129 lines
5.2 KiB
Text
129 lines
5.2 KiB
Text
Index: content/utility/utility_main.cc
|
|
--- content/utility/utility_main.cc.orig
|
|
+++ content/utility/utility_main.cc
|
|
@@ -37,17 +37,21 @@
|
|
#include "third_party/icu/source/common/unicode/unistr.h"
|
|
#include "third_party/icu/source/i18n/unicode/timezone.h"
|
|
|
|
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD)
|
|
#include "base/file_descriptor_store.h"
|
|
#include "base/files/file_util.h"
|
|
#include "base/pickle.h"
|
|
#include "content/child/sandboxed_process_thread_type_handler.h"
|
|
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_BSD)
|
|
#include "content/common/gpu_pre_sandbox_hook_linux.h"
|
|
+#endif
|
|
#include "content/public/common/content_descriptor_keys.h"
|
|
#include "content/utility/speech/speech_recognition_sandbox_hook_linux.h"
|
|
#include "gpu/config/gpu_info_collector.h"
|
|
#include "media/gpu/sandbox/hardware_video_encoding_sandbox_hook_linux.h"
|
|
+#if !BUILDFLAG(IS_BSD)
|
|
#include "sandbox/policy/linux/sandbox_linux.h"
|
|
+#endif
|
|
#include "services/audio/audio_sandbox_hook_linux.h"
|
|
#include "services/network/network_sandbox_hook_linux.h"
|
|
// gn check is not smart enough to realize that this include only applies to
|
|
@@ -59,10 +63,15 @@
|
|
#endif
|
|
#endif
|
|
|
|
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
|
|
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH) || BUILDFLAG(IS_BSD)
|
|
#include "media/gpu/sandbox/hardware_video_decoding_sandbox_hook_linux.h"
|
|
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
|
|
|
|
+#if BUILDFLAG(IS_BSD)
|
|
+#include "sandbox/policy/sandbox.h"
|
|
+#include "content/common/gpu_pre_sandbox_hook_bsd.h"
|
|
+#endif
|
|
+
|
|
#if BUILDFLAG(IS_CHROMEOS_ASH)
|
|
#include "chromeos/ash/components/assistant/buildflags.h"
|
|
#include "chromeos/ash/services/ime/ime_sandbox_hook.h"
|
|
@@ -74,7 +83,7 @@
|
|
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
|
|
|
|
#if (BUILDFLAG(ENABLE_SCREEN_AI_SERVICE) && \
|
|
- (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)))
|
|
+ (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD)))
|
|
#include "services/screen_ai/public/cpp/utilities.h" // nogncheck
|
|
#include "services/screen_ai/sandbox/screen_ai_sandbox_hook_linux.h" // nogncheck
|
|
#endif
|
|
@@ -101,7 +110,7 @@ namespace content {
|
|
|
|
namespace {
|
|
|
|
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD)
|
|
std::vector<std::string> GetNetworkContextsParentDirectories() {
|
|
base::MemoryMappedFile::Region region;
|
|
base::ScopedFD read_pipe_fd = base::FileDescriptorStore::GetInstance().TakeFD(
|
|
@@ -127,9 +136,10 @@ std::vector<std::string> GetNetworkContextsParentDirec
|
|
return dirs;
|
|
}
|
|
|
|
+#if !BUILDFLAG(IS_BSD)
|
|
bool ShouldUseAmdGpuPolicy(sandbox::mojom::Sandbox sandbox_type) {
|
|
const bool obtain_gpu_info =
|
|
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
|
|
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH) || BUILDFLAG(IS_BSD)
|
|
sandbox_type == sandbox::mojom::Sandbox::kHardwareVideoDecoding ||
|
|
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
|
|
sandbox_type == sandbox::mojom::Sandbox::kHardwareVideoEncoding;
|
|
@@ -144,6 +154,7 @@ bool ShouldUseAmdGpuPolicy(sandbox::mojom::Sandbox san
|
|
|
|
return false;
|
|
}
|
|
+#endif
|
|
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
|
|
#if BUILDFLAG(IS_WIN)
|
|
@@ -252,7 +263,8 @@ int UtilityMain(MainFunctionParams parameters) {
|
|
}
|
|
}
|
|
|
|
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
+// XXX BSD
|
|
+#if (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)) && !BUILDFLAG(IS_BSD)
|
|
// Thread type delegate of the process should be registered before
|
|
// first thread type change in ChildProcess constructor.
|
|
// It also needs to be registered before the process has multiple threads,
|
|
@@ -263,7 +275,7 @@ int UtilityMain(MainFunctionParams parameters) {
|
|
}
|
|
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
|
|
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD)
|
|
// Initializes the sandbox before any threads are created.
|
|
// TODO(jorgelo): move this after GTK initialization when we enable a strict
|
|
// Seccomp-BPF policy.
|
|
@@ -301,7 +313,7 @@ int UtilityMain(MainFunctionParams parameters) {
|
|
screen_ai::GetBinaryPathSwitch()));
|
|
break;
|
|
#endif
|
|
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH)
|
|
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH) || BUILDFLAG(IS_BSD)
|
|
case sandbox::mojom::Sandbox::kHardwareVideoDecoding:
|
|
pre_sandbox_hook =
|
|
base::BindOnce(&media::HardwareVideoDecodingPreSandboxHook);
|
|
@@ -328,6 +340,7 @@ int UtilityMain(MainFunctionParams parameters) {
|
|
default:
|
|
break;
|
|
}
|
|
+#if !BUILDFLAG(IS_BSD)
|
|
if (!sandbox::policy::IsUnsandboxedSandboxType(sandbox_type) &&
|
|
(parameters.zygote_child || !pre_sandbox_hook.is_null())) {
|
|
sandbox_options.use_amd_specific_policies =
|
|
@@ -335,6 +348,11 @@ int UtilityMain(MainFunctionParams parameters) {
|
|
sandbox::policy::Sandbox::Initialize(
|
|
sandbox_type, std::move(pre_sandbox_hook), sandbox_options);
|
|
}
|
|
+#else
|
|
+ sandbox::policy::Sandbox::Initialize(
|
|
+ sandbox_type, std::move(pre_sandbox_hook),
|
|
+ sandbox::policy::SandboxLinux::Options());
|
|
+#endif
|
|
|
|
// Start the HangWatcher now that the sandbox is engaged, if it hasn't
|
|
// already been started.
|