diff options
Diffstat (limited to 'components')
| -rw-r--r-- | components/components_tests.gyp | 6 | ||||
| -rw-r--r-- | components/nacl/browser/DEPS | 1 | ||||
| -rw-r--r-- | components/nacl/browser/nacl_host_message_filter.cc | 35 | ||||
| -rw-r--r-- | components/nacl/browser/nacl_process_host.cc | 24 | ||||
| -rw-r--r-- | components/nacl/browser/nacl_process_host.h | 15 | ||||
| -rw-r--r-- | components/nacl/common/nacl_host_messages.h | 2 | ||||
| -rw-r--r-- | components/nacl/common/nacl_messages.h | 2 | ||||
| -rw-r--r-- | components/nacl/common/nacl_types.cc | 20 | ||||
| -rw-r--r-- | components/nacl/common/nacl_types.h | 12 | ||||
| -rw-r--r-- | components/nacl/loader/nacl_listener.cc | 21 | ||||
| -rw-r--r-- | components/nacl/renderer/ppb_nacl_private_impl.cc | 19 |
11 files changed, 127 insertions, 30 deletions
diff --git a/components/components_tests.gyp b/components/components_tests.gyp index e655cb8..e11d730 100644 --- a/components/components_tests.gyp +++ b/components/components_tests.gyp @@ -497,6 +497,12 @@ ], }], ['disable_nacl==0', { + 'includes': [ + 'nacl/nacl_defines.gypi', + ], + 'defines': [ + '<@(nacl_defines)', + ], 'sources': [ 'nacl/browser/nacl_file_host_unittest.cc', 'nacl/browser/nacl_process_host_unittest.cc', diff --git a/components/nacl/browser/DEPS b/components/nacl/browser/DEPS index e1c944e..1381695 100644 --- a/components/nacl/browser/DEPS +++ b/components/nacl/browser/DEPS @@ -1,6 +1,7 @@ include_rules = [ "+content/public/browser", "+content/public/test", + "+native_client/src/public", "+native_client/src/shared/imc/nacl_imc_c.h", "+net", "+ppapi/host", diff --git a/components/nacl/browser/nacl_host_message_filter.cc b/components/nacl/browser/nacl_host_message_filter.cc index 0b35afc..095954e 100644 --- a/components/nacl/browser/nacl_host_message_filter.cc +++ b/components/nacl/browser/nacl_host_message_filter.cc @@ -15,6 +15,7 @@ #include "content/public/browser/render_process_host.h" #include "content/public/browser/web_contents.h" #include "ipc/ipc_platform_file.h" +#include "native_client/src/public/nacl_file_info.h" #include "net/url_request/url_request_context.h" #include "net/url_request/url_request_context_getter.h" #include "ppapi/shared_impl/ppapi_permissions.h" @@ -145,10 +146,40 @@ void NaClHostMessageFilter::LaunchNaClContinuation( const nacl::NaClLaunchParams& launch_params, IPC::Message* reply_msg, ppapi::PpapiPermissions permissions) { + NaClFileToken nexe_token = { + launch_params.nexe_token_lo, // lo + launch_params.nexe_token_hi // hi + }; + + base::PlatformFile nexe_file; +#if defined(OS_WIN) + // Duplicate the nexe file handle from the renderer process into the browser + // process. + if (!::DuplicateHandle(PeerHandle(), + launch_params.nexe_file, + base::GetCurrentProcessHandle(), + &nexe_file, + 0, // Unused, given DUPLICATE_SAME_ACCESS. + FALSE, + DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { + NaClHostMsg_LaunchNaCl::WriteReplyParams( + reply_msg, + NaClLaunchResult(), + std::string("Failed to duplicate nexe file handle")); + Send(reply_msg); + return; + } +#elif defined(OS_POSIX) + nexe_file = + IPC::PlatformFileForTransitToPlatformFile(launch_params.nexe_file); +#else +#error Unsupported platform. +#endif + NaClProcessHost* host = new NaClProcessHost( GURL(launch_params.manifest_url), - base::File( - IPC::PlatformFileForTransitToPlatformFile(launch_params.nexe_file)), + base::File(nexe_file), + nexe_token, permissions, launch_params.render_view_id, launch_params.permission_bits, diff --git a/components/nacl/browser/nacl_process_host.cc b/components/nacl/browser/nacl_process_host.cc index 0a3a0c9..4d1ed8c 100644 --- a/components/nacl/browser/nacl_process_host.cc +++ b/components/nacl/browser/nacl_process_host.cc @@ -46,6 +46,7 @@ #include "content/public/common/sandboxed_process_launcher_delegate.h" #include "ipc/ipc_channel.h" #include "ipc/ipc_switches.h" +#include "native_client/src/public/nacl_file_info.h" #include "native_client/src/shared/imc/nacl_imc_c.h" #include "net/base/net_util.h" #include "net/socket/tcp_listen_socket.h" @@ -250,6 +251,7 @@ unsigned NaClProcessHost::keepalive_throttle_interval_milliseconds_ = NaClProcessHost::NaClProcessHost(const GURL& manifest_url, base::File nexe_file, + const NaClFileToken& nexe_token, ppapi::PpapiPermissions permissions, int render_view_id, uint32 permission_bits, @@ -262,6 +264,8 @@ NaClProcessHost::NaClProcessHost(const GURL& manifest_url, const base::FilePath& profile_directory) : manifest_url_(manifest_url), nexe_file_(nexe_file.Pass()), + nexe_token_lo_(nexe_token.lo), + nexe_token_hi_(nexe_token.hi), permissions_(permissions), #if defined(OS_WIN) process_launched_by_broker_(false), @@ -820,12 +824,6 @@ bool NaClProcessHost::StartNaClExecution() { if (uses_nonsfi_mode_) { // Currently, non-SFI mode is supported only on Linux. #if defined(OS_LINUX) - // nexe_file_ still keeps the ownership at this moment, because |params| - // may just be destroyed before sending IPC is properly processed. - // Note that although we set auto_close=true for FileDescriptor's - // constructor, it is not automatically handled in its destructor as RAII. - params.nexe_file = - base::FileDescriptor(nexe_file_.GetPlatformFile(), true); // In non-SFI mode, we do not use SRPC. Make sure that the socketpair is // not created. DCHECK_EQ(internal_->socket_for_sel_ldr, NACL_INVALID_HANDLE); @@ -840,6 +838,11 @@ bool NaClProcessHost::StartNaClExecution() { params.uses_irt = uses_irt_; params.enable_dyncode_syscalls = enable_dyncode_syscalls_; + // TODO(teravest): Resolve the file tokens right now instead of making the + // loader send IPC to resolve them later. + params.nexe_token_lo = nexe_token_lo_; + params.nexe_token_hi = nexe_token_hi_; + const ChildProcessData& data = process_->GetData(); if (!ShareHandleToSelLdr(data.handle, internal_->socket_for_sel_ldr, true, @@ -891,14 +894,13 @@ bool NaClProcessHost::StartNaClExecution() { #endif } - // Here we are about to send the IPC, so release file descriptors to delegate - // the ownership to the message. - if (uses_nonsfi_mode_) { - nexe_file_.TakePlatformFile(); - } else { + if (!uses_nonsfi_mode_) { internal_->socket_for_sel_ldr = NACL_INVALID_HANDLE; } + params.nexe_file = IPC::TakeFileHandleForProcess(nexe_file_.Pass(), + process_->GetData().handle); + process_->Send(new NaClProcessMsg_Start(params)); return true; } diff --git a/components/nacl/browser/nacl_process_host.h b/components/nacl/browser/nacl_process_host.h index a5e3e52..c4de125 100644 --- a/components/nacl/browser/nacl_process_host.h +++ b/components/nacl/browser/nacl_process_host.h @@ -22,6 +22,13 @@ #include "ppapi/shared_impl/ppapi_permissions.h" #include "url/gurl.h" +// NaClFileToken here is forward declared here instead of including +// nacl_file_info.h because that file isn't safe to include for disable_nacl=1 +// builds. +// TODO(teravest): Stop building this header in disable_nacl=1 builds and +// include nacl_file_info.h instead of forward declaring NaClFileToken. +struct NaClFileToken; + namespace content { class BrowserChildProcessHost; class BrowserPpapiHost; @@ -46,6 +53,8 @@ class NaClProcessHost : public content::BrowserChildProcessHostDelegate { public: // manifest_url: the URL of the manifest of the Native Client plugin being // executed. + // nexe_file: A file that corresponds to the nexe module to be loaded. + // nexe_token: A cache validation token for nexe_file. // permissions: PPAPI permissions, to control access to private APIs. // render_view_id: RenderView routing id, to control access to private APIs. // permission_bits: controls which interfaces the NaCl plugin can use. @@ -63,6 +72,7 @@ class NaClProcessHost : public content::BrowserChildProcessHostDelegate { // profile_directory: is the path of current profile directory. NaClProcessHost(const GURL& manifest_url, base::File nexe_file, + const NaClFileToken& nexe_token, ppapi::PpapiPermissions permissions, int render_view_id, uint32 permission_bits, @@ -190,6 +200,11 @@ class NaClProcessHost : public content::BrowserChildProcessHostDelegate { GURL manifest_url_; base::File nexe_file_; + // TODO(teravest): Use NaClFileInfo here, but without breaking the + // disable_nacl=1 build. (Why is this file even built with disable_nacl=1?) + uint64_t nexe_token_lo_; + uint64_t nexe_token_hi_; + ppapi::PpapiPermissions permissions_; #if defined(OS_WIN) diff --git a/components/nacl/common/nacl_host_messages.h b/components/nacl/common/nacl_host_messages.h index a998f37..0722d9d 100644 --- a/components/nacl/common/nacl_host_messages.h +++ b/components/nacl/common/nacl_host_messages.h @@ -22,6 +22,8 @@ IPC_STRUCT_TRAITS_BEGIN(nacl::NaClLaunchParams) IPC_STRUCT_TRAITS_MEMBER(manifest_url) IPC_STRUCT_TRAITS_MEMBER(nexe_file) + IPC_STRUCT_TRAITS_MEMBER(nexe_token_lo) + IPC_STRUCT_TRAITS_MEMBER(nexe_token_hi) IPC_STRUCT_TRAITS_MEMBER(render_view_id) IPC_STRUCT_TRAITS_MEMBER(permission_bits) IPC_STRUCT_TRAITS_MEMBER(uses_irt) diff --git a/components/nacl/common/nacl_messages.h b/components/nacl/common/nacl_messages.h index a3b89e2..6d613b0 100644 --- a/components/nacl/common/nacl_messages.h +++ b/components/nacl/common/nacl_messages.h @@ -15,6 +15,8 @@ IPC_STRUCT_TRAITS_BEGIN(nacl::NaClStartParams) IPC_STRUCT_TRAITS_MEMBER(nexe_file) + IPC_STRUCT_TRAITS_MEMBER(nexe_token_lo) + IPC_STRUCT_TRAITS_MEMBER(nexe_token_hi) IPC_STRUCT_TRAITS_MEMBER(handles) IPC_STRUCT_TRAITS_MEMBER(debug_stub_server_bound_socket) IPC_STRUCT_TRAITS_MEMBER(validation_cache_enabled) diff --git a/components/nacl/common/nacl_types.cc b/components/nacl/common/nacl_types.cc index 0b096a65..f2c5951 100644 --- a/components/nacl/common/nacl_types.cc +++ b/components/nacl/common/nacl_types.cc @@ -9,6 +9,8 @@ namespace nacl { NaClStartParams::NaClStartParams() : nexe_file(IPC::InvalidPlatformFileForTransit()), + nexe_token_lo(0), + nexe_token_hi(0), validation_cache_enabled(false), enable_exception_handling(false), enable_debug_stub(false), @@ -22,6 +24,8 @@ NaClStartParams::~NaClStartParams() { NaClLaunchParams::NaClLaunchParams() : nexe_file(IPC::InvalidPlatformFileForTransit()), + nexe_token_lo(0), + nexe_token_hi(0), render_view_id(0), permission_bits(0), uses_irt(false), @@ -33,6 +37,8 @@ NaClLaunchParams::NaClLaunchParams() NaClLaunchParams::NaClLaunchParams( const std::string& manifest_url, const IPC::PlatformFileForTransit& nexe_file, + uint64_t nexe_token_lo, + uint64_t nexe_token_hi, int render_view_id, uint32 permission_bits, bool uses_irt, @@ -42,6 +48,8 @@ NaClLaunchParams::NaClLaunchParams( bool enable_crash_throttling) : manifest_url(manifest_url), nexe_file(nexe_file), + nexe_token_lo(nexe_token_lo), + nexe_token_hi(nexe_token_hi), render_view_id(render_view_id), permission_bits(permission_bits), uses_irt(uses_irt), @@ -51,18 +59,6 @@ NaClLaunchParams::NaClLaunchParams( enable_crash_throttling(enable_crash_throttling) { } -NaClLaunchParams::NaClLaunchParams(const NaClLaunchParams& l) - : manifest_url(l.manifest_url), - nexe_file(l.nexe_file), - render_view_id(l.render_view_id), - permission_bits(l.permission_bits), - uses_irt(l.uses_irt), - uses_nonsfi_mode(l.uses_nonsfi_mode), - enable_dyncode_syscalls(l.enable_dyncode_syscalls), - enable_exception_handling(l.enable_exception_handling), - enable_crash_throttling(l.enable_crash_throttling) { -} - NaClLaunchParams::~NaClLaunchParams() { } diff --git a/components/nacl/common/nacl_types.h b/components/nacl/common/nacl_types.h index e2c7793..6aea090 100644 --- a/components/nacl/common/nacl_types.h +++ b/components/nacl/common/nacl_types.h @@ -44,6 +44,8 @@ struct NaClStartParams { ~NaClStartParams(); IPC::PlatformFileForTransit nexe_file; + uint64_t nexe_token_lo; + uint64_t nexe_token_hi; std::vector<FileDescriptor> handles; FileDescriptor debug_stub_server_bound_socket; @@ -60,6 +62,7 @@ struct NaClStartParams { bool enable_ipc_proxy; bool uses_irt; bool enable_dyncode_syscalls; + // NOTE: Any new fields added here must also be added to the IPC // serialization in nacl_messages.h and (for POD fields) the constructor // in nacl_types.cc. @@ -73,6 +76,8 @@ struct NaClLaunchParams { NaClLaunchParams(); NaClLaunchParams(const std::string& manifest_url, const IPC::PlatformFileForTransit& nexe_file, + uint64_t nexe_token_lo, + uint64_t nexe_token_hi, int render_view_id, uint32 permission_bits, bool uses_irt, @@ -80,11 +85,16 @@ struct NaClLaunchParams { bool enable_dyncode_syscalls, bool enable_exception_handling, bool enable_crash_throttling); - NaClLaunchParams(const NaClLaunchParams& l); ~NaClLaunchParams(); std::string manifest_url; + // On Windows, the HANDLE passed here is valid in the renderer's context. + // It's the responsibility of the browser to duplicate this handle properly + // for passing it to the plugin. IPC::PlatformFileForTransit nexe_file; + uint64_t nexe_token_lo; + uint64_t nexe_token_hi; + int render_view_id; uint32 permission_bits; bool uses_irt; diff --git a/components/nacl/loader/nacl_listener.cc b/components/nacl/loader/nacl_listener.cc index 18588bd..516395d 100644 --- a/components/nacl/loader/nacl_listener.cc +++ b/components/nacl/loader/nacl_listener.cc @@ -5,6 +5,7 @@ #include "components/nacl/loader/nacl_listener.h" #include <errno.h> +#include <fcntl.h> #include <stdlib.h> #if defined(OS_POSIX) @@ -27,6 +28,7 @@ #include "native_client/src/public/chrome_main.h" #include "native_client/src/public/nacl_app.h" #include "native_client/src/public/nacl_file_info.h" +#include "native_client/src/trusted/service_runtime/include/sys/fcntl.h" #if defined(OS_POSIX) #include "base/file_descriptor_posix.h" @@ -37,7 +39,6 @@ #include "components/nacl/loader/nonsfi/nonsfi_main.h" #include "content/public/common/child_process_sandbox_support_linux.h" #include "native_client/src/trusted/desc/nacl_desc_io.h" -#include "native_client/src/trusted/service_runtime/include/sys/fcntl.h" #include "ppapi/nacl_irt/plugin_startup.h" #endif @@ -390,6 +391,22 @@ void NaClListener::OnStart(const nacl::NaClStartParams& params) { args->prereserved_sandbox_size = prereserved_sandbox_size_; #endif + NaClFileInfo nexe_file_info; + base::PlatformFile nexe_file = IPC::PlatformFileForTransitToPlatformFile( + params.nexe_file); +#if defined(OS_WIN) + nexe_file_info.desc = + _open_osfhandle(reinterpret_cast<intptr_t>(nexe_file), + _O_RDONLY | _O_BINARY); +#elif defined(OS_POSIX) + nexe_file_info.desc = nexe_file; +#else +#error Unsupported target platform. +#endif + nexe_file_info.file_token.lo = params.nexe_token_lo; + nexe_file_info.file_token.hi = params.nexe_token_hi; + args->nexe_desc = NaClDescIoFromFileInfo(nexe_file_info, NACL_ABI_O_RDONLY); + NaClChromeMainStartApp(nap, args); } @@ -472,6 +489,8 @@ void NaClListener::StartNonSfi(const nacl::NaClStartParams& params) { CHECK(params.handles.empty()); CHECK(params.nexe_file != IPC::InvalidPlatformFileForTransit()); + CHECK(params.nexe_token_lo == 0); + CHECK(params.nexe_token_hi == 0); nacl::nonsfi::MainStart( NaClDescIoDescFromDescAllocCtor( IPC::PlatformFileForTransitToPlatformFile(params.nexe_file), diff --git a/components/nacl/renderer/ppb_nacl_private_impl.cc b/components/nacl/renderer/ppb_nacl_private_impl.cc index 9ada43d..894f773 100644 --- a/components/nacl/renderer/ppb_nacl_private_impl.cc +++ b/components/nacl/renderer/ppb_nacl_private_impl.cc @@ -346,12 +346,25 @@ void LaunchSelLdr(PP_Instance instance, std::string error_message_string; NaClLaunchResult launch_result; - content::RendererPpapiHost* host = - content::RendererPpapiHost::GetForPPInstance(instance); + IPC::PlatformFileForTransit nexe_for_transit = + IPC::InvalidPlatformFileForTransit(); +#if defined(OS_POSIX) + if (nexe_file_info->handle != PP_kInvalidFileHandle) + nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true); +#elif defined(OS_WIN) + // Duplicate the handle on the browser side instead of the renderer. + // This is because BrokerGetFileForProcess isn't part of content/public, and + // it's simpler to do the duplication in the browser anyway. + nexe_for_transit = nexe_file_info->handle; +#else +#error Unsupported target platform. +#endif if (!sender->Send(new NaClHostMsg_LaunchNaCl( NaClLaunchParams( instance_info.url.spec(), - host->ShareHandleWithRemote(nexe_file_info->handle, true), + nexe_for_transit, + nexe_file_info->token_lo, + nexe_file_info->token_hi, routing_id, perm_bits, PP_ToBool(uses_irt), |