this patch adds the manifest proxy server to sel_ldr and the manifest

src/trusted/service_runtime/sel_ldr_standard.c

 /*
  * Copyright (c) 2011 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 /*
  * NaCl Simple/secure ELF loader (NaCl SEL).
  */
 
 #include "native_client/src/include/portability.h"
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
 #include "native_client/src/include/elf_constants.h"
 #include "native_client/src/include/nacl_elf.h"
 #include "native_client/src/include/nacl_macros.h"
 #include "native_client/src/include/win/mman.h"
 #include "native_client/src/shared/platform/nacl_check.h"
 #include "native_client/src/shared/platform/nacl_log.h"
 #include "native_client/src/shared/platform/nacl_sync_checked.h"
 #include "native_client/src/shared/platform/nacl_time.h"
+
+#include "native_client/src/trusted/manifest_name_service_proxy/manifest_proxy.h"
 #include "native_client/src/trusted/perf_counter/nacl_perf_counter.h"
 
 #include "native_client/src/trusted/service_runtime/include/sys/errno.h"
+#include "native_client/src/trusted/service_runtime/include/sys/fcntl.h"
 
 #include "native_client/src/trusted/service_runtime/arch/sel_ldr_arch.h"
 #include "native_client/src/trusted/service_runtime/elf_util.h"
 #include "native_client/src/trusted/service_runtime/nacl_app_thread.h"
 #include "native_client/src/trusted/service_runtime/nacl_closure.h"
 #include "native_client/src/trusted/service_runtime/nacl_debug_init.h"
 #include "native_client/src/trusted/service_runtime/nacl_sync_queue.h"
 #include "native_client/src/trusted/service_runtime/nacl_syscall_common.h"
 #include "native_client/src/trusted/service_runtime/nacl_text.h"
 #include "native_client/src/trusted/service_runtime/outer_sandbox.h"
 #include "native_client/src/trusted/service_runtime/sel_memory.h"
 #include "native_client/src/trusted/service_runtime/sel_ldr.h"
+#include "native_client/src/trusted/service_runtime/sel_ldr_thread_interface.h"
 #include "native_client/src/trusted/service_runtime/sel_util.h"
 #include "native_client/src/trusted/service_runtime/sel_addrspace.h"
 
 #if !defined(SIZE_T_MAX)
 # define SIZE_T_MAX     (~(size_t) 0)
 #endif
 
 
 /*
  * Fill from static_text_end to end of that page with halt
@@ skipping 465 matching lines @@
 int NaClAddrIsValidEntryPt(struct NaClApp *nap,
                            uintptr_t      addr) {
   if (0 != (addr & (nap->bundle_size - 1))) {
     return 0;
   }
 
   return addr < nap->static_text_end;
 }
 
 int NaClAppLaunchServiceThreads(struct NaClApp *nap) {
+  struct NaClManifestProxy  *manifest_proxy = NULL;
+  int                       rv;
+
   NaClNameServiceLaunch(nap->name_service);
-  return 1;
+
+  /*
+   * The locking here isn't really needed.  Here is why:
+   * reverse_channel_initialized is written in reverse_setup RPC
+   * handler of the secure command channel RPC handler thread.  and
+   * the RPC order requires that the plugin invoke reverse_setup prior
+   * to invoking start_module, so there will have been plenty of other
+   * synchronization operations to force cache coherency
+   * (module_may_start, for example, is set in the cache of the secure
+   * channel RPC handler (in start_module) and read by the main
+   * thread, and the synchronization operations needed to propagate
+   * its value properly suffices to propagate
+   * reverse_channel_initialized as well).  However, reading it while
+   * holding a lock is more obviously correct for tools like tsan.
+   * Due to the RPC order, it is impossible for
+   * reverse_channel_initialized to get set after the unlock and
+   * before the if test.
+   */
+  NaClXMutexLock(&nap->mu);
+  rv = !nap->reverse_channel_initialized;
+  NaClXMutexUnlock(&nap->mu);
+  if (rv) {
+    NaClLog(3,
+            ("NaClAppLaunchServiceThreads: no reverse channel;"
+             " NOT launching manifest proxy\n"));
+    goto done;
+  }
+
+  rv = 0;
+  /*
+   * Allocate/construct the manifest proxy without grabbing global
+   * locks.
+   */
+  NaClLog(3, "NaClAppLaunchServiceThreads: launching manifest proxy\n");
+
+  /*
+   * ReverseClientSetup RPC should be done via the command channel
+   * prior to the load_module / start_module RPCs, and
+   *  occurs after that, so checking
+   * nap->reverse_client suffices for determining whether the proxy is
+   * exporting reverse services.
+   */
+  manifest_proxy = (struct NaClManifestProxy *) malloc(sizeof *manifest_proxy);
+  if (NULL == manifest_proxy) {
+    NaClLog(LOG_ERROR, "No memory for manifest proxy\n");
+    goto manifest_proxy_alloc_failure;
+  }
+  if (!NaClManifestProxyCtor(manifest_proxy,
+                             NaClAddrSpSquattingThreadIfFactoryFunction,
+                             (void *) nap,
+                             nap)) {
+    NaClLog(LOG_ERROR, "ManifestProxyCtor failed\n");
+    goto manifest_proxy_ctor_failure;
+  }
+
+  /*
+   * NaClSimpleServiceStartServiceThread requires the nap->mu lock.
+   */
+  if (!NaClSimpleServiceStartServiceThread((struct NaClSimpleService *)
+                                           manifest_proxy)) {
+    NaClLog(LOG_ERROR, "ManifestProxy start service failed\n");
+    NaClRefCountUnref((struct NaClRefCount *) manifest_proxy);
+    manifest_proxy = NULL;
+    goto manifest_proxy_start_failed;
+  }
+
+  NaClXMutexLock(&nap->mu);
+  CHECK(NULL == nap->manifest_proxy);
+
+  nap->manifest_proxy = manifest_proxy;
+  manifest_proxy = NULL;
+
+  NaClLog(3,
+          ("NaClAppLaunchServiceThreads: adding manifest proxy to"
+           " name service\n"));
+  (*NACL_VTBL(NaClNameService, nap->name_service)->
+   CreateDescEntry)(nap->name_service,
+                    "manifest_proxy", NACL_ABI_O_RDWR,
+                    NaClDescRef(nap->manifest_proxy->base.bound_and_cap[1]));
+
+  rv = 1;
+  NaClXMutexUnlock(&nap->mu);
+
+manifest_proxy_start_failed:
+manifest_proxy_ctor_failure:
+  free(manifest_proxy);
+manifest_proxy_alloc_failure:
+done:
+  return rv;
 }
 
 /*
  * preconditions:
  * argc > 0, argc and argv table is consistent
  * envv may be NULL (this happens on MacOS/Cocoa
  * if envv is non-NULL it is 'consistent', null terminated etc.
  */
 int NaClCreateMainThread(struct NaClApp     *nap,
                          int                argc,
@@ skipping 268 matching lines @@
                                  sys_tdb,
                                  tdb_size)) {
     NaClLog(LOG_WARNING,
             ("NaClCreateAdditionalThread: could not allocate thread index."
              "  Returning EAGAIN per POSIX specs.\n"));
     free(natp);
     return -NACL_ABI_EAGAIN;
   }
   return 0;
 }