nacl_listener.cc revision c5cede9ae108bb15f6b7a8aea21c7e1fefa2834c
1a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)#include "components/nacl/loader/nacl_listener.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <errno.h> 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <stdlib.h> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 10eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#if defined(OS_POSIX) 11eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include <unistd.h> 12eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#endif 13eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/command_line.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/logging.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 179ab5563a3196760eb381d102cbb2bc0f7abc6a50Ben Murdoch#include "base/message_loop/message_loop.h" 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/rand_util.h" 19a3f7b4e666c476898878fa745f637129375cd889Ben Murdoch#include "components/nacl/common/nacl_messages.h" 20a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)#include "components/nacl/loader/nacl_ipc_adapter.h" 21a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)#include "components/nacl/loader/nacl_validation_db.h" 22a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)#include "components/nacl/loader/nacl_validation_query.h" 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "ipc/ipc_channel_handle.h" 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "ipc/ipc_switches.h" 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "ipc/ipc_sync_channel.h" 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "ipc/ipc_sync_message_filter.h" 275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "native_client/src/public/chrome_main.h" 285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "native_client/src/public/nacl_app.h" 2990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "native_client/src/trusted/validator/nacl_file_info.h" 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_POSIX) 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/file_descriptor_posix.h" 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_LINUX) 36c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#include "components/nacl/loader/nonsfi/irt_random.h" 375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/nacl/loader/nonsfi/nonsfi_main.h" 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "content/public/common/child_process_sandbox_support_linux.h" 39c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#include "ppapi/nacl_irt/plugin_startup.h" 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <fcntl.h> 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <io.h> 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "content/public/common/sandbox_init.h" 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_MACOSX) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// On Mac OS X, shm_open() works in the sandbox but does not give us 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// an FD that we can map as PROT_EXEC. Rather than doing an IPC to 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// get an executable SHM region when CreateMemoryObject() is called, 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// we preallocate one on startup, since NaCl's sel_ldr only needs one 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// of them. This saves a round trip. 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)base::subtle::Atomic32 g_shm_fd = -1; 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int CreateMemoryObject(size_t size, int executable) { 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (executable && size > 0) { 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int result_fd = base::subtle::NoBarrier_AtomicExchange(&g_shm_fd, -1); 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (result_fd != -1) { 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // ftruncate() is disallowed by the Mac OS X sandbox and 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // returns EPERM. Luckily, we can get the same effect with 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // lseek() + write(). 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (lseek(result_fd, size - 1, SEEK_SET) == -1) { 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "lseek() failed: " << errno; 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return -1; 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (write(result_fd, "", 1) != 1) { 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "write() failed: " << errno; 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return -1; 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return result_fd; 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Fall back to NaCl's default implementation. 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return -1; 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#elif defined(OS_LINUX) 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int CreateMemoryObject(size_t size, int executable) { 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return content::MakeSharedMemorySegmentViaIPC(size, executable); 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#elif defined(OS_WIN) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)NaClListener* g_listener; 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// We wrap the function to convert the bool return value to an int. 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int BrokerDuplicateHandle(NaClHandle source_handle, 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32_t process_id, 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NaClHandle* target_handle, 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32_t desired_access, 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32_t options) { 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return content::BrokerDuplicateHandle(source_handle, process_id, 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) target_handle, desired_access, 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) options); 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int AttachDebugExceptionHandler(const void* info, size_t info_size) { 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string info_string(reinterpret_cast<const char*>(info), info_size); 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool result = false; 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!g_listener->Send(new NaClProcessMsg_AttachDebugExceptionHandler( 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) info_string, &result))) 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return result; 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Creates the PPAPI IPC channel between the NaCl IRT and the host 1155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// (browser/renderer) process, and starts to listen it on the thread where 1165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// the given message_loop_proxy runs. 1175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Also, creates and sets the corresponding NaClDesc to the given nap with 1185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// the FD #. 1195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void SetUpIPCAdapter(IPC::ChannelHandle* handle, 1205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_refptr<base::MessageLoopProxy> message_loop_proxy, 1215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) struct NaClApp* nap, 1225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) int nacl_fd) { 1235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_refptr<NaClIPCAdapter> ipc_adapter( 1245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) new NaClIPCAdapter(*handle, message_loop_proxy.get())); 1255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ipc_adapter->ConnectChannel(); 1265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#if defined(OS_POSIX) 1275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) handle->socket = 1285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::FileDescriptor(ipc_adapter->TakeClientFileDescriptor(), true); 1295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#endif 1305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Pass a NaClDesc to the untrusted side. This will hold a ref to the 1325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // NaClIPCAdapter. 1335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) NaClAppSetDesc(nap, nacl_fd, ipc_adapter->MakeNaClDesc()); 1345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 1355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class BrowserValidationDBProxy : public NaClValidationDB { 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) explicit BrowserValidationDBProxy(NaClListener* listener) 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : listener_(listener) { 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual bool QueryKnownToValidate(const std::string& signature) OVERRIDE { 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Initialize to false so that if the Send fails to write to the return 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // value we're safe. For example if the message is (for some reason) 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // dispatched as an async message the return parameter will not be written. 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool result = false; 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!listener_->Send(new NaClProcessMsg_QueryKnownToValidate(signature, 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &result))) { 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Failed to query NaCl validation cache."; 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) result = false; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return result; 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1572a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void SetKnownToValidate(const std::string& signature) OVERRIDE { 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Caching is optional: NaCl will still work correctly if the IPC fails. 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!listener_->Send(new NaClProcessMsg_SetKnownToValidate(signature))) { 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Failed to update NaCl validation cache."; 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 16490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) virtual bool ResolveFileToken(struct NaClFileToken* file_token, 16590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) int32* fd, std::string* path) OVERRIDE { 16690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) *fd = -1; 16790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) *path = ""; 16890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) if (file_token->lo == 0 && file_token->hi == 0) { 16990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return false; 17090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 17190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) IPC::PlatformFileForTransit ipc_fd = IPC::InvalidPlatformFileForTransit(); 17290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::FilePath ipc_path; 17390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) if (!listener_->Send(new NaClProcessMsg_ResolveFileToken(file_token->lo, 17490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) file_token->hi, 17590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) &ipc_fd, 17690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) &ipc_path))) { 17790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return false; 17890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 17990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) if (ipc_fd == IPC::InvalidPlatformFileForTransit()) { 18090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return false; 18190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 18290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::PlatformFile handle = 18390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) IPC::PlatformFileForTransitToPlatformFile(ipc_fd); 18490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#if defined(OS_WIN) 18590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // On Windows, valid handles are 32 bit unsigned integers so this is safe. 18690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) *fd = reinterpret_cast<uintptr_t>(handle); 18790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#else 18890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) *fd = handle; 18990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#endif 19090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // It doesn't matter if the path is invalid UTF8 as long as it's consistent 19190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) // and unforgeable. 19290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) *path = ipc_path.AsUTF8Unsafe(); 19390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return true; 19490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 19590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The listener never dies, otherwise this might be a dangling reference. 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NaClListener* listener_; 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)NaClListener::NaClListener() : shutdown_event_(true, false), 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) io_thread_("NaCl_IOThread"), 204e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch uses_nonsfi_mode_(false), 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_LINUX) 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) prereserved_sandbox_size_(0), 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 208eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#if defined(OS_POSIX) 209eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch number_of_cores_(-1), // unknown/error 210eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#endif 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) main_loop_(NULL) { 212a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) io_thread_.StartWithOptions( 213a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) base::Thread::Options(base::MessageLoop::TYPE_IO, 0)); 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(g_listener == NULL); 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) g_listener = this; 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)NaClListener::~NaClListener() { 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED(); 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) shutdown_event_.Signal(); 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) g_listener = NULL; 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool NaClListener::Send(IPC::Message* msg) { 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(main_loop_ != NULL); 230a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) if (base::MessageLoop::current() == main_loop_) { 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This thread owns the channel. 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return channel_->Send(msg); 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This thread does not own the channel. 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return filter_->Send(msg); 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void NaClListener::Listen() { 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string channel_name = 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CommandLine::ForCurrentProcess()->GetSwitchValueASCII( 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switches::kProcessChannelID); 2437d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) channel_.reset(new IPC::SyncChannel( 2447d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) this, io_thread_.message_loop_proxy().get(), &shutdown_event_)); 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) filter_ = new IPC::SyncMessageFilter(&shutdown_event_); 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) channel_->AddFilter(filter_.get()); 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) channel_->Init(channel_name, IPC::Channel::MODE_CLIENT, true); 248a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) main_loop_ = base::MessageLoop::current(); 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) main_loop_->Run(); 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool NaClListener::OnMessageReceived(const IPC::Message& msg) { 2535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool handled = true; 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IPC_BEGIN_MESSAGE_MAP(NaClListener, msg) 2552a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) IPC_MESSAGE_HANDLER(NaClProcessMsg_Start, OnStart) 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IPC_MESSAGE_UNHANDLED(handled = false) 2575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) IPC_END_MESSAGE_MAP() 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return handled; 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)void NaClListener::OnStart(const nacl::NaClStartParams& params) { 262e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch#if !defined(OS_LINUX) 263e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch CHECK(!uses_nonsfi_mode_) << "Non-SFI NaCl is only supported on Linux"; 264e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch#endif 265c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch 266c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch // Random number source initialization. 267c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#if defined(OS_LINUX) 268c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch if (uses_nonsfi_mode_) { 269c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch nacl::nonsfi::SetUrandomFd(base::GetUrandomFD()); 2705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 2715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#endif 272c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#if defined(OS_LINUX) || defined(OS_MACOSX) 273c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch if (!uses_nonsfi_mode_) { 274c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch int urandom_fd = dup(base::GetUrandomFD()); 275c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch if (urandom_fd < 0) { 276c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch LOG(ERROR) << "Failed to dup() the urandom FD"; 277c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch return; 278c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch } 279c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch NaClChromeMainSetUrandomFd(urandom_fd); 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 281c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#endif 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 283c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch struct NaClApp* nap = NULL; 284c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch if (!uses_nonsfi_mode_) { 285c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch NaClChromeMainInit(); 286c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch nap = NaClAppCreate(); 287c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch if (nap == NULL) { 288c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch LOG(ERROR) << "NaClAppCreate() failed"; 289c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch return; 290c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch } 2915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 2925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 293a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IPC::ChannelHandle browser_handle; 294a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IPC::ChannelHandle ppapi_renderer_handle; 295a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 2965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (params.enable_ipc_proxy) { 297a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) browser_handle = IPC::Channel::GenerateVerifiedChannelID("nacl"); 298a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) ppapi_renderer_handle = IPC::Channel::GenerateVerifiedChannelID("nacl"); 299a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 300a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(OS_LINUX) 301e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch if (uses_nonsfi_mode_) { 302a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // In non-SFI mode, we neither intercept nor rewrite the message using 303a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // NaClIPCAdapter, and the channels are connected between the plugin and 304a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // the hosts directly. So, the IPC::Channel instances will be created in 305a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // the plugin side, because the IPC::Listener needs to live on the 306a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // plugin's main thread. However, on initialization (i.e. before loading 307a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // the plugin binary), the FD needs to be passed to the hosts. So, here 308a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // we create raw FD pairs, and pass the client side FDs to the hosts, 309a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // and the server side FDs to the plugin. 310a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) int browser_server_ppapi_fd; 311a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) int browser_client_ppapi_fd; 312a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) int renderer_server_ppapi_fd; 313a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) int renderer_client_ppapi_fd; 314a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (!IPC::SocketPair( 315a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) &browser_server_ppapi_fd, &browser_client_ppapi_fd) || 316a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) !IPC::SocketPair( 317a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) &renderer_server_ppapi_fd, &renderer_client_ppapi_fd)) { 318a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) LOG(ERROR) << "Failed to create sockets for IPC."; 319a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) return; 320a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } 321a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 322a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Set the plugin IPC channel FDs. 323c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch ppapi::SetIPCFileDescriptors( 324a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) browser_server_ppapi_fd, renderer_server_ppapi_fd); 325a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 326a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Send back to the client side IPC channel FD to the host. 327a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) browser_handle.socket = 328a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::FileDescriptor(browser_client_ppapi_fd, true); 329a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) ppapi_renderer_handle.socket = 330a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::FileDescriptor(renderer_client_ppapi_fd, true); 331a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } else { 332a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 333a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Create the PPAPI IPC channels between the NaCl IRT and the host 334a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // (browser/renderer) processes. The IRT uses these channels to 335a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // communicate with the host and to initialize the IPC dispatchers. 336a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) SetUpIPCAdapter(&browser_handle, io_thread_.message_loop_proxy(), 337a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) nap, NACL_CHROME_DESC_BASE); 338a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) SetUpIPCAdapter(&ppapi_renderer_handle, io_thread_.message_loop_proxy(), 339a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) nap, NACL_CHROME_DESC_BASE + 1); 340a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(OS_LINUX) 341a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } 342a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 3435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 345a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // The argument passed to GenerateVerifiedChannelID() here MUST be "nacl". 346a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Using an alternate channel name prevents the pipe from being created on 347a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Windows when the sandbox is enabled. 348a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IPC::ChannelHandle trusted_renderer_handle = 349a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IPC::Channel::GenerateVerifiedChannelID("nacl"); 350a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) trusted_listener_ = new NaClTrustedListener( 351a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) trusted_renderer_handle, io_thread_.message_loop_proxy(), 352a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) &shutdown_event_); 353a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(OS_POSIX) 354a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) trusted_renderer_handle.socket = base::FileDescriptor( 355a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) trusted_listener_->TakeClientFileDescriptor(), true); 356a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 357a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (!Send(new NaClProcessHostMsg_PpapiChannelsCreated( 358a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) browser_handle, ppapi_renderer_handle, trusted_renderer_handle))) 359a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) LOG(ERROR) << "Failed to send IPC channel handle to NaClProcessHost."; 360a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<nacl::FileDescriptor> handles = params.handles; 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 363c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#if defined(OS_LINUX) 364c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch if (uses_nonsfi_mode_) { 365c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch if (params.uses_irt) { 366c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch LOG(ERROR) << "IRT must not be used for non-SFI NaCl."; 367c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch return; 368c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch } 369c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch CHECK(handles.size() == 1); 370c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch int imc_bootstrap_handle = nacl::ToNativeHandle(handles[0]); 371c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch nacl::nonsfi::MainStart(imc_bootstrap_handle); 372c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch return; 373c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch } 374c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#endif 375c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch 376c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch struct NaClChromeMainArgs* args = NaClChromeMainArgsCreate(); 377c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch if (args == NULL) { 378c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch LOG(ERROR) << "NaClChromeMainArgsCreate() failed"; 379c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch return; 380c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch } 381c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch 3825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_LINUX) || defined(OS_MACOSX) 383eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch args->number_of_cores = number_of_cores_; 3845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->create_memory_object_func = CreateMemoryObject; 3855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# if defined(OS_MACOSX) 3865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(handles.size() >= 1); 3875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) g_shm_fd = nacl::ToNativeHandle(handles[handles.size() - 1]); 3885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) handles.pop_back(); 3895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# endif 3905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 3915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3922a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (params.uses_irt) { 3932a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) CHECK(handles.size() >= 1); 3942a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) NaClHandle irt_handle = nacl::ToNativeHandle(handles[handles.size() - 1]); 3952a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) handles.pop_back(); 3965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 3982a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) args->irt_fd = _open_osfhandle(reinterpret_cast<intptr_t>(irt_handle), 3992a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) _O_RDONLY | _O_BINARY); 4002a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (args->irt_fd < 0) { 4012a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) LOG(ERROR) << "_open_osfhandle() failed"; 4022a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return; 4032a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 4045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 4052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) args->irt_fd = irt_handle; 4065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 4072a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } else { 4082a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Otherwise, the IRT handle is not even sent. 4092a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) args->irt_fd = -1; 4102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 4115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (params.validation_cache_enabled) { 4135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // SHA256 block size. 4145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(params.validation_cache_key.length(), (size_t) 64); 4155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The cache structure is not freed and exists until the NaCl process exits. 4165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->validation_cache = CreateValidationCache( 4175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) new BrowserValidationDBProxy(this), params.validation_cache_key, 4185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) params.version); 4195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(handles.size() == 1); 4225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->imc_bootstrap_handle = nacl::ToNativeHandle(handles[0]); 4235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->enable_exception_handling = params.enable_exception_handling; 4245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->enable_debug_stub = params.enable_debug_stub; 425c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) args->enable_dyncode_syscalls = params.enable_dyncode_syscalls; 426ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch if (!params.enable_dyncode_syscalls) { 427ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch // Bound the initial nexe's code segment size under PNaCl to 428ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch // reduce the chance of a code spraying attack succeeding (see 429ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch // https://code.google.com/p/nativeclient/issues/detail?id=3572). 430ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch // We assume that !params.enable_dyncode_syscalls is synonymous 431ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch // with PNaCl. We can't apply this arbitrary limit outside of 432ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch // PNaCl because it might break existing NaCl apps, and this limit 433ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch // is only useful if the dyncode syscalls are disabled. 434ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch args->initial_nexe_max_code_bytes = 32 << 20; // 32 MB 435a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 436a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Indicate that this is a PNaCl module. 437a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // TODO(jvoung): Plumb through something indicating that this is PNaCl 438a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // instead of relying on enable_dyncode_syscalls. 439a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) args->pnacl_mode = 1; 440ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch } 4415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_LINUX) || defined(OS_MACOSX) 4425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->debug_stub_server_bound_socket_fd = nacl::ToNativeHandle( 4435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) params.debug_stub_server_bound_socket); 4445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 4455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 4465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->broker_duplicate_handle_func = BrokerDuplicateHandle; 4475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->attach_debug_exception_handler_func = AttachDebugExceptionHandler; 4485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 4495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_LINUX) 4505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) args->prereserved_sandbox_size = prereserved_sandbox_size_; 4515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 4525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) NaClChromeMainStartApp(nap, args); 4545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED(); 4555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 456