Modify NaClIPCAdapter to handle transfer handles for a PPB_Audio message.

BUG=116317
TEST=manual
Review URL: https://chromiumcodereview.appspot.com/10781008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147155 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 190 insertions, 45 deletions

diff --git a/chrome/nacl/DEPS b/chrome/nacl/DEPS
index cba9654..d2d9ef4 100644
--- a/chrome/nacl/DEPS
+++ b/chrome/nacl/DEPS
@@ -5,4 +5,6 @@ include_rules = [
   "+sandbox/win/src",
   "+seccompsandbox",
   "+native_client/src",
+  "+ppapi/c",  # header files only
+  "+ppapi/proxy/ppapi_messages.h",  # for message id's only
 ]
diff --git a/chrome/nacl/nacl_ipc_adapter.cc b/chrome/nacl/nacl_ipc_adapter.cc
index f915a6a..187eb8b 100644
--- a/chrome/nacl/nacl_ipc_adapter.cc
+++ b/chrome/nacl/nacl_ipc_adapter.cc
@@ -11,8 +11,13 @@
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/shared_memory.h"
 #include "build/build_config.h"
+#include "ipc/ipc_message_macros.h"
+#include "ipc/ipc_platform_file.h"
 #include "native_client/src/trusted/desc/nacl_desc_custom.h"
+#include "native_client/src/trusted/desc/nacl_desc_wrapper.h"
+#include "ppapi/proxy/ppapi_messages.h"
 
 namespace {
 
@@ -63,21 +68,12 @@ void NaClDescCustomDestroy(void* handle) {
 
 ssize_t NaClDescCustomSendMsg(void* handle, const NaClImcTypedMsgHdr* msg,
                               int /* flags */) {
-  if (msg->iov_length != 1)
-    return -1;
-  return static_cast<ssize_t>(
-      ToAdapter(handle)->Send(static_cast<char*>(msg->iov[0].base),
-                              msg->iov[0].length));
+  return static_cast<ssize_t>(ToAdapter(handle)->Send(msg));
 }
 
 ssize_t NaClDescCustomRecvMsg(void* handle, NaClImcTypedMsgHdr* msg,
                               int /* flags */) {
-  if (msg->iov_length != 1)
-    return -1;
-  msg->ndesc_length = 0;  // Messages with descriptors aren't supported yet.
-  return static_cast<ssize_t>(
-      ToAdapter(handle)->BlockingReceive(static_cast<char*>(msg->iov[0].base),
-                                         msg->iov[0].length));
+  return static_cast<ssize_t>(ToAdapter(handle)->BlockingReceive(msg));
 }
 
 NaClDesc* MakeNaClDescCustom(NaClIPCAdapter* adapter) {
@@ -93,6 +89,46 @@ void DeleteChannel(IPC::Channel* channel) {
   delete channel;
 }
 
+bool ReadHostResource(PickleIterator* it, int* instance_id, int* resource_id) {
+  return it->ReadInt(instance_id) &&
+         it->ReadInt(resource_id);
+}
+
+bool ReadFileDescriptor(const IPC::Message& message,
+                        PickleIterator* it,
+                        NaClHandle* handle) {
+#if defined(OS_POSIX)
+  bool valid;
+  base::FileDescriptor desc;
+  if (!it->ReadBool(&valid) ||
+      !valid ||
+      !message.ReadFileDescriptor(it, &desc))
+    return false;
+
+  *handle = desc.fd;
+  return true;
+#else
+  uint32 value;
+  if (!it->ReadUInt32(&value))
+    return false;
+
+  *handle = reinterpret_cast<NaClHandle>(value);
+  return true;
+#endif  // defined(OS_POSIX)
+}
+
+void WriteHostResource(IPC::Message* message,
+                       int instance_id,
+                       int resource_id) {
+  message->WriteInt(instance_id);
+  message->WriteInt(resource_id);
+}
+
+void WriteFileDescriptor(IPC::Message* message, int index) {
+  message->WriteBool(true);  // valid == true
+  message->WriteInt(index);
+}
+
 }  // namespace
 
 class NaClIPCAdapter::RewrittenMessage
@@ -150,7 +186,8 @@ int NaClIPCAdapter::RewrittenMessage::Read(char* dest_buffer,
   return static_cast<int>(bytes_to_write);
 }
 
-NaClIPCAdapter::LockedData::LockedData() : channel_closed_(false) {
+NaClIPCAdapter::LockedData::LockedData()
+    : channel_closed_(false) {
 }
 
 NaClIPCAdapter::LockedData::~LockedData() {
@@ -185,9 +222,14 @@ NaClIPCAdapter::NaClIPCAdapter(scoped_ptr<IPC::Channel> channel,
 
 // Note that this message is controlled by the untrusted code. So we should be
 // skeptical of anything it contains and quick to give up if anything is fishy.
-int NaClIPCAdapter::Send(const char* input_data, size_t input_data_len) {
+int NaClIPCAdapter::Send(const NaClImcTypedMsgHdr* msg) {
+  if (msg->iov_length != 1)
+    return -1;
+
   base::AutoLock lock(lock_);
 
+  const char* input_data = static_cast<char*>(msg->iov[0].base);
+  size_t input_data_len = msg->iov[0].length;
   if (input_data_len > IPC::Channel::kMaximumMessageSize) {
     ClearToBeSent();
     return -1;
@@ -248,8 +290,12 @@ int NaClIPCAdapter::Send(const char* input_data, size_t input_data_len) {
   }
 }
 
-int NaClIPCAdapter::BlockingReceive(char* output_buffer,
-                                    size_t output_buffer_size) {
+int NaClIPCAdapter::BlockingReceive(NaClImcTypedMsgHdr* msg) {
+  if (msg->iov_length != 1)
+    return -1;
+
+  char* output_buffer = static_cast<char*>(msg->iov[0].base);
+  size_t output_buffer_size = msg->iov[0].length;
   int retval = 0;
   {
     base::AutoLock lock(lock_);
@@ -262,6 +308,11 @@ int NaClIPCAdapter::BlockingReceive(char* output_buffer,
       retval = LockedReceive(output_buffer, output_buffer_size);
       DCHECK(retval > 0);
     }
+    int desc_count = static_cast<int>(locked_data_.nacl_descs_.size());
+    CHECK(desc_count <= NACL_ABI_IMC_DESC_MAX);
+    msg->ndesc_length = desc_count;
+    for (int i = 0; i < desc_count; i++)
+      msg->ndescv[i] = locked_data_.nacl_descs_[i]->desc();
   }
   cond_var_.Signal();
   return retval;
@@ -292,21 +343,57 @@ bool NaClIPCAdapter::OnMessageReceived(const IPC::Message& message) {
   {
     base::AutoLock lock(lock_);
 
-    // There is some padding in this structure (the "padding" member is 16
-    // bits but this then gets padded to 32 bits). We want to be sure not to
-    // leak data to the untrusted plugin, so zero everything out first.
-    NaClMessageHeader header;
-    memset(&header, 0, sizeof(NaClMessageHeader));
-
-    header.payload_size = static_cast<uint32>(message.payload_size());
-    header.routing = message.routing_id();
-    header.type = message.type();
-    header.flags = message.flags();
-    header.num_fds = 0;  // TODO(brettw) hook this up.
-
-    scoped_refptr<RewrittenMessage> dest(new RewrittenMessage);
-    dest->SetData(header, message.payload(), message.payload_size());
-    locked_data_.to_be_received_.push(dest);
+    // Clear any descriptors left from the prior message.
+    locked_data_.nacl_descs_.clear();
+
+    PickleIterator it(message);
+    switch (message.type()) {
+      case PpapiMsg_PPBAudio_NotifyAudioStreamCreated::ID: {
+        int instance_id;
+        int resource_id;
+        int result_code;
+        NaClHandle sock_handle;
+        NaClHandle shm_handle;
+        uint32_t shm_length;
+        if (ReadHostResource(&it, &instance_id, &resource_id) &&
+            it.ReadInt(&result_code) &&
+            ReadFileDescriptor(message, &it, &sock_handle) &&
+            ReadFileDescriptor(message, &it, &shm_handle) &&
+            it.ReadUInt32(&shm_length)) {
+          // Our caller, OnMessageReceived, holds the lock for locked_data_.
+          // Import the sync socket. Use DescWrappers to simplify clean up.
+          nacl::DescWrapperFactory factory;
+          scoped_ptr<nacl::DescWrapper> socket_wrapper(
+              factory.ImportSyncSocketHandle(sock_handle));
+          // Import the shared memory handle and increase its size by 4 bytes to
+          // accommodate the length data we write to signal the host.
+          scoped_ptr<nacl::DescWrapper> shm_wrapper(
+              factory.ImportShmHandle(shm_handle, shm_length + sizeof(uint32)));
+          if (shm_wrapper.get() && socket_wrapper.get()) {
+            locked_data_.nacl_descs_.push_back(socket_wrapper.release());
+            locked_data_.nacl_descs_.push_back(shm_wrapper.release());
+          }
+#if defined(OS_POSIX)
+          SaveMessage(message);
+#else  // defined(OS_POSIX)
+          // On Windows we must rewrite the message to the POSIX representation.
+          IPC::Message new_msg(message.routing_id(),
+                               PpapiMsg_PPBAudio_NotifyAudioStreamCreated::ID,
+                               message.priority());
+          WriteHostResource(&new_msg, instance_id, resource_id);
+          new_msg.WriteInt(result_code);
+          WriteFileDescriptor(&new_msg, 0);  // socket handle, index = 0
+          WriteFileDescriptor(&new_msg, 1);  // shm handle, index = 1
+          new_msg.WriteUInt32(shm_length);
+          SaveMessage(new_msg);
+#endif
+        }
+        break;
+      }
+      default: {
+        SaveMessage(message);
+      }
+    }
   }
   cond_var_.Signal();
   return true;
@@ -407,3 +494,22 @@ void NaClIPCAdapter::CloseChannelOnIOThread() {
 void NaClIPCAdapter::SendMessageOnIOThread(scoped_ptr<IPC::Message> message) {
   io_thread_data_.channel_->Send(message.release());
 }
+
+void NaClIPCAdapter::SaveMessage(const IPC::Message& message) {
+  // There is some padding in this structure (the "padding" member is 16
+  // bits but this then gets padded to 32 bits). We want to be sure not to
+  // leak data to the untrusted plugin, so zero everything out first.
+  NaClMessageHeader header;
+  memset(&header, 0, sizeof(NaClMessageHeader));
+
+  header.payload_size = static_cast<uint32>(message.payload_size());
+  header.routing = message.routing_id();
+  header.type = message.type();
+  header.flags = message.flags();
+  header.num_fds = static_cast<int>(locked_data_.nacl_descs_.size());
+
+  scoped_refptr<RewrittenMessage> dest(new RewrittenMessage);
+  dest->SetData(header, message.payload(), message.payload_size());
+  locked_data_.to_be_received_.push(dest);
+}
+
diff --git a/chrome/nacl/nacl_ipc_adapter.h b/chrome/nacl/nacl_ipc_adapter.h
index ab173ed..c8b29ae 100644
--- a/chrome/nacl/nacl_ipc_adapter.h
+++ b/chrome/nacl/nacl_ipc_adapter.h
@@ -11,12 +11,29 @@
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/memory/scoped_vector.h"
+#include "base/shared_memory.h"
 #include "base/synchronization/condition_variable.h"
 #include "base/synchronization/lock.h"
 #include "base/task_runner.h"
 #include "ipc/ipc_channel.h"
+#include "ipc/ipc_message.h"
 
 struct NaClDesc;
+struct NaClImcTypedMsgHdr;
+struct PP_Size;
+
+namespace IPC {
+class Message;
+}
+
+namespace nacl {
+class DescWrapper;
+}
+
+namespace ppapi {
+class HostResource;
+}
 
 // Adapts a Chrome IPC channel to an IPC channel that we expose to Native
 // Client. This provides a mapping in both directions, so when IPC messages
@@ -62,12 +79,12 @@ class NaClIPCAdapter : public base::RefCountedThreadSafe<NaClIPCAdapter>,
 
   // Implementation of sendmsg. Returns the number of bytes written or -1 on
   // failure.
-  int Send(const char* input_data, size_t input_data_len);
+  int Send(const NaClImcTypedMsgHdr* msg);
 
   // Implementation of recvmsg. Returns the number of bytes read or -1 on
   // failure. This will block until there's an error or there is data to
   // read.
-  int BlockingReceive(char* output_buffer, size_t output_buffer_size);
+  int BlockingReceive(NaClImcTypedMsgHdr* msg);
 
   // Closes the IPC channel.
   void CloseChannel();
@@ -109,6 +126,9 @@ class NaClIPCAdapter : public base::RefCountedThreadSafe<NaClIPCAdapter>,
     // message, so we don't need to worry about arbitrary message boundaries.
     std::string to_be_sent_;
 
+    // Wrapped descriptors and handles for transfer to untrusted code.
+    ScopedVector<nacl::DescWrapper> nacl_descs_;
+
     bool channel_closed_;
   };
 
@@ -138,6 +158,10 @@ class NaClIPCAdapter : public base::RefCountedThreadSafe<NaClIPCAdapter>,
   void CloseChannelOnIOThread();
   void SendMessageOnIOThread(scoped_ptr<IPC::Message> message);
 
+  // Saves the message to forward to NaCl. This method assumes that the caller
+  // holds the lock for locked_data_.
+  void SaveMessage(const IPC::Message& message);
+
   base::Lock lock_;
   base::ConditionVariable cond_var_;
 
diff --git a/chrome/nacl/nacl_ipc_adapter_unittest.cc b/chrome/nacl/nacl_ipc_adapter_unittest.cc
index 0f62ff1..7f3c55a 100644
--- a/chrome/nacl/nacl_ipc_adapter_unittest.cc
+++ b/chrome/nacl/nacl_ipc_adapter_unittest.cc
@@ -12,6 +12,7 @@
 #include "base/threading/platform_thread.h"
 #include "base/threading/simple_thread.h"
 #include "ipc/ipc_test_sink.h"
+#include "native_client/src/trusted/desc/nacl_desc_custom.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace {
@@ -40,6 +41,18 @@ class NaClIPCAdapterTest : public testing::Test {
   }
 
  protected:
+  int BlockingReceive(void* buf, size_t buf_size) {
+    NaClImcMsgIoVec iov = {buf, buf_size};
+    NaClImcTypedMsgHdr msg = {&iov, 1};
+    return adapter_->BlockingReceive(&msg);
+  }
+
+  int Send(void* buf, size_t buf_size) {
+    NaClImcMsgIoVec iov = {buf, buf_size};
+    NaClImcTypedMsgHdr msg = {&iov, 1};
+    return adapter_->Send(&msg);
+  }
+
   MessageLoop message_loop_;
 
   scoped_refptr<NaClIPCAdapter> adapter_;
@@ -70,7 +83,7 @@ TEST_F(NaClIPCAdapterTest, SimpleReceiveRewriting) {
   const int kBufSize = 64;
   char buf[kBufSize];
 
-  int bytes_read = adapter_->BlockingReceive(buf, kBufSize);
+  int bytes_read = BlockingReceive(buf, kBufSize);
   EXPECT_EQ(sizeof(NaClIPCAdapter::NaClMessageHeader) + sizeof(int),
             static_cast<size_t>(bytes_read));
 
@@ -110,7 +123,7 @@ TEST_F(NaClIPCAdapterTest, SendRewriting) {
   *reinterpret_cast<int*>(
       &buf[sizeof(NaClIPCAdapter::NaClMessageHeader)]) = value;
 
-  int result = adapter_->Send(buf, buf_size);
+  int result = Send(buf, buf_size);
   EXPECT_EQ(buf_size, result);
 
   // Check that the message came out the other end in the test sink
@@ -127,7 +140,7 @@ TEST_F(NaClIPCAdapterTest, SendRewriting) {
   // into two parts and it should still work.
   sink_->ClearMessages();
   int first_chunk_size = 7;
-  result = adapter_->Send(buf, first_chunk_size);
+  result = Send(buf, first_chunk_size);
   EXPECT_EQ(first_chunk_size, result);
 
   // First partial send should not have made any messages.
@@ -136,14 +149,14 @@ TEST_F(NaClIPCAdapterTest, SendRewriting) {
 
   // Second partial send should do the same.
   int second_chunk_size = 2;
-  result = adapter_->Send(&buf[first_chunk_size], second_chunk_size);
+  result = Send(&buf[first_chunk_size], second_chunk_size);
   EXPECT_EQ(second_chunk_size, result);
   message_loop_.RunAllPending();
   ASSERT_EQ(0u, sink_->message_count());
 
   // Send the rest of the message in a third chunk.
   int third_chunk_size = buf_size - first_chunk_size - second_chunk_size;
-  result = adapter_->Send(&buf[first_chunk_size + second_chunk_size],
+  result = Send(&buf[first_chunk_size + second_chunk_size],
                           third_chunk_size);
   EXPECT_EQ(third_chunk_size, result);
 
@@ -177,11 +190,11 @@ TEST_F(NaClIPCAdapterTest, PartialReceive) {
 
   // Read part of the first message.
   int bytes_requested = 7;
-  int bytes_read = adapter_->BlockingReceive(buf, bytes_requested);
+  int bytes_read = BlockingReceive(buf, bytes_requested);
   ASSERT_EQ(bytes_requested, bytes_read);
 
   // Read the rest, this should give us the rest of the first message only.
-  bytes_read += adapter_->BlockingReceive(&buf[bytes_requested],
+  bytes_read += BlockingReceive(&buf[bytes_requested],
                                         kBufSize - bytes_requested);
   EXPECT_EQ(sizeof(NaClIPCAdapter::NaClMessageHeader) + sizeof(int),
             static_cast<size_t>(bytes_read));
@@ -194,7 +207,7 @@ TEST_F(NaClIPCAdapterTest, PartialReceive) {
   EXPECT_EQ(type_1, output_header->type);
 
   // Read the second message to make sure we went on to it.
-  bytes_read = adapter_->BlockingReceive(buf, kBufSize);
+  bytes_read = BlockingReceive(buf, kBufSize);
   EXPECT_EQ(sizeof(NaClIPCAdapter::NaClMessageHeader) + sizeof(int),
             static_cast<size_t>(bytes_read));
   output_header =
@@ -229,14 +242,14 @@ TEST_F(NaClIPCAdapterTest, SendOverflow) {
       &buf[sizeof(NaClIPCAdapter::NaClMessageHeader)]) = value;
 
   // Send too much data and make sure that the send fails.
-  int result = adapter_->Send(buf, big_buf_size);
+  int result = Send(buf, big_buf_size);
   EXPECT_EQ(-1, result);
   message_loop_.RunAllPending();
   ASSERT_EQ(0u, sink_->message_count());
 
   // Send too much data in two chunks and make sure that the send fails.
   int first_chunk_size = 7;
-  result = adapter_->Send(buf, first_chunk_size);
+  result = Send(buf, first_chunk_size);
   EXPECT_EQ(first_chunk_size, result);
 
   // First partial send should not have made any messages.
@@ -244,7 +257,7 @@ TEST_F(NaClIPCAdapterTest, SendOverflow) {
   ASSERT_EQ(0u, sink_->message_count());
 
   int second_chunk_size = big_buf_size - first_chunk_size;
-  result = adapter_->Send(&buf[first_chunk_size], second_chunk_size);
+  result = Send(&buf[first_chunk_size], second_chunk_size);
   EXPECT_EQ(-1, result);
   message_loop_.RunAllPending();
   ASSERT_EQ(0u, sink_->message_count());
@@ -282,12 +295,12 @@ TEST_F(NaClIPCAdapterTest, ReadWithChannelError) {
   // after 1s.
   const int kBufSize = 64;
   char buf[kBufSize];
-  int result = adapter_->BlockingReceive(buf, kBufSize);
+  int result = BlockingReceive(buf, kBufSize);
   EXPECT_EQ(-1, result);
 
   // Test the "previously had an error" case. BlockingReceive should return
   // immediately if there was an error.
-  result = adapter_->BlockingReceive(buf, kBufSize);
+  result = BlockingReceive(buf, kBufSize);
   EXPECT_EQ(-1, result);
 
   thread.Join();