efbd3190d22c82261a6c31a03af Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2302195Reviewed-by: Kenneth Russell <kbr@chromium.org> Commit-Queue: Corentin Wallez <cwallez@chromium.org> Cr-Commit-Position: refs/heads/master@{#789390}

gpu_sandbox_hook_linux.cc: use more intentional terms.
Use the concept of "permissions" and "allowed paths" that make the code clearer as well as more inclusive. Bug: chromium:1101491 Change-Id: I374bc95250a97efbd3190d22c82261a6c31a03af Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2302195Reviewed-by: Kenneth Russell <kbr@chromium.org> Commit-Queue: Corentin Wallez <cwallez@chromium.org> Cr-Commit-Position: refs/heads/master@{#789390}
ba321875 · Corentin Wallez · Commit Bot · c575a0dc · ba321875
Commit ba321875 authored Jul 17, 2020 by Corentin Wallez Committed by Commit Bot Jul 17, 2020
Show whitespace changes
Inline Side-by-side

Showing with 23 additions and 23 deletions

content/gpu/gpu_sandbox_hook_linux.cc content/gpu/gpu_sandbox_hook_linux.cc +23 -23

No files found.
--- a/content/gpu/gpu_sandbox_hook_linux.cc
+++ b/content/gpu/gpu_sandbox_hook_linux.cc
@@ -100,7 +100,7 @@ static const char kLibV4lEncPluginPath[] =

 constexpr int dlopen_flag = RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE;

-void AddV4L2GpuWhitelist(
+void AddV4L2GpuPermissions(
    std::vector<BrokerFilePermission>* permissions,
    const sandbox::policy::SandboxSeccompBPF::Options& options) {
  if (options.accelerated_video_decode_enabled) {
@@ -160,7 +160,7 @@ void AddV4L2GpuWhitelist(
  }
 }

-void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
+void AddArmMaliGpuPermissions(std::vector<BrokerFilePermission>* permissions) {
  // Device file needed by the ARM GPU userspace.
  static const char kMali0Path[] = "/dev/mali0";

@@ -177,14 +177,14 @@ void AddArmMaliGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
  }
 }

-void AddImgPvrGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
+void AddImgPvrGpuPermissions(std::vector<BrokerFilePermission>* permissions) {
  // Device node needed by the IMG GPU userspace.
  static const char kPvrSyncPath[] = "/dev/pvr_sync";

  permissions->push_back(BrokerFilePermission::ReadWrite(kPvrSyncPath));
 }

-void AddAmdGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
+void AddAmdGpuPermissions(std::vector<BrokerFilePermission>* permissions) {
  static const char* const kReadOnlyList[] = {"/etc/ld.so.cache",
                                              "/usr/lib64/libEGL.so.1",
                                              "/usr/lib64/libGLESv2.so.2"};
@@ -212,7 +212,7 @@ void AddAmdGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
  }
 }

-void AddIntelGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
+void AddIntelGpuPermissions(std::vector<BrokerFilePermission>* permissions) {
  static const char* const kReadOnlyList[] = {
      "/dev/dri",
      "/usr/share/vulkan/icd.d",
@@ -220,7 +220,7 @@ void AddIntelGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
  for (const char* item : kReadOnlyList)
    permissions->push_back(BrokerFilePermission::ReadOnly(item));

-  // TODO(hob): Whitelist all valid render node paths.
+  // TODO(hob): Allow all valid render node paths.
  static const char kRenderNodePath[] = "/dev/dri/renderD128";
  struct stat st;
  if (stat(kRenderNodePath, &st) == 0) {
@@ -235,7 +235,7 @@ void AddIntelGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
  }
 }

-void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
+void AddArmGpuPermissions(std::vector<BrokerFilePermission>* permissions) {
  // On ARM we're enabling the sandbox before the X connection is made,
  // so we need to allow access to |.Xauthority|.
  static const char kXAuthorityPath[] = "/home/chronos/.Xauthority";
@@ -247,15 +247,15 @@ void AddArmGpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
  permissions->push_back(BrokerFilePermission::ReadOnly(kLibGlesPath));
  permissions->push_back(BrokerFilePermission::ReadOnly(kLibEglPath));

-  AddArmMaliGpuWhitelist(permissions);
+  AddArmMaliGpuPermissions(permissions);
 }

 // Need to look in vendor paths for custom vendor implementations.
-static const char* const kWhitelistedChromecastPaths[] = {
+static const char* const kAllowedChromecastPaths[] = {
    "/oem_cast_shlib/", "/system/vendor/lib/", "/system/lib/",
    "/system/chrome/lib/"};

-void AddChromecastArmGpuWhitelist(
+void AddChromecastArmGpuPermissions(
    std::vector<BrokerFilePermission>* permissions) {
  // Device file needed by the ARM GPU userspace.
  static const char kMali0Path[] = "/dev/mali0";
@@ -264,11 +264,11 @@ void AddChromecastArmGpuWhitelist(
  // Files needed by the ARM GPU userspace.
  static const char* const kReadOnlyLibraries[] = {"libGLESv2.so.2",
                                                   "libEGL.so.1",
-                                                   // Whitelist ANGLE libraries.
+                                                   // Allow ANGLE libraries.
                                                   "libGLESv2.so", "libEGL.so"};

  for (const char* library : kReadOnlyLibraries) {
-    for (const char* path : kWhitelistedChromecastPaths) {
+    for (const char* path : kAllowedChromecastPaths) {
      const std::string library_path(std::string(path) + std::string(library));
      permissions->push_back(BrokerFilePermission::ReadOnly(library_path));
    }
@@ -286,7 +286,7 @@ void AddChromecastArmGpuWhitelist(
  }
 }

-void AddStandardGpuWhiteList(std::vector<BrokerFilePermission>* permissions) {
+void AddStandardGpuPermissions(std::vector<BrokerFilePermission>* permissions) {
  static const char kDriCardBasePath[] = "/dev/dri/card";
  static const char kNvidiaCtlPath[] = "/dev/nvidiactl";
  static const char kNvidiaDeviceBasePath[] = "/dev/nvidia";
@@ -330,40 +330,40 @@ std::vector<BrokerFilePermission> FilePermissionsForGpu(

  if (IsChromeOS()) {
    if (UseV4L2Codec())
-      AddV4L2GpuWhitelist(&permissions, options);
+      AddV4L2GpuPermissions(&permissions, options);
    if (IsArchitectureArm()) {
-      AddImgPvrGpuWhitelist(&permissions);
-      AddArmGpuWhitelist(&permissions);
+      AddImgPvrGpuPermissions(&permissions);
+      AddArmGpuPermissions(&permissions);
      return permissions;
    }
    if (options.use_amd_specific_policies) {
-      AddAmdGpuWhitelist(&permissions);
+      AddAmdGpuPermissions(&permissions);
      return permissions;
    }
    if (options.use_intel_specific_policies) {
-      AddIntelGpuWhitelist(&permissions);
+      AddIntelGpuPermissions(&permissions);
      return permissions;
    }
  }

  if (UseChromecastSandboxAllowlist()) {
    if (UseV4L2Codec())
-      AddV4L2GpuWhitelist(&permissions, options);
+      AddV4L2GpuPermissions(&permissions, options);

    if (IsArchitectureArm()) {
-      AddChromecastArmGpuWhitelist(&permissions);
+      AddChromecastArmGpuPermissions(&permissions);
      return permissions;
    }
  }

-  AddStandardGpuWhiteList(&permissions);
+  AddStandardGpuPermissions(&permissions);
  return permissions;
 }

 void LoadArmGpuLibraries() {
  // Preload the Mali library.
  if (UseChromecastSandboxAllowlist()) {
-    for (const char* path : kWhitelistedChromecastPaths) {
+    for (const char* path : kAllowedChromecastPaths) {
      const std::string library_path(std::string(path) +
                                     std::string("libMali.so"));
      if (dlopen(library_path.c_str(), dlopen_flag))
@@ -414,7 +414,7 @@ void LoadV4L2Libraries(
 }

 void LoadChromecastV4L2Libraries() {
-  for (const char* path : kWhitelistedChromecastPaths) {
+  for (const char* path : kAllowedChromecastPaths) {
    const std::string library_path(std::string(path) +
                                   std::string("libvpcodec.so"));
    if (dlopen(library_path.c_str(), dlopen_flag))