sandbox: whitelist all potential V4L2 decoder files
The current sandbox code only whitelists V4L2 decoder devices that exist
at the time of sandbox creation. This effectively forbids any decoder
device to be used if it has been probed after Chromium has started.
Fix this by whitelisting all the /dev/video-dec[0..N] and
/dev/media-dec[0..N] devices. Doing so is safe because video-dec* and
media-dec* are symbolic links to the actual V4L2 devices that are
created by a udev rule matching only decoder devices, so we are not at
risk of giving access to an unexpected device. Besides, this is already
done for image processor and encoder devices (albeit only one device is
enabled this way).
Bug: 948147
Bug: 1000149
Test: Video decoding working on Kukui.
Change-Id: I4679dd102b20f4baf958f2b4c0e91b0556c28397
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1782178
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Auto-Submit: Alexandre Courbot <acourbot@chromium.org>
Cr-Commit-Position: refs/heads/master@{#692704}
This commit is contained in:
Alexandre Courbot
committed by
Commit Bot
Commit Bot
parent
0516477885
commit
d1b9852859
@ -8,6 +8,7 @@
|
||||
#include <errno.h>
|
||||
|
||||
#include <memory>
|
||||
#include <sstream>
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
@ -102,24 +103,26 @@ void AddV4L2GpuWhitelist(
|
||||
const service_manager::SandboxSeccompBPF::Options& options) {
|
||||
if (options.accelerated_video_decode_enabled) {
|
||||
// Device nodes for V4L2 video decode accelerator drivers.
|
||||
// We do not use a FileEnumerator because the device files may not exist
|
||||
// yet when the sandbox is created. But since we are restricting access
|
||||
// to the video-dec* and media-dec* prefixes we know that we cannot
|
||||
// authorize a non-decoder device by accident.
|
||||
static constexpr size_t MAX_V4L2_DECODERS = 5;
|
||||
static const base::FilePath::CharType kDevicePath[] =
|
||||
FILE_PATH_LITERAL("/dev/");
|
||||
static const base::FilePath::CharType kVideoDecPattern[] = "video-dec[0-9]";
|
||||
base::FileEnumerator video_enumerator(
|
||||
base::FilePath(kDevicePath), false, base::FileEnumerator::FILES,
|
||||
base::FilePath(kVideoDecPattern).value());
|
||||
for (base::FilePath name = video_enumerator.Next(); !name.empty();
|
||||
name = video_enumerator.Next())
|
||||
permissions->push_back(BrokerFilePermission::ReadWrite(name.value()));
|
||||
static const base::FilePath::CharType kVideoDecBase[] = "video-dec";
|
||||
static const base::FilePath::CharType kMediaDecBase[] = "media-dec";
|
||||
for (size_t i = 0; i < MAX_V4L2_DECODERS; i++) {
|
||||
std::ostringstream decoderPath;
|
||||
decoderPath << kDevicePath << kVideoDecBase << i;
|
||||
permissions->push_back(
|
||||
BrokerFilePermission::ReadWrite(decoderPath.str()));
|
||||
|
||||
// Device nodes for V4L2 media devices (for request API and camera)
|
||||
static const base::FilePath::CharType kMediaDecPattern[] = "media-dec[0-9]";
|
||||
base::FileEnumerator media_enumerator(
|
||||
base::FilePath(kDevicePath), false, base::FileEnumerator::FILES,
|
||||
base::FilePath(kMediaDecPattern).value());
|
||||
for (base::FilePath name = media_enumerator.Next(); !name.empty();
|
||||
name = media_enumerator.Next())
|
||||
permissions->push_back(BrokerFilePermission::ReadWrite(name.value()));
|
||||
std::ostringstream mediaDevicePath;
|
||||
mediaDevicePath << kDevicePath << kMediaDecBase << i;
|
||||
permissions->push_back(
|
||||
BrokerFilePermission::ReadWrite(mediaDevicePath.str()));
|
||||
}
|
||||
}
|
||||
|
||||
// Image processor used on ARM platforms.
|
||||
|
||||
Reference in New Issue
Block a user