Enable GPU sandboxing for AMD platform

Desktop / Chromium - Satyajit Sahu [amd.com] - 8 September 2017 13:33 EDT

Default sandboxing fails for AMD platform as the GPU process spawns multiple threads. So GPU sandboxing needs to be started early. And all dependent libraries need to be preloaded.

BUG=b:63252288 TEST=after adding gpu-sandbox-start-early flag GPU sandbox is successful and UI also comes up

Change-Id: I97032f2404bfbd2d2c36cc3a4d2b203ca7e6d75d

5271f17 Enable GPU sandboxing for AMD platform
content/common/BUILD.gn | 5 +
.../sandbox_linux/bpf_cros_amd_gpu_policy_linux.cc | 164 +++++++++++++++++++++
.../sandbox_linux/bpf_cros_amd_gpu_policy_linux.h | 29 ++++
content/common/sandbox_linux/sandbox_linux.cc | 15 +-
content/common/sandbox_linux/sandbox_linux.h | 8 +-
.../sandbox_linux/sandbox_seccomp_bpf_linux.cc | 23 ++-
.../sandbox_linux/sandbox_seccomp_bpf_linux.h | 4 +-
content/gpu/gpu_main.cc | 13 +-
gpu/ipc/service/gpu_init.cc | 8 +-
gpu/ipc/service/gpu_init.h | 3 +-
services/ui/gpu/gpu_main.cc | 4 +-
services/ui/gpu/gpu_main.h | 4 +-
12 files changed, 248 insertions(+), 32 deletions(-)

Upstream: git.chromium.org


  • Share